apiVersion: apps/v1
kind: Deployment
metadata:
  name: communitarian-app
  namespace: "{{ .namespace }}"
spec:
  replicas: 1
  selector:
    matchLabels:
      component: app
  template:
    metadata:
      labels:
        component: app
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        seccompProfile:
          type: RuntimeDefault
      containers:
      - name: communitarian-app
        image: "{{ .appImage }}"
        ports:
        - containerPort: {{ .appPort }}
          name: http
        env:
        - name: TZ
          value: "{{ .timezone }}"
        - name: API_URL
          value: "http://communitarian-api:{{ .apiPort }}"
        - name: NEXT_PUBLIC_API_URL
          value: "/api"
        resources:
          requests:
            memory: "128Mi"
            cpu: "100m"
          limits:
            memory: "512Mi"
            cpu: "500m"
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop: [ALL]
          readOnlyRootFilesystem: false