apiVersion: apps/v1 kind: Deployment metadata: name: king-arthur namespace: bots spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: king-arthur template: metadata: labels: app: king-arthur spec: serviceAccountName: king-arthur containers: - name: king-arthur image: ghcr.io/python-discord/king-arthur:latest imagePullPolicy: Always resources: requests: cpu: 600m memory: 500Mi limits: cpu: 800m memory: 800Mi envFrom: - secretRef: name: king-arthur-env securityContext: readOnlyRootFilesystem: true volumeMounts: - name: tmpfs mountPath: /tmp - name: ipa-ca-cert mountPath: /opt/ipa securityContext: fsGroup: 2000 runAsUser: 1000 runAsNonRoot: true volumes: - name: tmpfs emptyDir: medium: Memory - name: ipa-ca-cert configMap: name: ipa-ca-configmap