apiVersion: apps/v1
kind: Deployment
metadata:
  name: hastebin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hastebin
  template:
    metadata:
      labels:
        app: hastebin
    spec:
      containers:
        - name: hastebin
          # Same image as https://github.com/seejohnrun/haste-server/blob/master/Dockerfile
          image: node:14.8.0-stretch
          command: [ "bash", "/init/init.sh" ]
          imagePullPolicy: Always
          resources:
            requests:
              cpu: 5m
              memory: 70Mi
            limits:
              cpu: 100m
              memory: 100Mi
          ports:
            - containerPort: 7777
          securityContext:
            readOnlyRootFilesystem: true
          volumeMounts:
            - name: hastebin-init-volume
              mountPath: /init
            - name: hastebin-code-volume
              mountPath: /haste-server
            - name: hastebin-npm-cache
              mountPath: /home/node/
          envFrom:
            - secretRef:
                name: hastebin-redis-password
            - configMapRef:
                name: hastebin-defaults
      volumes:
        - name: hastebin-init-volume
          configMap:
            name: hastebin-init
        - name: hastebin-code-volume
          emptyDir: {}
        - name: hastebin-npm-cache
          emptyDir: {}
      securityContext:
        fsGroup: 2000
        runAsUser: 1000
        runAsNonRoot: true