apiVersion: apps/v1
kind: Deployment
metadata:
  name: pixels
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pixels
  template:
    metadata:
      labels:
        app: pixels
    spec:
      containers:
        - name: pixels
          image: ghcr.io/python-discord/pixels:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 8000
          envFrom:
            - secretRef:
                name: pixels-env
          startupProbe:
            httpGet:
              path: /health
              port: 8000
              httpHeaders:
                - name: Host
                  value: pixels.pythondiscord.com
            failureThreshold: 15
            periodSeconds: 2
            timeoutSeconds: 5
            initialDelaySeconds: 10
          securityContext:
            readOnlyRootFilesystem: true
      imagePullSecrets:
        - name: ghcr-pull-secret
      securityContext:
        fsGroup: 2000
        runAsUser: 1000
        runAsNonRoot: true