---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: html-kube-tester
spec:
  replicas: 1
  template:
    spec:
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      initContainers:
      - name: content-generator
        image: quay.io/simbelmas/toolbox:stable
        command: ["html-kube-tester-init.sh"]
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop: ['ALL']
        env:
        - name: KUBE_NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        - name: CONTENT_GIT_REPO
          valueFrom:
            configMapKeyRef:
              name: html-kube-tester-config
              key: content-git-repo
        volumeMounts:
        - name: init
          mountPath: /usr/local/bin
        - name: app-data
          mountPath: /app
      containers:
      - name: html-kube-tester
        image: quay.io/simbelmas/nginx:stable
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop: ['ALL']
        volumeMounts:
        - name: app-data
          mountPath: /var/www/html
        ports:
          - containerPort: 8080
            protocol: TCP
        resources:
          requests:
            cpu: 10m
          limits:
            cpu: 40m
      volumes:
      - name: init
        configMap:
          defaultMode: 0755
          name: &html-kube-test-cm html-kube-tester-config
          items:
          - key: init.sh
            path: html-kube-tester-init.sh
      - name: app-data
        emptyDir: {}