apiVersion: apps/v1 kind: Deployment metadata: name: gitea-webhook-ambassador namespace: freeleaps-devops-system labels: app: gitea-webhook-ambassador component: ci-cd spec: replicas: 2 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 1 selector: matchLabels: app: gitea-webhook-ambassador template: metadata: labels: app: gitea-webhook-ambassador annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "8080" spec: containers: - name: gitea-webhook-ambassador image: freeleaps/gitea-webhook-ambassador:latest imagePullPolicy: Always ports: - name: http containerPort: 8080 protocol: TCP args: - "-config=/app/config/config.yaml" resources: requests: cpu: 50m memory: 64Mi limits: cpu: 200m memory: 256Mi livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 5 periodSeconds: 10 volumeMounts: - name: config mountPath: /app/config readOnly: true securityContext: allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 capabilities: drop: - ALL env: - name: TZ value: "UTC" - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumes: - name: config configMap: name: gitea-webhook-ambassador-config securityContext: fsGroup: 1000 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - gitea-webhook-ambassador topologyKey: kubernetes.io/hostname terminationGracePeriodSeconds: 30