apiVersion: apps/v1 kind: Deployment metadata: name: samba-api namespace: samba-api labels: app: samba-api version: v1 spec: replicas: 3 selector: matchLabels: app: samba-api version: v1 template: metadata: labels: app: samba-api version: v1 spec: containers: - name: samba-api image: samba-api:latest imagePullPolicy: IfNotPresent ports: - containerPort: 8000 name: http protocol: TCP env: - name: HOST valueFrom: configMapKeyRef: name: samba-api-config key: HOST - name: PORT valueFrom: configMapKeyRef: name: samba-api-config key: PORT - name: DEBUG valueFrom: configMapKeyRef: name: samba-api-config key: DEBUG - name: SECRET_KEY valueFrom: secretKeyRef: name: samba-api-secrets key: SECRET_KEY - name: ACCESS_TOKEN_EXPIRE_MINUTES valueFrom: configMapKeyRef: name: samba-api-config key: ACCESS_TOKEN_EXPIRE_MINUTES - name: ALGORITHM valueFrom: configMapKeyRef: name: samba-api-config key: ALGORITHM - name: ALLOWED_HOSTS valueFrom: configMapKeyRef: name: samba-api-config key: ALLOWED_HOSTS - name: SAMBA_DOMAIN valueFrom: configMapKeyRef: name: samba-api-config key: SAMBA_DOMAIN - name: SAMBA_DC valueFrom: configMapKeyRef: name: samba-api-config key: SAMBA_DC - name: SAMBA_ADMIN_USER valueFrom: configMapKeyRef: name: samba-api-config key: SAMBA_ADMIN_USER - name: SAMBA_ADMIN_PASSWORD valueFrom: secretKeyRef: name: samba-api-secrets key: SAMBA_ADMIN_PASSWORD - name: SAMBA_BASE_DN valueFrom: configMapKeyRef: name: samba-api-config key: SAMBA_BASE_DN - name: LDAP_SERVER valueFrom: configMapKeyRef: name: samba-api-config key: LDAP_SERVER - name: LDAP_USE_SSL valueFrom: configMapKeyRef: name: samba-api-config key: LDAP_USE_SSL - name: LDAP_BIND_DN valueFrom: configMapKeyRef: name: samba-api-config key: LDAP_BIND_DN - name: LDAP_BIND_PASSWORD valueFrom: secretKeyRef: name: samba-api-secrets key: LDAP_BIND_PASSWORD - name: LOG_LEVEL valueFrom: configMapKeyRef: name: samba-api-config key: LOG_LEVEL livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /health port: http initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 3 resources: requests: memory: "256Mi" cpu: "250m" limits: memory: "512Mi" cpu: "500m" securityContext: allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 readOnlyRootFilesystem: true capabilities: drop: - ALL volumeMounts: - name: tmp mountPath: /tmp - name: logs mountPath: /app/logs volumes: - name: tmp emptyDir: {} - name: logs emptyDir: {} securityContext: fsGroup: 1000 restartPolicy: Always