gohoarder/deployments/kubernetes/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: gohoarder
  namespace: default
  labels:
    app: gohoarder
spec:
  replicas: 2
  selector:
    matchLabels:
      app: gohoarder
  template:
    metadata:
      labels:
        app: gohoarder
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        fsGroup: 1000

      containers:
      - name: gohoarder
        image: gohoarder:latest
        imagePullPolicy: IfNotPresent

        ports:
        - name: http
          containerPort: 8080
          protocol: TCP

        env:
        - name: CONFIG_FILE
          value: /etc/gohoarder/config.yaml

        volumeMounts:
        # Configuration file
        - name: config
          mountPath: /etc/gohoarder/config.yaml
          subPath: config.yaml
          readOnly: true

        # Git credentials (pattern-based)
        - name: git-credentials
          mountPath: /etc/gohoarder/git-credentials.json
          subPath: credentials.json
          readOnly: true

        # Persistent storage for cache
        - name: cache
          mountPath: /var/lib/gohoarder/cache

        # Persistent storage for metadata database
        - name: metadata
          mountPath: /var/lib/gohoarder

        resources:
          requests:
            memory: "512Mi"
            cpu: "250m"
          limits:
            memory: "2Gi"
            cpu: "1000m"

        livenessProbe:
          httpGet:
            path: /health
            port: http
          initialDelaySeconds: 10
          periodSeconds: 30
          timeoutSeconds: 5
          failureThreshold: 3

        readinessProbe:
          httpGet:
            path: /health/ready
            port: http
          initialDelaySeconds: 5
          periodSeconds: 10
          timeoutSeconds: 3
          failureThreshold: 3

      volumes:
      # ConfigMap with application configuration
      - name: config
        configMap:
          name: gohoarder-config

      # Secret with git credentials
      - name: git-credentials
        secret:
          secretName: gohoarder-git-credentials
          defaultMode: 0400  # Read-only for owner

      # PersistentVolumeClaim for cache
      - name: cache
        persistentVolumeClaim:
          claimName: gohoarder-cache-pvc

      # PersistentVolumeClaim for metadata
      - name: metadata
        persistentVolumeClaim:
          claimName: gohoarder-metadata-pvc