apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend-deployment
  namespace: intern-workspace
  labels:
    app: employee-backend
spec:
  replicas: 1
  selector:
    matchLabels:
      app: employee-backend
  template:
    metadata:
      labels:
        app: employee-backend
    spec:
      serviceAccountName: backend-sa
      securityContext:
        runAsUser: 1000
        runAsGroup: 3000
        fsGroup: 2000
      containers:
        - name: employee-backend
          image: docker.io/adelyao/employee-be:test
          imagePullPolicy: Always
          ports:
            - containerPort: 4000
          envFrom:
            - configMapRef:
                name: app-config
            - secretRef:
                name: db-secret
          readinessProbe:
            httpGet:
              path: /api/health
              port: 4000
            initialDelaySeconds: 15
            periodSeconds: 5
          livenessProbe:
            httpGet:
              path: /api/health
              port: 4000
            initialDelaySeconds: 15
            periodSeconds: 5
          resources:
            requests:
              memory: "64Mi"
              cpu: "100m"
            limits:
              memory: "128Mi"
              cpu: "200m"
          securityContext:
            runAsNonRoot: true
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
---
apiVersion: v1
kind: Service
metadata:
  name: backend-service
  namespace: intern-workspace
  labels:
    app: employee-backend
spec:
  type: ClusterIP
  ports:
    - port: 4000
      targetPort: 4000
      protocol: TCP
  selector:
    app: employee-backend
  template:
    spec:
      containers:
        - image: docker.io/adelyao/employee-be:test