apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend-app-syifa
  namespace: intern-workspace
spec:
  replicas: 1
  selector:
    matchLabels:
      app: backend-datasiswa
  template:
    metadata:
      labels:
        app: backend-datasiswa
    spec:
      serviceAccountName: backend-sa-syifa
      securityContext:
        runAsUser: 1000
        runAsGroup: 3000
        fsGroup: 2000
      containers:
        - name: backend
          image: syifamaulidya/backend-app:v4
          ports:
            - containerPort: 5000
          envFrom:
            - configMapRef:
                name: backend-config-syifa
            - secretRef:
                name: backend-secret-syifa
          resources:
            requests:
              memory: "256Mi"
              cpu: "250m"
            limits:
              memory: "512Mi"
              cpu: "500m"
          readinessProbe:
            httpGet:
              path: /api/health
              port: 5000
            initialDelaySeconds: 60
            timeoutSeconds: 10
            periodSeconds: 5
          livenessProbe:
            httpGet:
              path: /api/health
              port: 5000
            initialDelaySeconds: 60
            timeoutSeconds: 5
            periodSeconds: 10
          securityContext:
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            readOnlyRootFilesystem: false
---
apiVersion: v1
kind: Service
metadata:
  name: backend-app-syifa
  namespace: intern-workspace
spec:
  type: ClusterIP
  selector:
    app: backend-datasiswa
  ports:
    - port: 5000
      targetPort: 5000