apiVersion: apps/v1
kind: Deployment
metadata:
  name: query-api
  namespace: stonks-oracle
  labels:
    app: query-api
    app.kubernetes.io/part-of: stonks-oracle
    stonks-oracle/tier: api
spec:
  replicas: 1
  selector:
    matchLabels:
      app: query-api
  template:
    metadata:
      labels:
        app: query-api
        stonks-oracle/tier: api
    spec:
      automountServiceAccountToken: false
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: query-api
          image: ghcr.io/celesrenata/stonks-oracle/query-api:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 8000
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            capabilities:
              drop: ["ALL"]
          envFrom:
            - configMapRef:
                name: stonks-config
            - secretRef:
                name: stonks-core-secrets
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 500m
              memory: 256Mi
          readinessProbe:
            httpGet:
              path: /docs
              port: 8000
            initialDelaySeconds: 5
            periodSeconds: 10
          volumeMounts:
            - name: tmp
              mountPath: /tmp
      volumes:
        - name: tmp
          emptyDir:
            sizeLimit: 10Mi
---
apiVersion: v1
kind: Service
metadata:
  name: query-api
  namespace: stonks-oracle
spec:
  selector:
    app: query-api
  ports:
    - port: 8000
      targetPort: 8000