# services/veles/backend-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: veles-backend
  namespace: veles
  labels:
    app: veles-backend
spec:
  replicas: 0
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: veles-backend
  template:
    metadata:
      labels:
        app: veles-backend
    spec:
      serviceAccountName: veles-backend
      priorityClassName: veles-core
      nodeSelector:
        veles.bstein.dev/node-pool: oceanus
      tolerations:
        - key: veles.bstein.dev/simulation
          operator: Equal
          value: "true"
          effect: NoSchedule
      securityContext:
        fsGroup: 1000
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: backend
          image: registry.bstein.dev/veles/veles-backend:0.1.0-0 # {"$imagepolicy": "veles:veles-backend"}
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          envFrom:
            - configMapRef:
                name: veles-app-config
            - secretRef:
                name: veles-runtime-secrets
          resources:
            requests:
              cpu: 500m
              memory: 1Gi
            limits:
              cpu: "2"
              memory: 4Gi
          securityContext:
            runAsNonRoot: true
            runAsUser: 1000
            runAsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
          volumeMounts:
            - name: artifacts
              mountPath: /data/veles-artifacts
      volumes:
        - name: artifacts
          persistentVolumeClaim:
            claimName: veles-artifacts