apiVersion: apps/v1 kind: Deployment metadata: name: homepage namespace: homepage labels: app.kubernetes.io/name: homepage spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 0 maxSurge: 1 selector: matchLabels: app.kubernetes.io/name: homepage template: metadata: labels: app.kubernetes.io/name: homepage spec: serviceAccountName: homepage automountServiceAccountToken: true dnsPolicy: ClusterFirst enableServiceLinks: true securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 containers: - name: homepage image: "ghcr.io/gethomepage/homepage:latest" imagePullPolicy: Always securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 capabilities: drop: - ALL env: - name: HOMEPAGE_ALLOWED_HOSTS value: "sortifal.fr,localhost" ports: - name: http containerPort: 3000 protocol: TCP livenessProbe: httpGet: path: / port: http initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: / port: http initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 256Mi volumeMounts: - mountPath: /app/config name: config-writable initContainers: - name: config-setup image: "busybox:1.36" command: ['sh', '-c', 'cp -r /app/config-ro/* /app/config/ || true; chmod -R 755 /app/config; chown -R 1000:1000 /app/config'] securityContext: runAsUser: 0 volumeMounts: - mountPath: /app/config-ro name: homepage-config - mountPath: /app/config name: config-writable volumes: - name: homepage-config configMap: name: homepage-config - name: logs emptyDir: {} - name: config-writable emptyDir: {}