---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: goldilocks-dashboard
  labels:
    app.kubernetes.io/name: goldilocks
    app.kubernetes.io/component: dashboard
spec:
  replicas: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: goldilocks
      app.kubernetes.io/component: dashboard
  template:
    metadata:
      labels:
        app.kubernetes.io/name: goldilocks
        app.kubernetes.io/component: dashboard
      annotations:
        openshift.io/scc: restricted-v2
    spec:
      serviceAccountName: goldilocks-dashboard
      containers:
        - name: goldilocks
          image: "quay.io/pfeifferj/goldilocks:latest"
          imagePullPolicy: Always
          command:
            - /goldilocks
            - dashboard
            - --exclude-containers=linkerd-proxy,istio-proxy
            - -v3
          securityContext:
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            capabilities:
              drop:
                - ALL
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          resources:
            requests:
              cpu: 25m
              memory: 32Mi
            limits:
              cpu: 50m
              memory: 128Mi
          livenessProbe:
            httpGet:
              path: /health
              port: http
          readinessProbe:
            httpGet:
              path: /health
              port: http