apiVersion: apps/v1
kind: Deployment
metadata:
  name: cluster-sample-app
  labels:
    app: cluster-sample-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cluster-sample-app
  template:
    metadata:
      labels:
        app: cluster-sample-app
    spec:
      securityContext:
        runAsUser: 10000
        runAsGroup: 30000
        fsGroup: 20000
        runAsNonRoot: true
      containers:
        - name: cluster-sample-app
          image:  ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/cluster-sample-app:${IMAGE_TAG}
          securityContext:
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
            seccompProfile:
              type: RuntimeDefault
          resources:
            requests:
              memory: "100Mi"
              cpu: "125m"
            limits:
              memory: "200Mi"
              cpu: "250m"