apiVersion: apps/v1 kind: Deployment metadata: name: health-app labels: app.kubernetes.io/name: health-app app.kubernetes.io/part-of: infinicaretech spec: replicas: 2 revisionHistoryLimit: 5 selector: matchLabels: app.kubernetes.io/name: health-app strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 0 maxSurge: 1 template: metadata: labels: app.kubernetes.io/name: health-app spec: automountServiceAccountToken: false securityContext: runAsNonRoot: true runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 seccompProfile: type: RuntimeDefault containers: - name: health-app image: 10.0.0.3:31427/gitea_admin/health-app:latest ports: - name: http containerPort: 3000 protocol: TCP env: - name: PORT value: "3000" - name: NODE_ENV value: "production" - name: JWT_SECRET value: "infinicaretech-health-app-secret-2026" - name: DB_PATH value: "/tmp/health-app/health-app.db" resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi volumeMounts: - name: tmp-data mountPath: /tmp/health-app livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 3 failureThreshold: 3 readinessProbe: httpGet: path: /ready port: http initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 2 failureThreshold: 2 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL volumes: - name: tmp-data emptyDir: {}