---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: richie
  labels:
    app.kubernetes.io/name: richie
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: richie
  template:
    metadata:
      labels:
        app.kubernetes.io/name: richie
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
      containers:
        - name: richie
          image: {{ RICHIE_DOCKER_IMAGE }}
          ports:
            - containerPort: 8000
          volumeMounts:
            - mountPath: /app/richie/sandbox/tutor.py
              name: settings
              subPath: tutor.py
          envFrom:
            - secretRef:
                name: richie-env
          securityContext:
            allowPrivilegeEscalation: false
      volumes:
        - name: settings
          configMap:
            name: richie-settings
