apiVersion: apps/v1
kind: Deployment
metadata:
  name: authelia-controller
  namespace: authelia
  labels:
    app: authelia-controller
    app.kubernetes.io/name: authelia-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: authelia-controller
  template:
    metadata:
      labels:
        app: authelia-controller
      annotations:
        kubectl.kubernetes.io/default-container: authelia-controller
    spec:
      serviceAccountName: authelia-controller
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: authelia-controller
          image: '{{ index .images "authelia-controller" }}'
          imagePullPolicy: IfNotPresent
          resources:
            limits:
              cpu: 200m
              memory: 256Mi
            requests:
              cpu: 50m
              memory: 100Mi
          env:
            - name: RUST_LOG
              value: info,authelia_controller=debug
          securityContext:
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            capabilities:
              drop:
                - ALL