apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    linkerd.io/inject: enabled
  labels:
    name: LABEL
  name: RESOURCE_NAME
  namespace: production
spec:
  replicas: 1
  selector:
    matchLabels:
      app: RESOURCE_NAME
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  template:
    metadata:
      annotations:
        linkerd.io/inject: enabled
      labels:
        app: RESOURCE_NAME
    spec:
      containers:
      - image: REPOSITORY/IMAGE
        name: RESOURCE_NAME
        env:
          - name: KUBERNETES_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: CONTAINER_CORE_LIMIT
            valueFrom:
              resourceFieldRef:
                resource: limits.cpu
          - name: CONTAINER_MAX_MEMORY
            valueFrom:
              resourceFieldRef:
                resource: limits.memory
        ports:
        - containerPort: 9090
          name: RESOURCE_NAME
        livenessProbe:
          httpGet:
            path: /health
            port: 9091
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 1
          successThreshold: 1
          failureThreshold: 1
        readinessProbe:
          httpGet:
            port: 9091
            path: /readiness
          initialDelaySeconds: 30
          periodSeconds: 5
          timeoutSeconds: 1
          successThreshold: 1
          failureThreshold: 1
        imagePullPolicy: Always
        resources:
          requests:
            cpu: 64m
            memory: 64Mi
          limits:
            cpu: 100m
            memory: 64Mi
        securityContext:
          capabilities:
            add:
              - NET_ADMIN
              - NET_RAW
      restartPolicy: Always
      imagePullSecrets:
        - name: registry-cryptosky-image-registry