apiVersion: apps/v1
kind: Deployment
metadata:
  name: hexound
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hexound
  template:
    metadata:
      labels:
        app: hexound
    spec:
      volumes:
        - name: hexound-repo
          emptyDir: {}
        - name: tmp-dir
          emptyDir: {}
        - name: run-dir
          emptyDir: {}
        - name: nginx-logs
          emptyDir: {}
      initContainers:
        - name: git-cloner
          image: alpine/git
          command:
            - git
            - clone
            - --depth=1
            - https://github.com/house-of-vanity/hexound.ru.git
            - /repo
          volumeMounts:
            - name: hexound-repo
              mountPath: /repo
      containers:
        - name: hexound
          image: trafex/php-nginx:3.8.0
          volumeMounts:
            - name: hexound-repo
              mountPath: /var/www/html
              readOnly: true
            - name: tmp-dir
              mountPath: /tmp
            - name: run-dir
              mountPath: /run
            - name: nginx-logs
              mountPath: /var/lib/nginx/logs
          securityContext:
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            runAsUser: 101
            runAsGroup: 101
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP