# Kubernetes Deployment for the MerchantsOfHope application apiVersion: apps/v1 kind: Deployment metadata: name: merchants-of-hope-app labels: app: merchants-of-hope spec: replicas: 3 selector: matchLabels: app: merchants-of-hope template: metadata: labels: app: merchants-of-hope spec: containers: - name: app image: qwen/python-merchants_of_hope:latest ports: - containerPort: 21000 env: - name: DATABASE_URL valueFrom: secretKeyRef: name: merchants-of-hope-secrets key: database-url - name: SECRET_KEY valueFrom: secretKeyRef: name: merchants-of-hope-secrets key: secret-key - name: OIDC_ISSUER valueFrom: secretKeyRef: name: merchants-of-hope-secrets key: oidc-issuer - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: merchants-of-hope-secrets key: oidc-client-id - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: merchants-of-hope-secrets key: oidc-client-secret - name: OIDC_REDIRECT_URI value: "http://merchants-of-hope.org/auth/oidc-callback" - name: DEBUG value: "false" resources: requests: memory: "256Mi" cpu: "250m" limits: memory: "512Mi" cpu: "500m" livenessProbe: httpGet: path: /health port: 21000 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /health port: 21000 initialDelaySeconds: 5 periodSeconds: 5 securityContext: runAsNonRoot: true runAsUser: 1000 allowPrivilegeEscalation: false readOnlyRootFilesystem: false capabilities: drop: - ALL