--- apiVersion: apps/v1 kind: Deployment metadata: name: pingsafe-tunnel namespace: default labels: version: v1.0.0 app: pingsafe-tunnel spec: replicas: 1 selector: matchLabels: app: pingsafe-tunnel template: metadata: labels: app: pingsafe-tunnel spec: dnsPolicy: ClusterFirst restartPolicy: Always terminationGracePeriodSeconds: 30 containers: - name: pingsafe-tunnel image: public.ecr.aws/o1d0v7j2/pingsafe-public-tunnel:release imagePullPolicy: Always securityContext: runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 10001 runAsGroup: 10002 capabilities: drop: ["ALL"] seccompProfile: type: RuntimeDefault ports: - containerPort: 3333 protocol: TCP resources: requests: memory: "200Mi" cpu: "100m" limits: memory: "1Gi" cpu: "1000m" envFrom: - secretRef: name: pingsafe-tunnel-secret