apiVersion: apps/v1
kind: Deployment
metadata:
  name: llm-connect
  namespace: activity-core
  labels:
    app.kubernetes.io/name: llm-connect
    app.kubernetes.io/part-of: activity-core
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: llm-connect
  template:
    metadata:
      labels:
        app.kubernetes.io/name: llm-connect
        app.kubernetes.io/part-of: activity-core
    spec:
      containers:
        - name: llm-connect
          image: docker.io/library/llm-connect:latest
          imagePullPolicy: Never
          envFrom:
            - configMapRef:
                name: llm-connect-config
            - secretRef:
                name: llm-connect-provider-secrets
                optional: false
          ports:
            - name: http
              containerPort: 8080
          readinessProbe:
            httpGet:
              path: /health
              port: http
            periodSeconds: 10
            timeoutSeconds: 3
            failureThreshold: 3
          livenessProbe:
            httpGet:
              path: /health
              port: http
            periodSeconds: 30
            timeoutSeconds: 3
            failureThreshold: 3
          resources:
            requests:
              cpu: 50m
              memory: 128Mi
            limits:
              cpu: 500m
              memory: 512Mi
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 10001
            runAsGroup: 10001
      securityContext:
        fsGroup: 10001