irc/znc/statefulset.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: znc
  labels:
    app.kubernetes.io/name: znc
    app.kubernetes.io/instance: znc
  annotations:
    polaris.fairwinds.com/tagNotSpecified-exempt: "true"
    polaris.fairwinds.com/topologySpreadConstraint-exempt: "true"
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: znc
      app.kubernetes.io/instance: znc
  serviceName: "znc"
  replicas: 1
  template:
    metadata:
      labels:
        app.kubernetes.io/name: znc
        app.kubernetes.io/instance: znc
    spec:
      priorityClassName: low-priority
      automountServiceAccountToken: false
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: znc
          image: lscr.io/linuxserver/znc:latest

          ports:
            - containerPort: 6501
              name: irc-6501

          securityContext:
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            runAsUser: 1000
            runAsGroup: 1000
            capabilities:
              drop:
                - ALL
            seccompProfile:
              type: RuntimeDefault

          volumeMounts:
            - name: config
              mountPath: "/app/config"

          resources:
            requests:
              memory: "256Mi"
              cpu: "100m"
              ephemeral-storage: "1Gi"
            limits:
              memory: "512Mi"
              cpu: "500m"
              ephemeral-storage: "2Gi"

          livenessProbe:
            tcpSocket:
              port: 6501
            initialDelaySeconds: 30
            periodSeconds: 10
            timeoutSeconds: 2
            failureThreshold: 3

          readinessProbe:
            tcpSocket:
              port: 6501
            initialDelaySeconds: 10
            periodSeconds: 5
            timeoutSeconds: 2
            failureThreshold: 3

  volumeClaimTemplates:
    - metadata:
        name: config
      spec:
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 4Gi