apiVersion: apps/v1
kind: Deployment
metadata:
  name: homepage
  namespace: homepage
  labels:
    app: homepage
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: homepage
  template:
    metadata:
      labels:
        app: homepage
    spec:
      serviceAccountName: homepage
      securityContext:
        # runAsNonRoot omitted — homepage image starts as root; non-root requires PUID/PGID entrypoint setup
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: homepage
          image: ghcr.io/gethomepage/homepage:v1.10.1
          ports:
            - containerPort: 3000
              name: http
              protocol: TCP
          envFrom:
            - secretRef:
                name: homepage-credentials
          env:
            - name: HOMEPAGE_ALLOWED_HOSTS
              value: "${HOMEPAGE_HOST}"
          volumeMounts:
            - name: config
              mountPath: /app/config/settings.yaml
              subPath: settings.yaml
            - name: config
              mountPath: /app/config/services.yaml
              subPath: services.yaml
            - name: config
              mountPath: /app/config/widgets.yaml
              subPath: widgets.yaml
            - name: config
              mountPath: /app/config/bookmarks.yaml
              subPath: bookmarks.yaml
            - name: config
              mountPath: /app/config/kubernetes.yaml
              subPath: kubernetes.yaml
          livenessProbe:
            httpGet:
              port: 3000
              path: /
            initialDelaySeconds: 30
            periodSeconds: 30
          readinessProbe:
            httpGet:
              port: 3000
              path: /
            initialDelaySeconds: 10
            periodSeconds: 10
          resources:
            requests:
              cpu: 50m
              memory: 128Mi
            limits:
              memory: 256Mi
      volumes:
        - name: config
          configMap:
            name: homepage-config