apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      name: nginx
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
      - name: nginx
        image: docker.io/nginxinc/nginx-unprivileged:1.23-alpine
        ports:
        - containerPort: 8080
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 15
          successThreshold: 1
          timeoutSeconds: 5
        securityContext:
          capabilities:
            drop: [ALL]
          readOnlyRootFilesystem: false
          runAsNonRoot: true
          allowPrivilegeEscalation: false
      terminationGracePeriodSeconds: 30