apiVersion: apps/v1
kind: Deployment
metadata:
  name: catalyst-ui
  labels:
    app.kubernetes.io/name: catalyst-ui
    app.kubernetes.io/component: frontend
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: catalyst-ui
  template:
    metadata:
      labels:
        app.kubernetes.io/name: catalyst-ui
    spec:
      imagePullSecrets:
        - name: ghcr-pull
      containers:
        - name: catalyst-ui
          # Literal image ref — required for the contabo-mkt Kustomize
          # path (kustomize-controller doesn't render Helm templates).
          # Auto-bumped by .github/workflows/catalyst-build.yaml's deploy
          # step on every push to main, so Sovereigns AND contabo both
          # roll to the latest catalyst-ui SHA.
          image: "ghcr.io/openova-io/openova/catalyst-ui:a75463f"
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 8080
              protocol: TCP
          resources:
            requests:
              cpu: 10m
              memory: 32Mi
            limits:
              cpu: 100m
              memory: 64Mi
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 10
          readinessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 3
            periodSeconds: 5
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: false
            runAsNonRoot: true
            runAsUser: 1001