apiVersion: apps/v1
kind: Deployment
metadata:
  name: memcached
spec:
  replicas: 1
  revisionHistoryLimit: 2
  serviceName: memcached
  selector:
    matchLabels:
      app: memcached
  template:
    metadata:
      labels:
        app: memcached
    spec:
      securityContext:
        runAsNonRoot: true
      containers:
        - image: "memcached:1.6-alpine"
          imagePullPolicy: IfNotPresent
          args: ["-m", "1024"]
          name: memcached
          ports:
            - name: memcached
              containerPort: 11211
              protocol: TCP
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            # memcached image sets up uid/gid 11211
            runAsUser: 11211
            runAsGroup: 11211
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
---
apiVersion: v1
kind: Service
metadata:
  name: memcached
spec:
  type: ClusterIP
  ports:
    - port: 11211
      targetPort: memcached
      protocol: TCP
      name: memcached
  selector:
    app: memcached