bluejay-infra/apps-gx10/fc-php/deployment-php-waf.json

{
  "apiVersion": "apps/v1",
  "kind": "Deployment",
  "metadata": {
    "labels": {
      "app.kubernetes.io/managed-by": "flowercore",
      "app.kubernetes.io/name": "php-waf"
    },
    "name": "php-waf",
    "namespace": "fc-php"
  },
  "spec": {
    "progressDeadlineSeconds": 600,
    "replicas": 1,
    "revisionHistoryLimit": 10,
    "selector": {
      "matchLabels": {
        "app.kubernetes.io/name": "php-waf"
      }
    },
    "strategy": {
      "type": "Recreate"
    },
    "template": {
      "metadata": {
        "labels": {
          "app.kubernetes.io/name": "php-waf"
        }
      },
      "spec": {
        "containers": [
          {
            "env": [
              {
                "name": "BACKEND",
                "value": "http://php-web.fc-php.svc.cluster.local:5400"
              },
              {
                "name": "SERVER_NAME",
                "value": "php.iamworkin.lan"
              },
              {
                "name": "PORT",
                "value": "8080"
              },
              {
                "name": "PROXY_PRESERVE_HOST",
                "value": "on"
              },
              {
                "name": "PROXY_TIMEOUT",
                "value": "60s"
              },
              {
                "name": "MODSEC_RULE_ENGINE",
                "value": "On"
              },
              {
                "name": "MODSEC_AUDIT_ENGINE",
                "value": "RelevantOnly"
              },
              {
                "name": "MODSEC_AUDIT_LOG",
                "value": "/dev/stdout"
              },
              {
                "name": "MODSEC_AUDIT_LOG_TYPE",
                "value": "Serial"
              },
              {
                "name": "ALLOWED_METHODS",
                "value": "GET HEAD POST OPTIONS DELETE"
              },
              {
                "name": "LOGLEVEL",
                "value": "warn"
              },
              {
                "name": "ERRORLOG",
                "value": "/dev/stderr"
              },
              {
                "name": "ACCESSLOG",
                "value": "/dev/stdout"
              },
              {
                "name": "BLOCKING_PARANOIA",
                "value": "1"
              },
              {
                "name": "DETECTION_PARANOIA",
                "value": "1"
              },
              {
                "name": "ANOMALY_INBOUND",
                "value": "5"
              },
              {
                "name": "ANOMALY_OUTBOUND",
                "value": "4"
              }
            ],
            "image": "owasp/modsecurity-crs:4.25-nginx-alpine-lts@sha256:88b59911549723e71beabf3b4aa47bbd31b00e79401f442e65ddfc430ae46343",
            "imagePullPolicy": "IfNotPresent",
            "livenessProbe": {
              "failureThreshold": 3,
              "httpGet": {
                "httpHeaders": [
                  {
                    "name": "Host",
                    "value": "php.iamworkin.lan"
                  }
                ],
                "path": "/healthz",
                "port": 8080,
                "scheme": "HTTP"
              },
              "initialDelaySeconds": 20,
              "periodSeconds": 30,
              "successThreshold": 1,
              "timeoutSeconds": 2
            },
            "name": "php-waf",
            "ports": [
              {
                "containerPort": 8080,
                "name": "http",
                "protocol": "TCP"
              }
            ],
            "readinessProbe": {
              "failureThreshold": 3,
              "httpGet": {
                "httpHeaders": [
                  {
                    "name": "Host",
                    "value": "php.iamworkin.lan"
                  }
                ],
                "path": "/healthz",
                "port": 8080,
                "scheme": "HTTP"
              },
              "initialDelaySeconds": 10,
              "periodSeconds": 10,
              "successThreshold": 1,
              "timeoutSeconds": 2
            },
            "resources": {
              "limits": {
                "cpu": "500m",
                "memory": "512Mi"
              },
              "requests": {
                "cpu": "100m",
                "memory": "128Mi"
              }
            },
            "securityContext": {
              "allowPrivilegeEscalation": false,
              "capabilities": {
                "drop": [
                  "ALL"
                ]
              }
            },
            "terminationMessagePath": "/dev/termination-log",
            "terminationMessagePolicy": "File"
          }
        ],
        "enableServiceLinks": false,
        "restartPolicy": "Always",
        "schedulerName": "default-scheduler",
        "securityContext": {
          "fsGroup": 101,
          "runAsGroup": 101,
          "runAsNonRoot": true,
          "runAsUser": 101
        },
        "serviceAccount": "php-web",
        "serviceAccountName": "php-web",
        "terminationGracePeriodSeconds": 30
      }
    }
  }
}