apiVersion: apps/v1
kind: Deployment
metadata:
  name: model-registry-db
  labels:
    component: db
spec:
  selector:
    matchLabels:
      component: db
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      name: db
      labels:
        component: db
        sidecar.istio.io/inject: "false"
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
        runAsNonRoot: true
      containers:
      - name: db-container
        image: mysql:8.3.0
        args:
        - --datadir
        - /var/lib/mysql/datadir
        - --default-authentication-plugin=mysql_native_password
        envFrom:
        - configMapRef:
            name: model-registry-db-parameters
        - secretRef:
            name: model-registry-db-secrets
        ports:
        - name: dbapi
          containerPort: 3306
        readinessProbe:
          exec:
            command:
            - "/bin/bash"
            - "-c"
            - "mysql -D $$MYSQL_DATABASE -u$$MYSQL_USER_NAME -p$$MYSQL_ROOT_PASSWORD -e 'SELECT 1'"
          initialDelaySeconds: 5
          periodSeconds: 2
          timeoutSeconds: 1
        volumeMounts:
        - name: metadata-mysql
          mountPath: /var/lib/mysql
        securityContext:
          runAsUser: 999
          runAsGroup: 999
          allowPrivilegeEscalation: false
          capabilities:
            drop:
              - ALL
      volumes:
      - name: metadata-mysql
        persistentVolumeClaim:
          claimName: metadata-mysql