apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: false
metadata:
  name: memcached
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: memcached
  labels:
    app: memcached
spec:
  revisionHistoryLimit: 0
  serviceName: memcached
  selector:
    matchLabels:
      app: memcached
  replicas: 1
  template:
    metadata:
      labels:
        app: memcached
    spec:
      securityContext:
        fsGroup: 1001
      affinity:
        podAffinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app: memcached
                topologyKey: kubernetes.io/hostname
              weight: 1
      serviceAccountName: memcached
      containers:
        - name: memcached
          image: memcached:1-alpine
          securityContext:
            runAsUser: 1001
            readOnlyRootFilesystem: true
            runAsNonRoot: true
          livenessProbe:
            tcpSocket:
              port: 11211
            initialDelaySeconds: 30
            timeoutSeconds: 5
            failureThreshold: 6
          readinessProbe:
            tcpSocket:
              port: 11211
            initialDelaySeconds: 5
            timeoutSeconds: 3
            periodSeconds: 5
          resources:
            limits: {}
            requests:
              cpu: 250m
              memory: 256Mi
          volumeMounts:
            - name: tmp
              mountPath: /tmp
      volumes:
        - name: tmp
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: memcached
  labels:
    app: memcached
spec:
  type: ClusterIP
  ports:
    - name: memcache
      port: 11211
  selector:
    app: memcached