apiVersion: v1
kind: Service
metadata:
  name: responsible-ai-moderation-model
  namespace: irai-toolkit-test
  labels:
    app: responsible-ai-moderation-model
spec:
  type: ClusterIP
  ports:
  - port: 8000
  selector:
    app: responsible-ai-moderation-model
---
apiVersion: apps/v1
kind: Deployment
seccompProfile:
type: "RuntimeDefault"
automountServiceAccountToken: false
metadata:
  name: responsible-ai-moderation-model
  namespace: irai-toolkit-test
  labels:
    app: responsible-ai-moderation-model
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: responsible-ai-moderation-model
      version: v1
  template:
    metadata:
      labels:
        app: responsible-ai-moderation-model
        version: v1
    spec:
      automountServiceAccountToken: false # Disable token mounting
      imagePullSecrets:
         - name: docker-secret
      containers:
        - envFrom:
          - configMapRef:
              name: privacy-config
          image: <Image Name>
          imagePullPolicy: Always
          name: responsible-ai-privacy
          ports:
            - containerPort: 8000
          securityContext:
            runAsUser: 1000  # Non-root user
            runAsGroup: 1000
            capabilities:
              drop:
                - ALL  # Drop all capabilities
            seccompProfile:
              type: RuntimeDefault
          resources:
            limits:
                #cpu: '2'
                memory: '8Gi'
                nvidia.com/gpu: 1