backend.im/smallbusinessinventorymanagementsystem-wru530
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smallbusinessinventorymanag.../kubernetes/deployment.yaml

119 lines
4.4 KiB
YAML
Raw Permalink Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: prod-pod
labels:
app: inventory-api
# Uncomment the following annotation if using Vault Agent Injector
# annotations:
# vault.hashicorp.com/agent-inject: "true"
# vault.hashicorp.com/agent-inject-status: "update"
# vault.hashicorp.com/role: "inventory-api"
# vault.hashicorp.com/agent-inject-secret-config: "secret/data/inventory-api/config"
# vault.hashicorp.com/agent-inject-template-config: |
# {{- with secret "secret/data/inventory-api/config" -}}
# export SECRET_KEY="{{ .Data.data.secret_key }}"
# export FIRST_SUPERUSER_PASSWORD="{{ .Data.data.admin_password }}"
# {{- end -}}
spec:
replicas: 1 # Use only 1 replica to minimize resource requirements
selector:
matchLabels:
app: inventory-api
strategy:
type: Recreate # Changed from RollingUpdate to Recreate to avoid running multiple pods
template:
metadata:
labels:
app: inventory-api
# Uncomment the following annotations if using Vault Agent Injector
# annotations:
# vault.hashicorp.com/agent-inject: "true"
# vault.hashicorp.com/agent-inject-status: "update"
# vault.hashicorp.com/role: "inventory-api"
# vault.hashicorp.com/agent-inject-secret-config: "secret/data/inventory-api/config"
# vault.hashicorp.com/agent-inject-template-config: |
# {{- with secret "secret/data/inventory-api/config" -}}
# export SECRET_KEY="{{ .Data.data.secret_key }}"
# export FIRST_SUPERUSER_PASSWORD="{{ .Data.data.admin_password }}"
# {{- end -}}
spec:
# If using Vault, you might need to add an initContainer to wait for Vault secrets
# initContainers:
# - name: wait-for-vault
# image: busybox
# command: ['sh', '-c', 'until [ -f /vault/secrets/config ]; do echo "Waiting for Vault secrets..."; sleep 2; done']
# volumeMounts:
# - name: vault-secrets
# mountPath: /vault/secrets
containers:
- name: app
image: ${IMAGE_REPOSITORY}:${IMAGE_TAG}
imagePullPolicy: IfNotPresent # Use existing images when possible
resources:
requests:
cpu: "10m" # Absolute minimum CPU request
memory: "64Mi" # Absolute minimum memory request
# Removed limits to allow the pod to use available resources if needed
ports:
- containerPort: 8000
name: http
env:
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: inventory-api-secrets
key: secret-key
- name: SERVER_NAME
value: "Inventory Management System"
- name: SERVER_HOST
value: "https://inventory.example.com"
- name: FIRST_SUPERUSER
value: "admin@example.com"
- name: FIRST_SUPERUSER_PASSWORD
valueFrom:
secretKeyRef:
name: inventory-api-secrets
key: admin-password
# Simplified probes to reduce load during startup
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 60 # Increased to give pod more time to start
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 5
readinessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 30 # Increased to give pod more time to start
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 5
volumeMounts:
- name: storage-volume
mountPath: /app/storage
# If using Vault, add the following volume mount
# - name: vault-secrets
# mountPath: /vault/secrets
volumes:
- name: storage-volume
# Uncomment the following if PVC fails to provision
# emptyDir: {}
persistentVolumeClaim:
claimName: inventory-api-pvc
# If using Vault, add this volume
# - name: vault-secrets
# emptyDir:
# medium: Memory
# Maximum scheduling flexibility
tolerations:
- operator: "Exists" # Tolerate all taints
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
schedulerName: default-scheduler
# No nodeSelector, no affinity to allow maximum scheduling flexibility
Reference in New Issue View Git Blame Copy Permalink