Rene Luria
f94dd12216
Changes made: - Remove problematic configuration-snippet from base ingress - Add namespace creation for math-tables - Configure ingress with nginx class and letsencrypt-prod issuer - Set production hostname to math-tables.cl1.parano.ch - Reduce production replicas to 1 - Update copyright year in index.html
75 lines
1.8 KiB
YAML
75 lines
1.8 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: math-exercises-app
|
|
labels:
|
|
app: math-exercises
|
|
spec:
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app: math-exercises
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: math-exercises
|
|
spec:
|
|
# Security context for the pod
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
fsGroup: 2000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containers:
|
|
- name: math-exercises
|
|
image: math-exercises:latest
|
|
ports:
|
|
- containerPort: 8000
|
|
# Security context for the container
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
# Resource limits and requests
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "250m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "500m"
|
|
# Liveness probe
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 8000
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
# Readiness probe
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 8000
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
timeoutSeconds: 3
|
|
failureThreshold: 3
|
|
# Environment variables from ConfigMap
|
|
envFrom:
|
|
- configMapRef:
|
|
name: math-exercises-config
|
|
# Volume mounts for writable directories
|
|
volumeMounts:
|
|
- name: static-volume
|
|
mountPath: /app/app/static
|
|
# Volumes
|
|
volumes:
|
|
- name: static-volume
|
|
emptyDir: {} |