deployment.yaml
3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: ecommerce
labels:
app: frontend
app.kubernetes.io/name: frontend
app.kubernetes.io/part-of: ecommerce
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: frontend
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: frontend
app.kubernetes.io/name: frontend
app.kubernetes.io/part-of: ecommerce
app.kubernetes.io/version: $(APP_VERSION)
version: $(APP_VERSION)
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "80"
prometheus.io/path: "/metrics"
spec:
containers:
- name: frontend
image: 319998871902.dkr.ecr.us-east-1.amazonaws.com/ecommerce-frontend:$(APP_VERSION)
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
protocol: TCP
env:
- name: APP_VERSION
valueFrom:
configMapKeyRef:
name: app-version-info
key: service.frontend.version
- name: APPLICATION_VERSION
valueFrom:
configMapKeyRef:
name: app-version-info
key: application.version
- name: SERVICE_DESCRIPTION
valueFrom:
configMapKeyRef:
name: app-version-info
key: service.frontend.description
- name: NODE_ENV
value: "production"
- name: PORT
value: "80"
- name: API_BASE_URL
value: "https://api.awsmpc.asia"
- name: API_GATEWAY_URL
value: "https://api.awsmpc.asia"
- name: REACT_APP_API_URL
value: "https://api.awsmpc.asia"
- name: REACT_APP_APP_NAME
value: "Ecommerce Platform"
- name: REACT_APP_VERSION
valueFrom:
configMapKeyRef:
name: app-version-info
key: service.frontend.version
- name: REACT_APP_BUILD_VERSION
value: "$(BUILD_VERSION)"
- name: REACT_APP_GIT_COMMIT
value: "$(GIT_COMMIT)"
- name: REACT_APP_ENABLE_ANALYTICS
value: "true"
- name: REACT_APP_ENABLE_DEBUG
value: "false"
- name: REACT_APP_ENABLE_PWA
value: "true"
- name: NGINX_WORKER_PROCESSES
value: "auto"
- name: NGINX_WORKER_CONNECTIONS
value: "1024"
- name: NGINX_KEEPALIVE_TIMEOUT
value: "65"
- name: CACHE_CONTROL_MAX_AGE
value: "31536000"
- name: BROWSER_CACHE_ENABLED
value: "true"
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
# 🟢 关键修改:使用 nginx 用户,没有复杂的挂载
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
readinessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
successThreshold: 1
startupProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 30
successThreshold: 1
imagePullSecrets:
- name: regcred