deployment.yaml
4.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: ecommerce
labels:
app: frontend
version: v1.0.0
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: frontend
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: frontend
version: v1.0.0
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "80"
prometheus.io/path: "/metrics"
spec:
# Affinity rules for better distribution
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- frontend
topologyKey: kubernetes.io/hostname
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: node-type
operator: In
values:
- frontend
containers:
- name: frontend
image: your-registry/frontend:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: http
protocol: TCP
env:
- name: NODE_ENV
value: "production"
- name: API_BASE_URL
value: "https://api.yourdomain.com"
- name: APP_VERSION
value: "v1.0.0"
- name: PORT
value: "80"
# Environment variables from ConfigMap
- name: REACT_APP_API_URL
valueFrom:
configMapKeyRef:
name: frontend-config
key: API_URL
- name: REACT_APP_APP_NAME
valueFrom:
configMapKeyRef:
name: frontend-config
key: APP_NAME
# Resource limits
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
# Volume mounts for configuration
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx.conf
- name: environment-config
mountPath: /usr/share/nginx/html/env.js
subPath: environment.js
# Liveness probe - indicates if container is running
livenessProbe:
httpGet:
path: /health
port: 80
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
# Readiness probe - indicates if container is ready to serve traffic
readinessProbe:
httpGet:
path: /health
port: 80
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
successThreshold: 1
# Startup probe - for slow starting containers
startupProbe:
httpGet:
path: /health
port: 80
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 30
successThreshold: 1
# Security context
securityContext:
runAsNonRoot: true
runAsUser: 101 # nginx user
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
# Volumes definition
volumes:
- name: nginx-config
configMap:
name: frontend-config
items:
- key: nginx.conf
path: nginx.conf
- name: environment-config
configMap:
name: frontend-config
items:
- key: environment.js
path: env.js
# Security context for the pod
securityContext:
runAsNonRoot: true
runAsUser: 101
fsGroup: 101
# Image pull secrets if using private registry
imagePullSecrets:
- name: regcred