Skip to content

Instantly share code, notes, and snippets.

@pichuang
Created May 30, 2023 04:23
Show Gist options
  • Save pichuang/6603ae778d10de836092309920b57459 to your computer and use it in GitHub Desktop.
Save pichuang/6603ae778d10de836092309920b57459 to your computer and use it in GitHub Desktop.
---
apiVersion: apps/v1
kind: Deployment
spec:
selector:
matchLabels:
app: night9-app
component: night9-app
node-type: worker
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 0
template:
metadata:
creationTimestamp: null
labels:
app: night9-app
component: night9-app
node-type: worker
spec:
name: deployment-night9
automountServiceAccountToken: false
# Containers
containers:
- name: container-night9
env:
- name: M2EE_ADMIN_LISTEN_ADDRESSES
value: 127.0.0.1
- name: M2EE_ADMIN_PORT
value: "9000"
- name: M2EE_ADMIN_PASS
valueFrom:
secretKeyRef:
key: adminpassword
name: night9-app-m2ee
image: night9.acr.io:443/core/night9-app
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
cpu: 1
memory: 512Mi
ephemeral-storage: 100Mi
requests:
cpu: 100m
memory: 512Mi
ephemeral-storage: 50Mi
securityContext:
readOnlyRootFilesystem: true
runAsUser: 10001
runAsGroup: 10001
fsGroup: 1000
# Pod Affinity
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app: night9-app
component: night9-app
node-type: worker
# HealthCheck
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: night9-app
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /
port: night9-app
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 1
startupProbe:
httpGet:
path: /
port: night9-app
scheme: HTTP
timeoutSeconds: 1
periodSeconds: 25
successThreshold: 1
failureThreshold: 4
# Graceful Termination
terminationGracePeriodSeconds: 300
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: pdb-night9-app
spec:
minAvailable: 2
selector:
matchLabels:
app: night9-app
component: night9-app
node-type: worker
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: allow-all
spec:
podSelector:
matchLabels:
app: night9-app
component: night9-app
node-type: worker
# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/02a-allow-all-traffic-to-an-application.md
ingress:
- {}
egress:
- {}