Created
May 30, 2023 04:23
-
-
Save pichuang/6603ae778d10de836092309920b57459 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
spec: | |
selector: | |
matchLabels: | |
app: night9-app | |
component: night9-app | |
node-type: worker | |
progressDeadlineSeconds: 600 | |
replicas: 2 | |
revisionHistoryLimit: 0 | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: night9-app | |
component: night9-app | |
node-type: worker | |
spec: | |
name: deployment-night9 | |
automountServiceAccountToken: false | |
# Containers | |
containers: | |
- name: container-night9 | |
env: | |
- name: M2EE_ADMIN_LISTEN_ADDRESSES | |
value: 127.0.0.1 | |
- name: M2EE_ADMIN_PORT | |
value: "9000" | |
- name: M2EE_ADMIN_PASS | |
valueFrom: | |
secretKeyRef: | |
key: adminpassword | |
name: night9-app-m2ee | |
image: night9.acr.io:443/core/night9-app | |
imagePullPolicy: Always | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
resources: | |
limits: | |
cpu: 1 | |
memory: 512Mi | |
ephemeral-storage: 100Mi | |
requests: | |
cpu: 100m | |
memory: 512Mi | |
ephemeral-storage: 50Mi | |
securityContext: | |
readOnlyRootFilesystem: true | |
runAsUser: 10001 | |
runAsGroup: 10001 | |
fsGroup: 1000 | |
# Pod Affinity | |
affinity: | |
podAntiAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
- topologyKey: kubernetes.io/hostname | |
labelSelector: | |
matchLabels: | |
app: night9-app | |
component: night9-app | |
node-type: worker | |
# HealthCheck | |
livenessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: / | |
port: night9-app | |
scheme: HTTP | |
initialDelaySeconds: 60 | |
periodSeconds: 15 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: / | |
port: night9-app | |
scheme: HTTP | |
initialDelaySeconds: 5 | |
periodSeconds: 1 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
startupProbe: | |
httpGet: | |
path: / | |
port: night9-app | |
scheme: HTTP | |
timeoutSeconds: 1 | |
periodSeconds: 25 | |
successThreshold: 1 | |
failureThreshold: 4 | |
# Graceful Termination | |
terminationGracePeriodSeconds: 300 | |
--- | |
apiVersion: policy/v1beta1 | |
kind: PodDisruptionBudget | |
metadata: | |
name: pdb-night9-app | |
spec: | |
minAvailable: 2 | |
selector: | |
matchLabels: | |
app: night9-app | |
component: night9-app | |
node-type: worker | |
--- | |
kind: NetworkPolicy | |
apiVersion: networking.k8s.io/v1 | |
metadata: | |
name: allow-all | |
spec: | |
podSelector: | |
matchLabels: | |
app: night9-app | |
component: night9-app | |
node-type: worker | |
# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/02a-allow-all-traffic-to-an-application.md | |
ingress: | |
- {} | |
egress: | |
- {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://gist.github.com/pichuang/6603ae778d10de836092309920b57459#file-deployment-sample-yml-L41-L49
可參考 如何科學地估算 Kubernetes 所需的資源? App 角度篇