x95castle1/01-overlay.yaml

## 01-overlay.yaml
#@ load("@ytt:overlay", "overlay")

#@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"name":"server"}}), expects="1+"
---
spec:
  #@overlay/replace via=lambda left, _: left
  replicas:
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: tap-gui-pdb
  namespace: metadata
spec:
  minAvailable: 60%
  selector:
    matchLabels:
      app: backstage

## 02-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: server
  namespace: tap-gui
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: backstage
      component: backstage-server
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: backstage
        component: backstage-server
    spec:
      containers:
      - args:
        - -c
        - |
          export KUBERNETES_SERVICE_ACCOUNT_TOKEN="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
          exec node packages/backend   \
            --config=app-config.yaml \
            --config=/etc/app-config/app-config.yaml
        command:
        - bash
        env:
        - name: NODE_OPTIONS
        - name: METADATA_STORE_ACCESS_TOKEN
          valueFrom:
            secretKeyRef:
              key: token
              name: metadata-store-access-token
        - name: AMR_ACCESS_TOKEN
          valueFrom:
            secretKeyRef:
              key: token
              name: amr-access-token
        image: cxscssa.azurecr.io/tap-1.11.1-rc.5/tap-packages@sha256:530da0d1f194cb78c45a5992a0c6b8d7e5e5c096d215dbfdfb9d17e1737603dc
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 6
          httpGet:
            path: /
            port: 7000
            scheme: HTTP
          initialDelaySeconds: 3
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 3
        name: backstage
        ports:
        - containerPort: 7000
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /
            port: 7000
            scheme: HTTP
          initialDelaySeconds: 3
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 3
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
        startupProbe:
          failureThreshold: 30
          httpGet:
            path: /
            port: 7000
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 3
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /etc/app-config
          name: app-config
          readOnly: true
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: private-registry-credentials
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        runAsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000
        seccompProfile:
          type: RuntimeDefault
      serviceAccount: tap-gui
      serviceAccountName: tap-gui
      terminationGracePeriodSeconds: 30
      volumes:
      - name: app-config
        secret:
          defaultMode: 420
          secretName: app-config-ver-8
	#@ load("@ytt:overlay", "overlay")

	#@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"name":"server"}}), expects="1+"
	---
	spec:
	#@overlay/replace via=lambda left, _: left
	replicas:
	---
	apiVersion: policy/v1
	kind: PodDisruptionBudget
	metadata:
	name: tap-gui-pdb
	namespace: metadata
	spec:
	minAvailable: 60%
	selector:
	matchLabels:
	app: backstage
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: server
	namespace: tap-gui
	spec:
	progressDeadlineSeconds: 600
	replicas: 1
	revisionHistoryLimit: 10
	selector:
	matchLabels:
	app: backstage
	component: backstage-server
	strategy:
	rollingUpdate:
	maxSurge: 25%
	maxUnavailable: 25%
	type: RollingUpdate
	template:
	metadata:
	labels:
	app: backstage
	component: backstage-server
	spec:
	containers:
	- args:
	- -c
	- \|
	export KUBERNETES_SERVICE_ACCOUNT_TOKEN="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
	exec node packages/backend \
	--config=app-config.yaml \
	--config=/etc/app-config/app-config.yaml
	command:
	- bash
	env:
	- name: NODE_OPTIONS
	- name: METADATA_STORE_ACCESS_TOKEN
	valueFrom:
	secretKeyRef:
	key: token
	name: metadata-store-access-token
	- name: AMR_ACCESS_TOKEN
	valueFrom:
	secretKeyRef:
	key: token
	name: amr-access-token
	image: cxscssa.azurecr.io/tap-1.11.1-rc.5/tap-packages@sha256:530da0d1f194cb78c45a5992a0c6b8d7e5e5c096d215dbfdfb9d17e1737603dc
	imagePullPolicy: IfNotPresent
	livenessProbe:
	failureThreshold: 6
	httpGet:
	path: /
	port: 7000
	scheme: HTTP
	initialDelaySeconds: 3
	periodSeconds: 10
	successThreshold: 1
	timeoutSeconds: 3
	name: backstage
	ports:
	- containerPort: 7000
	protocol: TCP
	readinessProbe:
	failureThreshold: 3
	httpGet:
	path: /
	port: 7000
	scheme: HTTP
	initialDelaySeconds: 3
	periodSeconds: 10
	successThreshold: 1
	timeoutSeconds: 3
	resources: {}
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	startupProbe:
	failureThreshold: 30
	httpGet:
	path: /
	port: 7000
	scheme: HTTP
	periodSeconds: 10
	successThreshold: 1
	timeoutSeconds: 3
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /etc/app-config
	name: app-config
	readOnly: true
	dnsPolicy: ClusterFirst
	imagePullSecrets:
	- name: private-registry-credentials
	restartPolicy: Always
	schedulerName: default-scheduler
	securityContext:
	runAsGroup: 1000
	runAsNonRoot: true
	runAsUser: 1000
	seccompProfile:
	type: RuntimeDefault
	serviceAccount: tap-gui
	serviceAccountName: tap-gui
	terminationGracePeriodSeconds: 30
	volumes:
	- name: app-config
	secret:
	defaultMode: 420
	secretName: app-config-ver-8