titan-iac/services/veles/backend-deployment.yaml

# services/veles/backend-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: veles-backend
  namespace: veles
  labels:
    app: veles-backend
spec:
  replicas: 1
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: veles-backend
  template:
    metadata:
      labels:
        app: veles-backend
    spec:
      serviceAccountName: veles-backend
      priorityClassName: veles-core
      nodeSelector:
        veles.bstein.dev/node-pool: oceanus
      tolerations:
        - key: veles.bstein.dev/simulation
          operator: Equal
          value: "true"
          effect: NoSchedule
      securityContext:
        fsGroup: 10001
        fsGroupChangePolicy: OnRootMismatch
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: backend
          image: registry.bstein.dev/veles/veles-backend:0.1.0-5 # {"$imagepolicy": "veles:veles-backend"}
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
              containerPort: 8796
              protocol: TCP
          readinessProbe:
            httpGet:
              path: /api/v1/ready
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /api/v1/live
              port: http
            initialDelaySeconds: 20
            periodSeconds: 20
          envFrom:
            - configMapRef:
                name: veles-app-config
            - secretRef:
                name: veles-runtime-secrets
          resources:
            requests:
              cpu: 250m
              memory: 512Mi
            limits:
              cpu: "1"
              memory: 2Gi
          securityContext:
            runAsNonRoot: true
            runAsUser: 10001
            runAsGroup: 10001
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
          volumeMounts:
            - name: artifacts
              mountPath: /data/veles-artifacts
      volumes:
        - name: artifacts
          persistentVolumeClaim:
            claimName: veles-artifacts
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`# services/veles/backend-deployment.yaml`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: veles-backend`
			`namespace: veles`
			`labels:`
			`app: veles-backend`
			`spec:`
veles: promote managed app deployments 2026-06-09 15:47:33 -03:00			`replicas: 1`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`revisionHistoryLimit: 2`
			`selector:`
			`matchLabels:`
			`app: veles-backend`
			`template:`
			`metadata:`
			`labels:`
			`app: veles-backend`
			`spec:`
			`serviceAccountName: veles-backend`
			`priorityClassName: veles-core`
			`nodeSelector:`
			`veles.bstein.dev/node-pool: oceanus`
			`tolerations:`
			`- key: veles.bstein.dev/simulation`
			`operator: Equal`
			`value: "true"`
			`effect: NoSchedule`
			`securityContext:`
veles: promote managed app deployments 2026-06-09 15:47:33 -03:00			`fsGroup: 10001`
			`fsGroupChangePolicy: OnRootMismatch`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`seccompProfile:`
			`type: RuntimeDefault`
			`containers:`
			`- name: backend`
Roll Veles auth-scoped app images 2026-06-09 18:00:57 -03:00			`image: registry.bstein.dev/veles/veles-backend:0.1.0-5 # {"$imagepolicy": "veles:veles-backend"}`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`imagePullPolicy: IfNotPresent`
			`ports:`
			`- name: http`
veles: align app ports and traffic gate 2026-06-09 12:54:34 -03:00			`containerPort: 8796`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`protocol: TCP`
veles: promote managed app deployments 2026-06-09 15:47:33 -03:00			`readinessProbe:`
			`httpGet:`
			`path: /api/v1/ready`
			`port: http`
			`initialDelaySeconds: 5`
			`periodSeconds: 10`
			`livenessProbe:`
			`httpGet:`
			`path: /api/v1/live`
			`port: http`
			`initialDelaySeconds: 20`
			`periodSeconds: 20`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`envFrom:`
			`- configMapRef:`
			`name: veles-app-config`
veles: harden app infrastructure contract 2026-06-09 11:59:27 -03:00			`- secretRef:`
			`name: veles-runtime-secrets`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`resources:`
			`requests:`
veles: fit backend within core quota 2026-06-09 15:50:43 -03:00			`cpu: 250m`
			`memory: 512Mi`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`limits:`
veles: fit backend within core quota 2026-06-09 15:50:43 -03:00			`cpu: "1"`
			`memory: 2Gi`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`securityContext:`
			`runAsNonRoot: true`
veles: promote managed app deployments 2026-06-09 15:47:33 -03:00			`runAsUser: 10001`
			`runAsGroup: 10001`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop: ["ALL"]`
			`volumeMounts:`
			`- name: artifacts`
			`mountPath: /data/veles-artifacts`
			`volumes:`
			`- name: artifacts`
			`persistentVolumeClaim:`
			`claimName: veles-artifacts`