titan-iac/services/veles/frontend-deployment.yaml

# services/veles/frontend-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: veles-frontend
  namespace: veles
  labels:
    app: veles-frontend
spec:
  replicas: 2
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: veles-frontend
  template:
    metadata:
      labels:
        app: veles-frontend
    spec:
      serviceAccountName: veles-frontend
      priorityClassName: veles-core
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/worker
                    operator: Exists
                  - key: hardware
                    operator: In
                    values: ["rpi5", "rpi4", "amd64"]
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              preference:
                matchExpressions:
                  - key: atlas.bstein.dev/spillover
                    operator: DoesNotExist
            - weight: 90
              preference:
                matchExpressions:
                  - key: hardware
                    operator: In
                    values: ["rpi5"]
      securityContext:
        fsGroup: 101
        fsGroupChangePolicy: OnRootMismatch
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: frontend
          image: registry.bstein.dev/veles/veles-frontend:0.1.0-2 # {"$imagepolicy": "veles:veles-frontend"}
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          readinessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 3
            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 20
            periodSeconds: 20
          envFrom:
            - configMapRef:
                name: veles-app-config
          resources:
            requests:
              cpu: 100m
              memory: 256Mi
            limits:
              cpu: 500m
              memory: 512Mi
          securityContext:
            runAsNonRoot: true
            runAsUser: 101
            runAsGroup: 101
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`# services/veles/frontend-deployment.yaml`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: veles-frontend`
			`namespace: veles`
			`labels:`
			`app: veles-frontend`
			`spec:`
veles: promote managed app deployments 2026-06-09 15:47:33 -03:00			`replicas: 2`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`revisionHistoryLimit: 2`
			`selector:`
			`matchLabels:`
			`app: veles-frontend`
			`template:`
			`metadata:`
			`labels:`
			`app: veles-frontend`
			`spec:`
			`serviceAccountName: veles-frontend`
			`priorityClassName: veles-core`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`- key: node-role.kubernetes.io/worker`
			`operator: Exists`
			`- key: hardware`
			`operator: In`
			`values: ["rpi5", "rpi4", "amd64"]`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- weight: 100`
			`preference:`
			`matchExpressions:`
			`- key: atlas.bstein.dev/spillover`
			`operator: DoesNotExist`
			`- weight: 90`
			`preference:`
			`matchExpressions:`
			`- key: hardware`
			`operator: In`
			`values: ["rpi5"]`
			`securityContext:`
veles: promote managed app deployments 2026-06-09 15:47:33 -03:00			`fsGroup: 101`
			`fsGroupChangePolicy: OnRootMismatch`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`seccompProfile:`
			`type: RuntimeDefault`
			`containers:`
			`- name: frontend`
Roll Veles auth-scoped app images 2026-06-09 18:00:57 -03:00			`image: registry.bstein.dev/veles/veles-frontend:0.1.0-2 # {"$imagepolicy": "veles:veles-frontend"}`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`imagePullPolicy: IfNotPresent`
			`ports:`
			`- name: http`
			`containerPort: 8080`
			`protocol: TCP`
veles: promote managed app deployments 2026-06-09 15:47:33 -03:00			`readinessProbe:`
			`httpGet:`
			`path: /`
			`port: http`
			`initialDelaySeconds: 3`
			`periodSeconds: 10`
			`livenessProbe:`
			`httpGet:`
			`path: /`
			`port: http`
			`initialDelaySeconds: 20`
			`periodSeconds: 20`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`envFrom:`
			`- configMapRef:`
			`name: veles-app-config`
			`resources:`
			`requests:`
			`cpu: 100m`
			`memory: 256Mi`
			`limits:`
			`cpu: 500m`
			`memory: 512Mi`
			`securityContext:`
			`runAsNonRoot: true`
veles: promote managed app deployments 2026-06-09 15:47:33 -03:00			`runAsUser: 101`
			`runAsGroup: 101`
veles: stage atlas infrastructure 2026-06-09 00:46:46 -03:00			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop: ["ALL"]`