# services/veles/backend-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: veles-backend namespace: veles labels: app: veles-backend spec: replicas: 1 revisionHistoryLimit: 2 selector: matchLabels: app: veles-backend template: metadata: labels: app: veles-backend spec: serviceAccountName: veles-backend priorityClassName: veles-core nodeSelector: veles.bstein.dev/node-pool: oceanus tolerations: - key: veles.bstein.dev/simulation operator: Equal value: "true" effect: NoSchedule securityContext: fsGroup: 10001 fsGroupChangePolicy: OnRootMismatch seccompProfile: type: RuntimeDefault containers: - name: backend image: registry.bstein.dev/veles/veles-backend:0.1.0-4 # {"$imagepolicy": "veles:veles-backend"} imagePullPolicy: IfNotPresent ports: - name: http containerPort: 8796 protocol: TCP readinessProbe: httpGet: path: /api/v1/ready port: http initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /api/v1/live port: http initialDelaySeconds: 20 periodSeconds: 20 envFrom: - configMapRef: name: veles-app-config - secretRef: name: veles-runtime-secrets resources: requests: cpu: 250m memory: 512Mi limits: cpu: "1" memory: 2Gi securityContext: runAsNonRoot: true runAsUser: 10001 runAsGroup: 10001 allowPrivilegeEscalation: false capabilities: drop: ["ALL"] volumeMounts: - name: artifacts mountPath: /data/veles-artifacts volumes: - name: artifacts persistentVolumeClaim: claimName: veles-artifacts