|
| 1 | +apiVersion: apps/v1 |
| 2 | +kind: Deployment |
| 3 | + |
| 4 | +metadata: |
| 5 | + name: metadata-frontend |
| 6 | + labels: |
| 7 | + app: metadata-frontend |
| 8 | + |
| 9 | +spec: |
| 10 | + replicas: 2 |
| 11 | + |
| 12 | + revisionHistoryLimit: 5 # Keep last 5 ReplicaSets for rollback |
| 13 | + |
| 14 | + strategy: |
| 15 | + type: RollingUpdate |
| 16 | + rollingUpdate: |
| 17 | + maxUnavailable: 1 # At most 1 pod can be down during update |
| 18 | + maxSurge: 1 # Create 1 extra pod during update |
| 19 | + |
| 20 | + selector: |
| 21 | + matchLabels: |
| 22 | + app: metadata-frontend |
| 23 | + |
| 24 | + template: |
| 25 | + metadata: |
| 26 | + labels: |
| 27 | + app: metadata-frontend |
| 28 | + |
| 29 | + spec: |
| 30 | + |
| 31 | + terminationGracePeriodSeconds: 30 # It tells Kubernetes to wait up to 30 seconds for the pod to shut down gracefully before forcefully killing it. |
| 32 | + |
| 33 | + containers: |
| 34 | + - name: metadatafrontend |
| 35 | + image: deepdiv/metadatafrontend:v1.0 |
| 36 | + imagePullPolicy: Always |
| 37 | + ports: |
| 38 | + - containerPort: 4000 |
| 39 | + |
| 40 | + # Run container as non-root user for better security; Makes filesystem read-only |
| 41 | + securityContext: |
| 42 | + runAsNonRoot: true |
| 43 | + runAsUser: 1000 # Forces container to run as Linux user with UID 1000; Normal users = usually 1000+ |
| 44 | + allowPrivilegeEscalation: false |
| 45 | + readOnlyRootFilesystem: true |
| 46 | + |
| 47 | + ## kubectl top pod |
| 48 | + # Extremly low for test purposes, to test HPA, Base i saw is 20Mi |
| 49 | + resources: |
| 50 | + requests: # minimum guaranteed resources or guranteed space |
| 51 | + cpu: "20m" # Required for HPA calculation, horizontal scaling # |
| 52 | + memory: "30Mi" |
| 53 | + limits: # maximum allowed usage |
| 54 | + cpu: "100m" # CPU limit = speed cap # Not a kill switch. |
| 55 | + memory: "50Mi" # Yes — it crashes if crosses |
| 56 | + |
| 57 | + # Delays container shutdown by 10 seconds so traffic can drain and ongoing requests can finish safely before the pod stops. |
| 58 | + lifecycle: |
| 59 | + preStop: |
| 60 | + exec: |
| 61 | + command: ["sh", "-c", "sleep 10"] |
| 62 | + |
| 63 | + startupProbe: |
| 64 | + httpGet: |
| 65 | + path: /health |
| 66 | + port: 4000 |
| 67 | + periodSeconds: 5 |
| 68 | + failureThreshold: 8 # 5 × 8 = 40 seconds allowed for startup |
| 69 | + |
| 70 | + livenessProbe: # Auto Restart if Broken # Active Health Monitoring |
| 71 | + httpGet: |
| 72 | + path: /health |
| 73 | + port: 4000 |
| 74 | + periodSeconds: 10 # Kubernetes runs the health check every 10 seconds. |
| 75 | + timeoutSeconds: 3 # Kubernetes waits up to 3 seconds for the app to respond before marking the check as failed. |
| 76 | + failureThreshold: 3 # If the health check fails 3 consecutive times, Kubernetes considers the probe failed and takes action (restart for liveness, mark NotReady for readiness). |
| 77 | + |
| 78 | + |
| 79 | + readinessProbe: # Determines whether the pod is ready to receive traffic from the Service |
| 80 | + httpGet: |
| 81 | + path: /health # Kubernetes sends an HTTP GET request to /health |
| 82 | + port: 4000 # The request is sent to container port 4000 |
| 83 | + initialDelaySeconds: 5 # Wait 5 seconds after container starts before performing the first readiness check |
| 84 | + periodSeconds: 5 # Run the readiness check every 5 seconds |
| 85 | + timeoutSeconds: 2 # Wait up to 2 seconds for a response before marking the check as failed |
| 86 | + failureThreshold: 3 # If the check fails 3 consecutive times, mark the pod as NotReady (removed from Service traffic) |
| 87 | + |
0 commit comments