forked from rhthsa/openshift-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbackend.yaml
162 lines (161 loc) · 4.42 KB
/
backend.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend-v1
annotations:
app.openshift.io/vcs-ref: master
app.openshift.io/vcs-uri: 'https://gitlab.com/ocp-demo/backend_quarkus'
labels:
app.kubernetes.io/component: backend
app.kubernetes.io/instance: backend
app.kubernetes.io/name: java
app.kubernetes.io/part-of: App-X
app.openshift.io/runtime: quarkus
app.openshift.io/runtime-version: '2.13.3.Final'
spec:
replicas: 1
selector:
matchLabels:
app: backend
version: v1
template:
metadata:
creationTimestamp: null
labels:
app: backend
version: v1
annotations:
sidecar.istio.io/inject: "true"
# Prometheus with mTLS - need to create network policy to allow from network.openshift.io/policy-group: monitoring
#prometheus.io/path: /q/metrics
#prometheus.io/port: "8080"
#prometheus.io/scrape: "true"
#traffic.sidecar.istio.io/excludeInboundPorts: "15020"
#Sidecar request/limit
#sidecar.istio.io/proxyCPU:
#sidecar.istio.io/proxyMemory:
#sidecar.istio.io/proxyCPULimit:
#sidecar.istio.io/proxyMemoryLimit:
spec:
containers:
- name: backend
image: quay.io/voravitl/backend:v1
imagePullPolicy: Always
resources:
requests:
cpu: "0.05"
memory: 100Mi
limits:
cpu: "0.2"
memory: 350Mi
env:
- name: APP_BACKEND
value: https://httpbin.org/status/200
- name: APP_VERSION
value: v1
- name: quarkus.log.console.color
value: 'false'
ports:
- containerPort: 8080
securityContext:
seccompProfile: #"RuntimeDefault" or "Localhost"
type: RuntimeDefault
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: false
tolerations:
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 60
terminationGracePeriodSeconds: 10
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend-v2
annotations:
app.openshift.io/vcs-ref: master
app.openshift.io/vcs-uri: 'https://gitlab.com/ocp-demo/backend_quarkus'
labels:
app.kubernetes.io/component: backend
app.kubernetes.io/instance: backend
app.kubernetes.io/name: java
app.kubernetes.io/part-of: App-X
app.openshift.io/runtime: quarkus
app.openshift.io/runtime-version: '2.13.3.Final'
spec:
replicas: 1
selector:
matchLabels:
app: backend
version: v2
template:
metadata:
creationTimestamp: null
labels:
app: backend
version: v2
annotations:
sidecar.istio.io/inject: "true"
# Prometheus with mTLS - need to create network policy to allow from network.openshift.io/policy-group: monitoring
# prometheus.io/path: /q/metrics
# prometheus.io/port: "8080"
# prometheus.io/scrape: "true"
#Sidecar request/limit
#sidecar.istio.io/proxyCPU:
#sidecar.istio.io/proxyMemory:
#sidecar.istio.io/proxyCPULimit:
#sidecar.istio.io/proxyMemoryLimit:
spec:
containers:
- name: backend
image: quay.io/voravitl/backend:v1
imagePullPolicy: Always
resources:
requests:
cpu: "0.05"
memory: 100Mi
limits:
cpu: "0.2"
memory: 350Mi
env:
- name: APP_BACKEND
value: https://httpbin.org/delay/4
- name: APP_VERSION
value: v2
- name: quarkus.log.console.color
value: 'false'
ports:
- containerPort: 8080
securityContext:
seccompProfile: #"RuntimeDefault" or "Localhost"
type: RuntimeDefault
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: false
tolerations:
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 60
terminationGracePeriodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: backend
labels:
app: backend
spec:
ports:
- port: 8080
name: http
targetPort: 8080
selector:
app: backend
---