apiVersion: apps/v1 kind: Deployment metadata: name: veza-backend-api namespace: veza-production labels: app: veza-backend-api component: api version: v1.0.0 spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: veza-backend-api template: metadata: labels: app: veza-backend-api version: v1.0.0 annotations: prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "/metrics" spec: securityContext: runAsNonRoot: true runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 containers: - name: backend-api image: veza-backend-api:latest imagePullPolicy: Always ports: - name: http containerPort: 8080 protocol: TCP env: - name: APP_ENV value: "production" - name: DATABASE_URL valueFrom: secretKeyRef: name: veza-secrets key: database-url - name: REDIS_URL valueFrom: secretKeyRef: name: veza-secrets key: redis-url - name: JWT_SECRET valueFrom: secretKeyRef: name: veza-secrets key: jwt-secret - name: CORS_ALLOWED_ORIGINS valueFrom: configMapKeyRef: name: veza-config key: cors-allowed-origins resources: requests: cpu: "500m" memory: "512Mi" limits: cpu: "2000m" memory: "2Gi" readinessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 3 successThreshold: 1 failureThreshold: 3 livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 lifecycle: preStop: exec: command: ["/bin/sh", "-c", "sleep 15"] terminationGracePeriodSeconds: 30