252 lines
5.4 KiB
YAML
252 lines
5.4 KiB
YAML
# === STREAM SERVER DEPLOYMENT ===
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: veza-stream-server
|
|
namespace: veza-production
|
|
labels:
|
|
app: veza-stream-server
|
|
version: v2.0.0
|
|
component: streaming
|
|
spec:
|
|
replicas: 5
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 2
|
|
maxUnavailable: 1
|
|
selector:
|
|
matchLabels:
|
|
app: veza-stream-server
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: veza-stream-server
|
|
version: v2.0.0
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "9090"
|
|
prometheus.io/path: "/metrics"
|
|
spec:
|
|
serviceAccountName: veza-stream-server
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1001
|
|
runAsGroup: 1001
|
|
fsGroup: 1001
|
|
containers:
|
|
- name: stream-server
|
|
image: veza/stream-server:2.0.0
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- name: http
|
|
containerPort: 8080
|
|
protocol: TCP
|
|
- name: websocket
|
|
containerPort: 8081
|
|
protocol: TCP
|
|
- name: grpc
|
|
containerPort: 50051
|
|
protocol: TCP
|
|
- name: metrics
|
|
containerPort: 9090
|
|
protocol: TCP
|
|
env:
|
|
- name: RUST_LOG
|
|
value: "info"
|
|
- name: ENVIRONMENT
|
|
value: "production"
|
|
- name: DATABASE_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-secret
|
|
key: url
|
|
- name: REDIS_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-secret
|
|
key: url
|
|
- name: JWT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jwt-secret
|
|
key: secret
|
|
- name: PROMETHEUS_PORT
|
|
value: "9090"
|
|
- name: MAX_CONNECTIONS
|
|
value: "100000"
|
|
- name: WORKER_THREADS
|
|
value: "16"
|
|
resources:
|
|
requests:
|
|
cpu: "2000m"
|
|
memory: "4Gi"
|
|
limits:
|
|
cpu: "8000m"
|
|
memory: "16Gi"
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health/ready
|
|
port: 8080
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
timeoutSeconds: 3
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health/live
|
|
port: 8080
|
|
scheme: HTTP
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
lifecycle:
|
|
preStop:
|
|
exec:
|
|
command: ["/bin/sh", "-c", "sleep 30"]
|
|
volumeMounts:
|
|
- name: app-data
|
|
mountPath: /app/data
|
|
- name: app-logs
|
|
mountPath: /app/logs
|
|
- name: tls-certs
|
|
mountPath: /app/certs
|
|
readOnly: true
|
|
volumes:
|
|
- name: app-data
|
|
emptyDir: {}
|
|
- name: app-logs
|
|
emptyDir: {}
|
|
- name: tls-certs
|
|
secret:
|
|
secretName: tls-secret
|
|
terminationGracePeriodSeconds: 30
|
|
nodeSelector:
|
|
node-type: streaming
|
|
tolerations:
|
|
- key: "streaming"
|
|
operator: "Equal"
|
|
value: "true"
|
|
effect: "NoSchedule"
|
|
|
|
---
|
|
# === SERVICE ===
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: veza-stream-server
|
|
namespace: veza-production
|
|
labels:
|
|
app: veza-stream-server
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- name: http
|
|
port: 8080
|
|
targetPort: 8080
|
|
protocol: TCP
|
|
- name: websocket
|
|
port: 8081
|
|
targetPort: 8081
|
|
protocol: TCP
|
|
- name: grpc
|
|
port: 50051
|
|
targetPort: 50051
|
|
protocol: TCP
|
|
- name: metrics
|
|
port: 9090
|
|
targetPort: 9090
|
|
protocol: TCP
|
|
selector:
|
|
app: veza-stream-server
|
|
|
|
---
|
|
# === HORIZONTAL POD AUTOSCALER ===
|
|
apiVersion: autoscaling/v2
|
|
kind: HorizontalPodAutoscaler
|
|
metadata:
|
|
name: veza-stream-server-hpa
|
|
namespace: veza-production
|
|
spec:
|
|
scaleTargetRef:
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
name: veza-stream-server
|
|
minReplicas: 5
|
|
maxReplicas: 50
|
|
metrics:
|
|
- type: Resource
|
|
resource:
|
|
name: cpu
|
|
target:
|
|
type: Utilization
|
|
averageUtilization: 70
|
|
- type: Resource
|
|
resource:
|
|
name: memory
|
|
target:
|
|
type: Utilization
|
|
averageUtilization: 80
|
|
behavior:
|
|
scaleUp:
|
|
stabilizationWindowSeconds: 300
|
|
policies:
|
|
- type: Percent
|
|
value: 100
|
|
periodSeconds: 15
|
|
scaleDown:
|
|
stabilizationWindowSeconds: 600
|
|
policies:
|
|
- type: Percent
|
|
value: 10
|
|
periodSeconds: 60
|
|
|
|
---
|
|
# === NETWORK POLICY ===
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: veza-stream-server-netpol
|
|
namespace: veza-production
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: veza-stream-server
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: veza-production
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: ingress-nginx
|
|
ports:
|
|
- protocol: TCP
|
|
port: 8080
|
|
- protocol: TCP
|
|
port: 8081
|
|
- protocol: TCP
|
|
port: 50051
|
|
egress:
|
|
- to:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: veza-production
|
|
ports:
|
|
- protocol: TCP
|
|
port: 5432 # PostgreSQL
|
|
- protocol: TCP
|
|
port: 6379 # Redis
|
|
- to: []
|
|
ports:
|
|
- protocol: TCP
|
|
port: 53 # DNS
|
|
- protocol: UDP
|
|
port: 53 # DNS
|