Created
October 28, 2025 19:22
-
-
Save jbothma/f1f17e7813edf8b6a2a4ca0c08e88b07 to your computer and use it in GitHub Desktop.
thingy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source: song/templates/deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: song | |
| labels: | |
| app.kubernetes.io/name: song | |
| app.kubernetes.io/instance: song | |
| spec: | |
| replicas: 1 | |
| strategy: | |
| type: Recreate # Ensures only one pod at a time to avoid resource exhaustion | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/name: song | |
| app.kubernetes.io/instance: song | |
| template: | |
| metadata: | |
| labels: | |
| app.kubernetes.io/name: song | |
| app.kubernetes.io/instance: song | |
| spec: | |
| containers: | |
| - name: song | |
| image: "ghcr.io/overture-stack/song-server:edge" | |
| imagePullPolicy: IfNotPresent | |
| ports: | |
| - name: http | |
| containerPort: 8080 | |
| protocol: TCP | |
| env: | |
| # Force auth configuration via JVM system properties (highest precedence) | |
| - name: JAVA_OPTS | |
| value: "-Dauth.server.provider=keycloak -Dauth.server.clientID=dms -Dauth.server.keycloak.realm=agari -Dauth.server.keycloak.host=http://keycloak:8080 -Dauth.server.scope.study.prefix=STUDY. -Dauth.server.introspectionUri=http://keycloak:8080/realms/agari/apikey/check_api_key/" | |
| # Spring Run Profiles | |
| - name: SPRING_PROFILES_ACTIVE | |
| value: "prod,secure,kafka,s3,score-client-cred" | |
| # Flyway variables | |
| - name: SPRING_FLYWAY_ENABLED | |
| value: "true" | |
| # Song Variables | |
| - name: ID_USELOCAL | |
| value: "true" | |
| - name: SCHEMAS_ENFORCELATEST | |
| value: "true" | |
| # Score Variables | |
| - name: SCORE_URL | |
| value: "http://score:8087" | |
| - name: SCORE_ACCESSTOKEN | |
| value: "" | |
| # Score Client Credentials for SONG to authenticate to Score | |
| - name: SCORE_CLIENTCREDENTIALS_ID | |
| value: "dms" | |
| - name: SCORE_CLIENTCREDENTIALS_SECRET | |
| value: "VDyLEjGR3xDQvoQlrHq5AB6OwbW0Refc" | |
| - name: SCORE_CLIENTCREDENTIALS_SYSTEMSCOPE | |
| value: "openid" | |
| - name: SCORE_CLIENTCREDENTIALS_TOKENURL | |
| value: "http://keycloak:8080/realms/agari/protocol/openid-connect/token" | |
| # Keycloak Variables | |
| - name: AUTH_SERVER_PROVIDER | |
| value: "keycloak" | |
| - name: AUTH_SERVER_CLIENTID | |
| value: "dms" | |
| - name: AUTH_SERVER_CLIENT_ID | |
| value: "dms" | |
| - name: AUTH_SERVER_KEYCLOAK_HOST | |
| value: "http://keycloak:8080" | |
| - name: AUTH_SERVER_KEYCLOAK_REALM | |
| value: "agari" | |
| # Alternative naming patterns for stubborn properties | |
| - name: AUTH_SERVER_CLIENTSECRET | |
| value: "VDyLEjGR3xDQvoQlrHq5AB6OwbW0Refc" | |
| - name: AUTH_SERVER_CLIENT_SECRET | |
| value: "VDyLEjGR3xDQvoQlrHq5AB6OwbW0Refc" | |
| - name: AUTH_SERVER_SCOPE_STUDY_PREFIX | |
| value: "STUDY." | |
| - name: AUTH_SERVER_SCOPE_STUDY_SUFFIX | |
| value: ".WRITE" | |
| - name: AUTH_SERVER_SCOPE_SYSTEM | |
| value: "song.WRITE" | |
| # Environment variables using exact Spring Boot property naming | |
| - name: AUTH_SERVER_PROVIDER | |
| value: "keycloak" | |
| - name: AUTH_SERVER_CLIENTID | |
| value: "dms" | |
| - name: AUTH_SERVER_KEYCLOAK_HOST | |
| value: "http://keycloak:8080" | |
| - name: AUTH_SERVER_KEYCLOAK_REALM | |
| value: "agari" | |
| - name: AUTH_SERVER_SCOPE_STUDY_PREFIX | |
| value: "STUDY." | |
| - name: AUTH_SERVER_INTROSPECTIONURI | |
| value: "http://keycloak:8080/realms/agari/apikey/check_api_key/" | |
| # OAuth2 JWT configuration | |
| - name: SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI | |
| value: "http://keycloak:8080/realms/agari/protocol/openid-connect/certs" | |
| - name: SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI | |
| value: "http://keycloak.local/realms/agari" | |
| - name: AUTH_SERVER_INTROSPECTIONURI | |
| value: "http://keycloak:8080/realms/agari/apikey/check_api_key/" | |
| # Postgres Variables | |
| - name: SPRING_DATASOURCE_URL | |
| value: "jdbc:postgresql://song-db:5432/songDb?stringtype=unspecified" | |
| - name: SPRING_DATASOURCE_USERNAME | |
| value: "admin" | |
| - name: SPRING_DATASOURCE_PASSWORD | |
| value: "song-db-pass-123" | |
| # Kafka Variables | |
| - name: SPRING_KAFKA_BOOTSTRAPSERVERS | |
| value: "kafka:9092" | |
| - name: SPRING_KAFKA_TEMPLATE_DEFAULTTOPIC | |
| value: "song-analysis" | |
| # Swagger Variable | |
| - name: SWAGGER_ALTERNATEURL | |
| value: "/swagger-api" | |
| - name: "BIO_OVERTURE_SONG_SERVER_SECURITY" | |
| value: DEBUG | |
| - name: SPRING_SECURITY_FILTERCHAIN_DEBUG | |
| value: "true" | |
| - name: LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY | |
| value: DEBUG | |
| - name: LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY_OAUTH2 | |
| value: DEBUG | |
| readinessProbe: | |
| tcpSocket: | |
| port: 8080 | |
| initialDelaySeconds: 60 | |
| periodSeconds: 10 | |
| timeoutSeconds: 5 | |
| failureThreshold: 3 | |
| resources: | |
| limits: | |
| cpu: 500m | |
| ephemeral-storage: 2Gi | |
| memory: 1.5Gi | |
| requests: | |
| cpu: 150m | |
| ephemeral-storage: 1Gi | |
| memory: 768Mi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment