Last active
September 30, 2024 13:50
-
-
Save yene/ff795ab46c5c35caba045a836549d24e to your computer and use it in GitHub Desktop.
Example Kubernetes Deployment with ingress
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| secret: red-fulfillment-secret # the label "secret" is used to register the dependency to the mounted secret | |
| name: red-fulfillment | |
| spec: | |
| replicas: 1 | |
| strategy: | |
| type: RollingUpdate | |
| selector: | |
| matchLabels: | |
| app: red-fulfillment | |
| template: | |
| metadata: | |
| labels: | |
| app: red-fulfillment | |
| spec: | |
| automountServiceAccountToken: false | |
| enableServiceLinks: false | |
| terminationGracePeriodSeconds: 60 | |
| securityContext: | |
| runAsNonRoot: true # In your docker you must set user ID to a number that is not 0 | |
| containers: | |
| - image: '{{ .Values.image }}' | |
| imagePullPolicy: IfNotPresent | |
| name: red-fulfillment | |
| env: | |
| - name: PORT # all services no matter the technology must handle PORT | |
| value: '8080' | |
| - name: RED_ENVIRONMENT # the target environment, configuration usually has a matching appsetting.prod.json | |
| value: prod | |
| - name: POD_DEPLOYMENT_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.labels['app'] | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: POD_MEMORY_LIMIT | |
| valueFrom: | |
| resourceFieldRef: | |
| resource: limits.memory | |
| divisor: 1Mi | |
| - name: POD_CPU_LIMIT | |
| valueFrom: | |
| resourceFieldRef: | |
| resource: limits.cpu | |
| divisor: 1m | |
| ports: | |
| - containerPort: 8080 | |
| volumeMounts: | |
| - name: app-secret | |
| mountPath: /etc/app | |
| readOnly: true | |
| lifecycle: | |
| preStop: | |
| exec: | |
| command: # waiting 10 seconds before terminating allows connectings and kubernetes services to catch up | |
| - /bin/sleep | |
| - '10' | |
| readinessProbe: | |
| initialDelaySeconds: 20 | |
| periodSeconds: 5 | |
| failureThreshold: 3 | |
| successThreshold: 1 | |
| httpGet: | |
| path: /health/ready | |
| port: 8080 | |
| httpHeaders: | |
| - name: x-kubernetes | |
| value: readiness | |
| resources: | |
| requests: # On production the requests and the limits match. On testing the requests can be lowered to avoid resource exhaustion. | |
| cpu: 500m | |
| memory: 600Mi | |
| limits: | |
| cpu: 500m | |
| memory: 600Mi | |
| volumes: | |
| - name: app-secret | |
| secret: | |
| secretName: red-fulfillment-secret | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: red-fulfillment | |
| spec: | |
| type: ClusterIP | |
| ports: | |
| - port: 80 | |
| targetPort: 8080 | |
| selector: | |
| app: red-fulfillment | |
| --- | |
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| name: internal-fulfillment | |
| annotations: | |
| cert-manager.io/issuer: letsencrypt-internal | |
| spec: | |
| ingressClassName: ingress-internal | |
| tls: | |
| - hosts: | |
| - fulfillment.prod.example.org | |
| secretName: fulfillment.prod.example.org-tlsle | |
| rules: | |
| - host: fulfillment.prod.example.org | |
| http: | |
| paths: | |
| - path: /service/ # each deployment listens to a subpath/basepath, allowing development without proxy | |
| pathType: Prefix | |
| backend: | |
| service: | |
| name: red-fulfillment | |
| port: | |
| number: 80 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment