# Application services for integration test sandbox # Namespace is substituted at runtime via envsubst # All env vars are inlined (no ConfigMap) so services are self-contained # Images: ghcr.io/celesrenata/stonks-oracle/:latest # # Services: # - query-api (uvicorn services.api.app:app) # - symbol-registry (uvicorn services.symbol_registry.app:app) # - risk (uvicorn services.risk.app:app) # - trading-engine (uvicorn services.trading.app:app) --- # ── query-api ──────────────────────────────────────────────────────────────── apiVersion: apps/v1 kind: Deployment metadata: name: query-api namespace: ${NAMESPACE} labels: app: query-api tier: api app.kubernetes.io/part-of: stonks-oracle spec: replicas: 1 selector: matchLabels: app: query-api template: metadata: labels: app: query-api tier: api spec: automountServiceAccountToken: false imagePullSecrets: - name: ghcr-credentials securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: query-api image: ghcr.io/celesrenata/stonks-oracle/query-api:latest imagePullPolicy: Always command: ["uvicorn", "services.api.app:app", "--host", "0.0.0.0", "--port", "8000"] ports: - containerPort: 8000 protocol: TCP securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] env: - name: POSTGRES_HOST value: "postgres" - name: POSTGRES_PORT value: "5432" - name: POSTGRES_DB value: "stonks" - name: POSTGRES_USER value: "stonks" - name: POSTGRES_PASSWORD value: "inttest" - name: REDIS_HOST value: "redis" - name: REDIS_PORT value: "6379" - name: REDIS_DB value: "0" - name: REDIS_PASSWORD value: "" - name: MINIO_ENDPOINT value: "minio:9000" - name: MINIO_SECURE value: "false" - name: MINIO_ACCESS_KEY value: "minioadmin" - name: MINIO_SECRET_KEY value: "minioadmin" - name: BROKER_MODE value: "paper" - name: LOG_LEVEL value: "INFO" - name: JSON_LOGS value: "false" resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi readinessProbe: httpGet: path: /docs port: 8000 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 6 volumeMounts: - name: tmp mountPath: /tmp volumes: - name: tmp emptyDir: sizeLimit: 10Mi --- apiVersion: v1 kind: Service metadata: name: query-api namespace: ${NAMESPACE} labels: app: query-api tier: api app.kubernetes.io/part-of: stonks-oracle spec: selector: app: query-api ports: - port: 8000 targetPort: 8000 protocol: TCP --- # ── symbol-registry ────────────────────────────────────────────────────────── apiVersion: apps/v1 kind: Deployment metadata: name: symbol-registry namespace: ${NAMESPACE} labels: app: symbol-registry tier: api app.kubernetes.io/part-of: stonks-oracle spec: replicas: 1 selector: matchLabels: app: symbol-registry template: metadata: labels: app: symbol-registry tier: api spec: automountServiceAccountToken: false imagePullSecrets: - name: ghcr-credentials securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: symbol-registry image: ghcr.io/celesrenata/stonks-oracle/symbol-registry:latest imagePullPolicy: Always command: ["uvicorn", "services.symbol_registry.app:app", "--host", "0.0.0.0", "--port", "8000"] ports: - containerPort: 8000 protocol: TCP securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] env: - name: POSTGRES_HOST value: "postgres" - name: POSTGRES_PORT value: "5432" - name: POSTGRES_DB value: "stonks" - name: POSTGRES_USER value: "stonks" - name: POSTGRES_PASSWORD value: "inttest" - name: REDIS_HOST value: "redis" - name: REDIS_PORT value: "6379" - name: REDIS_DB value: "0" - name: REDIS_PASSWORD value: "" - name: MINIO_ENDPOINT value: "minio:9000" - name: MINIO_SECURE value: "false" - name: MINIO_ACCESS_KEY value: "minioadmin" - name: MINIO_SECRET_KEY value: "minioadmin" - name: BROKER_MODE value: "paper" - name: LOG_LEVEL value: "INFO" - name: JSON_LOGS value: "false" resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi readinessProbe: httpGet: path: /docs port: 8000 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 6 volumeMounts: - name: tmp mountPath: /tmp volumes: - name: tmp emptyDir: sizeLimit: 10Mi --- apiVersion: v1 kind: Service metadata: name: symbol-registry namespace: ${NAMESPACE} labels: app: symbol-registry tier: api app.kubernetes.io/part-of: stonks-oracle spec: selector: app: symbol-registry ports: - port: 8000 targetPort: 8000 protocol: TCP --- # ── risk ───────────────────────────────────────────────────────────────────── apiVersion: apps/v1 kind: Deployment metadata: name: risk namespace: ${NAMESPACE} labels: app: risk tier: api app.kubernetes.io/part-of: stonks-oracle spec: replicas: 1 selector: matchLabels: app: risk template: metadata: labels: app: risk tier: api spec: automountServiceAccountToken: false imagePullSecrets: - name: ghcr-credentials securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: risk image: ghcr.io/celesrenata/stonks-oracle/risk:latest imagePullPolicy: Always command: ["uvicorn", "services.risk.app:app", "--host", "0.0.0.0", "--port", "8000"] ports: - containerPort: 8000 protocol: TCP securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] env: - name: POSTGRES_HOST value: "postgres" - name: POSTGRES_PORT value: "5432" - name: POSTGRES_DB value: "stonks" - name: POSTGRES_USER value: "stonks" - name: POSTGRES_PASSWORD value: "inttest" - name: REDIS_HOST value: "redis" - name: REDIS_PORT value: "6379" - name: REDIS_DB value: "0" - name: REDIS_PASSWORD value: "" - name: MINIO_ENDPOINT value: "minio:9000" - name: MINIO_SECURE value: "false" - name: MINIO_ACCESS_KEY value: "minioadmin" - name: MINIO_SECRET_KEY value: "minioadmin" - name: BROKER_MODE value: "paper" - name: LOG_LEVEL value: "INFO" - name: JSON_LOGS value: "false" resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi readinessProbe: httpGet: path: /docs port: 8000 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 6 volumeMounts: - name: tmp mountPath: /tmp volumes: - name: tmp emptyDir: sizeLimit: 10Mi --- apiVersion: v1 kind: Service metadata: name: risk namespace: ${NAMESPACE} labels: app: risk tier: api app.kubernetes.io/part-of: stonks-oracle spec: selector: app: risk ports: - port: 8000 targetPort: 8000 protocol: TCP --- # ── trading-engine ─────────────────────────────────────────────────────────── apiVersion: apps/v1 kind: Deployment metadata: name: trading-engine namespace: ${NAMESPACE} labels: app: trading-engine tier: api app.kubernetes.io/part-of: stonks-oracle spec: replicas: 1 selector: matchLabels: app: trading-engine template: metadata: labels: app: trading-engine tier: api spec: automountServiceAccountToken: false imagePullSecrets: - name: ghcr-credentials securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: trading-engine image: ghcr.io/celesrenata/stonks-oracle/trading-engine:latest imagePullPolicy: Always command: ["uvicorn", "services.trading.app:app", "--host", "0.0.0.0", "--port", "8000"] ports: - containerPort: 8000 protocol: TCP securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] env: - name: POSTGRES_HOST value: "postgres" - name: POSTGRES_PORT value: "5432" - name: POSTGRES_DB value: "stonks" - name: POSTGRES_USER value: "stonks" - name: POSTGRES_PASSWORD value: "inttest" - name: REDIS_HOST value: "redis" - name: REDIS_PORT value: "6379" - name: REDIS_DB value: "0" - name: REDIS_PASSWORD value: "" - name: MINIO_ENDPOINT value: "minio:9000" - name: MINIO_SECURE value: "false" - name: MINIO_ACCESS_KEY value: "minioadmin" - name: MINIO_SECRET_KEY value: "minioadmin" - name: BROKER_MODE value: "paper" - name: LOG_LEVEL value: "INFO" - name: JSON_LOGS value: "false" resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi readinessProbe: httpGet: path: /docs port: 8000 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 6 volumeMounts: - name: tmp mountPath: /tmp volumes: - name: tmp emptyDir: sizeLimit: 10Mi --- apiVersion: v1 kind: Service metadata: name: trading-engine namespace: ${NAMESPACE} labels: app: trading-engine tier: api app.kubernetes.io/part-of: stonks-oracle spec: selector: app: trading-engine ports: - port: 8000 targetPort: 8000 protocol: TCP