Celes Renata
5be3ce2db9
- Makefile: GHCR -> registry.celestium.life/stonks-oracle - GitHub Actions: login to Harbor, use HARBOR_PASSWORD secret - infra/k8s/*.yaml: all image refs -> registry.celestium.life - inttest pipeline: remove GHCR pull secret (local registry, no auth) - Steering docs: update registry/git endpoints
73 lines
1.7 KiB
YAML
73 lines
1.7 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: risk-engine
|
|
namespace: stonks-oracle
|
|
labels:
|
|
app: risk-engine
|
|
app.kubernetes.io/part-of: stonks-oracle
|
|
stonks-oracle/tier: trading
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: risk-engine
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: risk-engine
|
|
stonks-oracle/tier: trading
|
|
spec:
|
|
automountServiceAccountToken: false
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containers:
|
|
- name: risk-engine
|
|
image: registry.celestium.life/stonks-oracle/risk:latest
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- containerPort: 8000
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
envFrom:
|
|
- configMapRef:
|
|
name: stonks-config
|
|
- secretRef:
|
|
name: stonks-core-secrets
|
|
- secretRef:
|
|
name: stonks-broker-secrets
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 256Mi
|
|
volumeMounts:
|
|
- name: tmp
|
|
mountPath: /tmp
|
|
volumes:
|
|
- name: tmp
|
|
emptyDir:
|
|
sizeLimit: 10Mi
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: risk-engine
|
|
namespace: stonks-oracle
|
|
spec:
|
|
selector:
|
|
app: risk-engine
|
|
ports:
|
|
- port: 8000
|
|
targetPort: 8000
|