anobre/openshift-resource-governance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c81ba36b26eaa3f6f253cbdf6eac509e7e3af4a9
openshift-resource-governance/k8s/deployment.yaml
andersonid c81ba36b26 fix: correct route name and health check endpoints in deployment 
- Fix route name mismatch: script was looking for 'resource-governance' but route is named 'resource-governance-route'
- Fix health check endpoints: use /health instead of /api/v1/health for liveness/readiness probes
- Add better error handling and route verification in deploy script
- Add sleep delay to ensure route is ready before URL extraction
- Show available routes if expected route is not found
2025-10-03 06:37:35 -03:00

137 lines
4.1 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: resource-governance
namespace: resource-governance
labels:
app.kubernetes.io/name: resource-governance
app.kubernetes.io/component: governance
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0 # Nunca derruba pods até o novo estar pronto
maxSurge: 1 # Permite 1 pod extra durante o rollout
selector:
matchLabels:
app.kubernetes.io/name: resource-governance
app.kubernetes.io/component: governance
template:
metadata:
labels:
app.kubernetes.io/name: resource-governance
app.kubernetes.io/component: governance
spec:
serviceAccountName: resource-governance-sa
# imagePullSecrets:
# - name: docker-hub-secret
securityContext:
runAsNonRoot: true
containers:
- name: resource-governance
image: andersonid/resource-governance:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 15 # Aguarda mais tempo para inicializar
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 5 # Mais tentativas antes de falhar
successThreshold: 2 # Precisa de 2 sucessos consecutivos
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
env:
- name: KUBECONFIG
value: "/var/run/secrets/kubernetes.io/serviceaccount/token"
- name: CPU_LIMIT_RATIO
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: CPU_LIMIT_RATIO
- name: MEMORY_LIMIT_RATIO
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: MEMORY_LIMIT_RATIO
- name: MIN_CPU_REQUEST
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: MIN_CPU_REQUEST
- name: MIN_MEMORY_REQUEST
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: MIN_MEMORY_REQUEST
- name: CRITICAL_NAMESPACES
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: CRITICAL_NAMESPACES
- name: INCLUDE_SYSTEM_NAMESPACES
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: INCLUDE_SYSTEM_NAMESPACES
- name: SYSTEM_NAMESPACE_PREFIXES
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: SYSTEM_NAMESPACE_PREFIXES
- name: PROMETHEUS_URL
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: PROMETHEUS_URL
- name: REPORT_EXPORT_PATH
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: REPORT_EXPORT_PATH
- name: SERVICE_ACCOUNT_NAME
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: SERVICE_ACCOUNT_NAME
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
volumeMounts:
- name: reports
mountPath: /tmp/reports
- name: service-account-token
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
readOnly: true
volumes:
- name: reports
emptyDir: {}
- name: service-account-token
secret:
secretName: resource-governance-sa-token
optional: false
restartPolicy: Always
Reference in New Issue View Git Blame Copy Permalink