forge/clusterforge
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3e77f56f68
clusterforge/airm/Deployment_airm-api.yaml

257 lines
8.8 KiB
YAML
Raw Blame History

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: airm-api
namespace: airm
spec:
replicas: 1
selector:
matchLabels:
app: airm-api
template:
metadata:
labels:
app: airm-api
auth-required: "true"
spec:
containers:
- env:
- name: OPENID_CLIENT_ID
value: 354a0fa1-35ac-4a6d-9c4d-d661129c2cd0
- name: OPENID_CONFIGURATION_URL
value: http://kc.aiplatform.combient.com/realms/airm/.well-known/openid-configuration
- name: POST_REGISTRATION_REDIRECT_URL
value: https://airmui.aiplatform.combient.com/
- name: DATABASE_HOST
value: airm-cnpg-rw.airm.svc.cluster.local
- name: DATABASE_PORT
value: "5432"
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: airm-cnpg-user
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: airm-cnpg-user
- name: RABBITMQ_HOST
value: airm-rabbitmq.airm.svc.cluster.local
- name: RABBITMQ_PORT
value: "5672"
- name: RABBITMQ_MANAGEMENT_URL
value: http://airm-rabbitmq.airm.svc.cluster.local:15672/api
- name: RABBITMQ_ADMIN_USER
valueFrom:
secretKeyRef:
key: username
name: airm-rabbitmq-admin
- name: RABBITMQ_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: airm-rabbitmq-admin
- name: KEYCLOAK_ADMIN_SERVER_URL
value: http://keycloak.keycloak.svc.cluster.local:8080
- name: KEYCLOAK_REALM
value: airm
- name: KEYCLOAK_ADMIN_CLIENT_ID
valueFrom:
secretKeyRef:
key: client-id
name: airm-keycloak-admin-client
- name: KEYCLOAK_ADMIN_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client-secret
name: airm-keycloak-admin-client
- name: MINIO_URL
value: http://minio.minio-tenant-default.svc.cluster.local:80
- name: MINIO_BUCKET
value: default-bucket
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
key: minio-access-key
name: airm-api-minio-credentials
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
key: minio-secret-key
name: airm-api-minio-credentials
- name: PROMETHEUS_URL
value: http://lgtm-stack.otel-lgtm-stack.svc.cluster.local:9090
image: ghcr.io/silogen/airm-api:v2025.09.001
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /v1/health
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
name: airm
ports:
- containerPort: 8080
- containerPort: 9009
readinessProbe:
failureThreshold: 3
httpGet:
path: /v1/health
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
resources:
limits:
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
initContainers:
- command:
- sh
- -c
- |
until pg_isready -h "airm-cnpg-rw.airm.svc.cluster.local" -p 5432 -U postgres; do
echo "Waiting for database..."
sleep 2
done
echo "Database is ready!"
image: postgres@sha256:5d14c08a257610d8e27c52ce0f10de5d9cce4c232e1277d44d7d6fb628b3d1a7 # Original tag: 17-alpine
name: wait-for-db
- command:
- sh
- -c
- cp /code/migrations/* /mnt/code/migrations/
image: ghcr.io/silogen/airm-api:v2025.09.001
imagePullPolicy: IfNotPresent
name: init-migration-scripts
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /mnt/code/migrations
name: airm-migration-volume
- command:
- liquibase
- --url=jdbc:postgresql://airm-cnpg-rw.airm.svc.cluster.local:5432/airm
- --username=$(DATABASE_USER)
- --password=$(DATABASE_PASSWORD)
- --logLevel=INFO
- --changeLogFile=changelog/changelog.xml
- update
env:
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: airm-cnpg-user
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: airm-cnpg-user
image: docker.io/liquibase/liquibase@sha256:dc2e5237941efb92cc6ae0cffd40a5b6f476559d5ed20fd7ca711df4895997a3 # Original tag: 4.31
imagePullPolicy: IfNotPresent
name: liquibase-migrate
volumeMounts:
- mountPath: /liquibase/changelog
name: airm-migration-volume
readOnly: true
- command:
- uv
- run
- -m
- app.charts.registration
env:
- name: DATABASE_HOST
value: airm-cnpg-rw.airm.svc.cluster.local
- name: DATABASE_PORT
value: "5432"
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: airm-cnpg-user
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: airm-cnpg-user
- name: RABBITMQ_HOST
value: airm-rabbitmq.airm.svc.cluster.local
- name: RABBITMQ_PORT
value: "5672"
- name: RABBITMQ_MANAGEMENT_URL
value: http://airm-rabbitmq.airm.svc.cluster.local:15672/api
- name: RABBITMQ_ADMIN_USER
valueFrom:
secretKeyRef:
key: username
name: airm-rabbitmq-admin
- name: RABBITMQ_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: airm-rabbitmq-admin
image: ghcr.io/silogen/airm-api:v2025.09.001
imagePullPolicy: IfNotPresent
name: charts-registration
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
- command:
- /bin/bash
- -c
- apt-get update -y 1> /dev/null 2>&1 && apt-get install ncat -y 1> /dev/null 2>&1 && while ! nc -z "$ENDPOINT_URL_TO_CHECK" "$ENDPOINT_PORT_TO_CHECK"; do echo "Waiting for Airm rabbitmq at ${ENDPOINT_URL_TO_CHECK}:${ENDPOINT_PORT_TO_CHECK}..."; sleep 3; done; echo "Airm rabbitmq is accepting connections at ${ENDPOINT_URL_TO_CHECK}:${ENDPOINT_PORT_TO_CHECK}."; sleep 3; exit 0
env:
- name: ENDPOINT_URL_TO_CHECK
value: airm-rabbitmq.airm.svc.cluster.local
- name: ENDPOINT_PORT_TO_CHECK
value: "15672"
image: ubuntu@sha256:09506232a8004baa32c47d68f1e5c307d648fdd59f5e7eaa42aaf87914100db3 # Original tag: 22.04
imagePullPolicy: IfNotPresent
name: check-rabbitmq-is-ready
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- SETUID
- SETGID
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
drop:
- ALL
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault
volumes:
- emptyDir: {}
name: airm-migration-volume
Reference in New Issue View Git Blame Copy Permalink