.k8s/live/production/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: claim-for-crown-court-defence
namespace: cccd-production
spec:
replicas: 4
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 100%
selector:
matchLabels:
app: cccd
template:
metadata:
labels:
app: cccd
spec:
serviceAccountName: cccd-production-service
containers:
- name: cccd-app
imagePullPolicy: Always
image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/laa-get-paid/cccd:set-me
ports:
- containerPort: 3000
readinessProbe:
httpGet:
path: /ping.json
port: 3000
httpHeaders:
- name: X-Forwarded-Proto
value: https
- name: X-Forwarded-Ssl
value: "on"
initialDelaySeconds: 15
periodSeconds: 30
livenessProbe:
httpGet:
path: /ping.json
port: 3000
httpHeaders:
- name: X-Forwarded-Proto
value: https
- name: X-Forwarded-Ssl
value: "on"
initialDelaySeconds: 30
periodSeconds: 60
securityContext:
capabilities:
drop:
- ALL
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
lifecycle:
preStop:
exec:
command: ["/bin/sleep","30"]
# configMapRef: non-secret env vars defined in `app-config.yaml`
# secretRef: secret env vars defined by app secrets
# WHERE env var name matches key name
#
envFrom:
- configMapRef:
name: cccd-app-config
- secretRef:
name: cccd-secrets
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: cccd-rds
key: url
- name: SETTINGS__AWS__S3__BUCKET
valueFrom:
secretKeyRef:
name: cccd-s3-bucket
key: bucket_name
- name: SETTINGS__AWS__SNS__SUBMITTED_TOPIC_ARN
valueFrom:
secretKeyRef:
name: cccd-messaging
key: topic_arn
- name: AWS_RESPONSE_QUEUE_NAME
valueFrom:
secretKeyRef:
name: cccd-messaging
key: sqs_cccd_name
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: cccd-elasticache-redis
key: url