domagoj/zavrsni-rad-otel-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
adb5c1a43983747bedb119728f85e0bd787fc2b5
zavrsni-rad-otel-app/k8s/microservices.yaml

278 lines
6.6 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Namespace
metadata:
name: bi-platform
---
apiVersion: v1
kind: ConfigMap
metadata:
name: bi-platform-config
namespace: bi-platform
data:
APP_ENV: "prod"
LOG_LEVEL: "INFO"
CORS_ORIGINS: "https://bi.example.com"
REQUIRE_FRONTEND_AUTH: "true"
FRONTEND_JWT_ISSUER_URL: "https://idp.example.com/realms/bi"
FRONTEND_JWT_JWKS_URL: "https://idp.example.com/realms/bi/protocol/openid-connect/certs"
FRONTEND_JWT_AUDIENCE: "otel-bi-api"
FRONTEND_JWT_ALGORITHM: "RS256"
FRONTEND_REQUIRED_SCOPES: "openid profile email"
FRONTEND_CLOCK_SKEW_SECONDS: "30"
INTERNAL_SERVICE_AUTH_ENABLED: "true"
INTERNAL_SERVICE_TOKEN_TTL_SECONDS: "120"
INTERNAL_SERVICE_TOKEN_AUDIENCE: "bi-internal"
INTERNAL_SERVICE_ALLOWED_ISSUERS: "api-gateway"
INTERNAL_TOKEN_CLOCK_SKEW_SECONDS: "15"
QUERY_SERVICE_URL: "http://bi-query.bi-platform.svc.cluster.local:8000"
ANALYTICS_SERVICE_URL: "http://analytics.bi-platform.svc.cluster.local:8000"
PERSISTENCE_SERVICE_URL: "http://persistence.bi-platform.svc.cluster.local:8000"
OTEL_COLLECTOR_ENDPOINT: "http://alloy.monitoring.svc.cluster.local:4318"
---
apiVersion: v1
kind: Secret
metadata:
name: bi-platform-secrets
namespace: bi-platform
type: Opaque
stringData:
MSSQL_HOST: "mssql.dw.svc.cluster.local"
MSSQL_PORT: "1433"
MSSQL_USERNAME: "readonly_user"
MSSQL_PASSWORD: "readonly_password"
POSTGRES_HOST: "postgres.app.svc.cluster.local"
POSTGRES_PORT: "5432"
POSTGRES_DATABASE: "otel_bi_app"
POSTGRES_USERNAME: "otel_bi_app"
POSTGRES_PASSWORD: "otel_bi_app"
POSTGRES_REQUIRED: "true"
INTERNAL_SERVICE_SHARED_SECRET: "replace-with-strong-random-secret-min-32-bytes"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
namespace: bi-platform
spec:
replicas: 2
selector:
matchLabels:
app: api-gateway
template:
metadata:
labels:
app: api-gateway
spec:
automountServiceAccountToken: false
containers:
- name: api-gateway
image: ghcr.io/your-org/otel-bi-backend:latest
imagePullPolicy: IfNotPresent
command:
[
"uvicorn",
"microservices.api_gateway.main:app",
"--host",
"0.0.0.0",
"--port",
"8000",
]
envFrom:
- configMapRef:
name: bi-platform-config
- secretRef:
name: bi-platform-secrets
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsNonRoot: true
runAsUser: 10001
seccompProfile:
type: RuntimeDefault
ports:
- containerPort: 8000
---
apiVersion: v1
kind: Service
metadata:
name: api-gateway
namespace: bi-platform
spec:
selector:
app: api-gateway
ports:
- port: 8000
targetPort: 8000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bi-query
namespace: bi-platform
spec:
replicas: 2
selector:
matchLabels:
app: bi-query
template:
metadata:
labels:
app: bi-query
spec:
automountServiceAccountToken: false
containers:
- name: bi-query
image: ghcr.io/your-org/otel-bi-backend:latest
imagePullPolicy: IfNotPresent
command:
[
"uvicorn",
"microservices.bi_query.main:app",
"--host",
"0.0.0.0",
"--port",
"8000",
]
envFrom:
- configMapRef:
name: bi-platform-config
- secretRef:
name: bi-platform-secrets
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsNonRoot: true
runAsUser: 10001
seccompProfile:
type: RuntimeDefault
ports:
- containerPort: 8000
---
apiVersion: v1
kind: Service
metadata:
name: bi-query
namespace: bi-platform
spec:
selector:
app: bi-query
ports:
- port: 8000
targetPort: 8000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: analytics
namespace: bi-platform
spec:
replicas: 2
selector:
matchLabels:
app: analytics
template:
metadata:
labels:
app: analytics
spec:
automountServiceAccountToken: false
containers:
- name: analytics
image: ghcr.io/your-org/otel-bi-backend:latest
imagePullPolicy: IfNotPresent
command:
[
"uvicorn",
"microservices.analytics.main:app",
"--host",
"0.0.0.0",
"--port",
"8000",
]
envFrom:
- configMapRef:
name: bi-platform-config
- secretRef:
name: bi-platform-secrets
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsNonRoot: true
runAsUser: 10001
seccompProfile:
type: RuntimeDefault
ports:
- containerPort: 8000
---
apiVersion: v1
kind: Service
metadata:
name: analytics
namespace: bi-platform
spec:
selector:
app: analytics
ports:
- port: 8000
targetPort: 8000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: persistence
namespace: bi-platform
spec:
replicas: 2
selector:
matchLabels:
app: persistence
template:
metadata:
labels:
app: persistence
spec:
automountServiceAccountToken: false
containers:
- name: persistence
image: ghcr.io/your-org/otel-bi-backend:latest
imagePullPolicy: IfNotPresent
command:
[
"uvicorn",
"microservices.persistence.main:app",
"--host",
"0.0.0.0",
"--port",
"8000",
]
envFrom:
- configMapRef:
name: bi-platform-config
- secretRef:
name: bi-platform-secrets
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsNonRoot: true
runAsUser: 10001
seccompProfile:
type: RuntimeDefault
ports:
- containerPort: 8000
---
apiVersion: v1
kind: Service
metadata:
name: persistence
namespace: bi-platform
spec:
selector:
app: persistence
ports:
- port: 8000
targetPort: 8000
Reference in New Issue View Git Blame Copy Permalink