-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathpythonrestapi.yml
155 lines (155 loc) · 4.81 KB
/
pythonrestapi.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: pythonrestapi
labels:
app: pythonrestapi
component: pythonrestapi
spec:
serviceName: svc-pythonrestapi
podManagementPolicy: Parallel # Default is OrderedReady
replicas: 2 # Default is 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: pythonrestapi # Has to match .spec.template.metadata.labels
component: pythonrestapi
template:
metadata:
labels:
app: pythonrestapi # Has to match .spec.selector.matchLabels
component: pythonrestapi
spec:
terminationGracePeriodSeconds: 10
# affinity:
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - pythonrestapi
# topologyKey: "kubernetes.io/hostname"
containers:
- name: pythonrestapi
image: khteh/pythonrestapi:latest
imagePullPolicy: Always
env:
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: postgresql-secret
key: postgresql-user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: postgresql-secret
key: postgresql-password
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https-udp
protocol: UDP
startupProbe: # failureThreshold * periodSeconds long enough to cover the worst case startup time
httpGet:
path: /health/ready
port: https-udp
scheme: HTTPS
#httpHeaders:
# - name: Host
# value: khteh.com
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 10
failureThreshold: 3
successThreshold: 1
readinessProbe:
httpGet:
path: /health/ready
port: https-udp
scheme: HTTPS
#httpHeaders:
# - name: Host
# value: khteh.com
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 10
failureThreshold: 3
successThreshold: 1
livenessProbe:
httpGet:
path: /health/live
port: https-udp
scheme: HTTPS
#httpHeaders:
# - name: Host
# value: khteh.com
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 10
failureThreshold: 3
successThreshold: 1
volumeMounts:
- name: pythonrestapi-config
mountPath: /etc/pythonrestapi_config.json
subPath: pythonrestapi_config.json
readOnly: true
- name: hypercorn-config
mountPath: /etc/hypercorn.toml
subPath: hypercorn.toml
readOnly: true
- name: log
mountPath: /var/log/pythonrestapi
- name: hypercornlog
mountPath: /var/log/hypercorn
resources:
limits:
cpu: 500m
memory: 2Gi
- name: fluentd
image: khteh/fluentd:latest
volumeMounts:
- name: log
mountPath: /var/log/pythonrestapi
- name: hypercornlog
mountPath: /var/log/hypercorn
- name: pythonrestapi-fluentd-config
mountPath: /etc/td-agent
- name: access-log-template
mountPath: /tmp/access_log_template.json
subPath: access_log_template.json
readOnly: true
#- mountPath: /fluentd/elastic/tls.crt
# name: elasticsearch-ca
# subPath: tls.crt
# readOnly: true
resources:
limits:
cpu: 500m
memory: 2Gi
volumes:
- name: hypercorn-config
configMap:
name: hypercorn-config
- name: pythonrestapi-config
configMap:
name: pythonrestapi
- name: pythonrestapi-fluentd-config
configMap:
name: pythonrestapi-fluentd-config
- name: access-log-template
configMap:
name: access-log-template
- name: log
emptyDir: {}
- name: hypercornlog
emptyDir: {}
#- name: elasticsearch-ca
# secret:
# defaultMode: 420
# optional: false
# secretName: elasticsearch-eck-ca