# ================================================== # deployment/manifest/deployment/intelligence-service-deployment.yaml # ================================================== apiVersion: apps/v1 kind: Deployment metadata: name: intelligence-service namespace: team1tier-healthsync-intelligence-ns labels: app: intelligence-service component: backend tier: api spec: revisionHistoryLimit: 3 replicas: 2 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: intelligence-service template: metadata: labels: app: intelligence-service component: backend environment: production team: team1tier annotations: prometheus.io/scrape: "true" prometheus.io/port: "8083" prometheus.io/path: "/metrics" spec: # Image Pull Secret imagePullSecrets: - name: acr-secret # 보안 컨텍스트 securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 1000 containers: - name: intelligence-service # 이미지는 Kustomize에서 자동으로 치환됨 image: acrhealthsync01.azurecr.io/team1tier/intelligence-service:1.3.3 imagePullPolicy: Always ports: - name: http containerPort: 8083 protocol: TCP # 환경변수 설정 envFrom: - configMapRef: name: intelligence-service-configmap - secretRef: name: intelligence-service-secret # 추가 환경변수 env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName # 리소스 제한 resources: requests: cpu: "200m" memory: "512Mi" ephemeral-storage: "1Gi" limits: cpu: "1000m" memory: "1Gi" ephemeral-storage: "2Gi" # Startup Probe: 초기 시작 확인 (최대 3분 대기) # startupProbe: # httpGet: # path: /api/v1/health/status # port: http # scheme: HTTP # initialDelaySeconds: 30 # periodSeconds: 10 # timeoutSeconds: 5 # failureThreshold: 18 # 30초 + (18 * 10초) = 최대 3분 # successThreshold: 1 # Readiness Probe: 트래픽 수신 준비 확인 # readinessProbe: # httpGet: # path: /api/v1/health/status # port: http # scheme: HTTP # initialDelaySeconds: 5 # periodSeconds: 5 # timeoutSeconds: 3 # failureThreshold: 3 # successThreshold: 1 # Liveness Probe: 서비스 생존 확인 # livenessProbe: # httpGet: # path: /api/v1/health/status # port: http # scheme: HTTP # initialDelaySeconds: 60 # periodSeconds: 10 # timeoutSeconds: 5 # failureThreshold: 3 # successThreshold: 1 # 보안 컨텍스트 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000 capabilities: drop: - ALL # 볼륨 마운트 (로그 수집용) volumeMounts: - name: tmp-volume mountPath: /tmp - name: cache-volume mountPath: /app/cache # 볼륨 정의 volumes: - name: tmp-volume emptyDir: {} - name: cache-volume emptyDir: {} # DNS 설정 dnsPolicy: ClusterFirst # 재시작 정책 restartPolicy: Always # 스케줄링 설정 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - intelligence-service topologyKey: kubernetes.io/hostname