HealthSync_Manifest/HealthSync_Intelligence/manifest/deployment/intelligence-service-deployment.yaml

# ==================================================
# deployment/manifest/deployment/intelligence-service-deployment.yaml
# ==================================================
apiVersion: apps/v1
kind: Deployment
metadata:
  name: intelligence-service
  namespace: team1tier-healthsync-intelligence-ns
  labels:
    app: intelligence-service
    component: backend
    tier: api
spec:
  revisionHistoryLimit: 3
  replicas: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app: intelligence-service
  template:
    metadata:
      labels:
        app: intelligence-service
        component: backend
        environment: production
        team: team1tier
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "8083"
        prometheus.io/path: "/metrics"
    spec:
      # Image Pull Secret
      imagePullSecrets:
      - name: acr-secret
      
      # 보안 컨텍스트
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        fsGroup: 1000
      
      containers:
      - name: intelligence-service
        # 이미지는 Kustomize에서 자동으로 치환됨
        image: acrhealthsync01.azurecr.io/team1tier/intelligence-service:1.3.3
        imagePullPolicy: Always
        
        ports:
        - name: http
          containerPort: 8083
          protocol: TCP
        
        # 환경변수 설정
        envFrom:
        - configMapRef:
            name: intelligence-service-configmap
        - secretRef:
            name: intelligence-service-secret
        
        # 추가 환경변수
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        
        # 리소스 제한
        resources:
          requests:
            cpu: "200m"
            memory: "512Mi"
            ephemeral-storage: "1Gi"
          limits:
            cpu: "1000m"
            memory: "1Gi"
            ephemeral-storage: "2Gi"
        
        # Startup Probe: 초기 시작 확인 (최대 3분 대기)
        #        startupProbe:
        # httpGet:
        #    path: /api/v1/health/status
        #            port: http
        #   scheme: HTTP
        #  initialDelaySeconds: 30
        #  periodSeconds: 10
        #  timeoutSeconds: 5
        #  failureThreshold: 18  # 30초 + (18 * 10초) = 최대 3분
        #  successThreshold: 1
        
        # Readiness Probe: 트래픽 수신 준비 확인
        #  readinessProbe:
        #  httpGet:
        #    path: /api/v1/health/status
        #       port: http
        #    scheme: HTTP
        #  initialDelaySeconds: 5
        #  periodSeconds: 5
        #  timeoutSeconds: 3
        #  failureThreshold: 3
        #  successThreshold: 1
        
        # Liveness Probe: 서비스 생존 확인
        #  livenessProbe:
        #   httpGet:
        #    path: /api/v1/health/status
        #    port: http
        #       scheme: HTTP
        #  initialDelaySeconds: 60
        #  periodSeconds: 10
        #  timeoutSeconds: 5
        #  failureThreshold: 3
        #  successThreshold: 1
        
        # 보안 컨텍스트
        securityContext:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: false
          runAsNonRoot: true
          runAsUser: 1000
          capabilities:
            drop:
            - ALL
        
        # 볼륨 마운트 (로그 수집용)
        volumeMounts:
        - name: tmp-volume
          mountPath: /tmp
        - name: cache-volume
          mountPath: /app/cache
      
      # 볼륨 정의
      volumes:
      - name: tmp-volume
        emptyDir: {}
      - name: cache-volume
        emptyDir: {}
      
      # DNS 설정
      dnsPolicy: ClusterFirst
      
      # 재시작 정책
      restartPolicy: Always
      
      # 스케줄링 설정
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - intelligence-service
              topologyKey: kubernetes.io/hostname