164 lines
4.2 KiB
YAML
164 lines
4.2 KiB
YAML
# deployment/manifests/deployment.yaml - Base Image 호환 버전
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: vector-api
|
|
labels:
|
|
app: vector-api
|
|
version: v1.0.9
|
|
annotations:
|
|
deployment.kubernetes.io/revision: "9"
|
|
description: "Vector DB API with Base Image Compatibility"
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 0
|
|
maxSurge: 1
|
|
selector:
|
|
matchLabels:
|
|
app: vector-api
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: vector-api
|
|
version: v1.0.9
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "8000"
|
|
prometheus.io/path: "/metrics"
|
|
spec:
|
|
# 🔧 initContainer 제거 - Base Image 설정 그대로 사용
|
|
|
|
containers:
|
|
- name: vector-api
|
|
image: acrdigitalgarage03.azurecr.io/vector-api:latest
|
|
imagePullPolicy: Always
|
|
|
|
# 🔧 컨테이너 포트
|
|
ports:
|
|
- name: http
|
|
containerPort: 8000
|
|
protocol: TCP
|
|
|
|
# 🔧 환경변수 (ConfigMap만 사용, Poetry 설정 제외)
|
|
envFrom:
|
|
- configMapRef:
|
|
name: vector-api-config
|
|
env:
|
|
- name: CLAUDE_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: vector-api-secret
|
|
key: CLAUDE_API_KEY
|
|
- name: HOME
|
|
value: "/home/appuser"
|
|
- name: USER
|
|
value: "appuser"
|
|
# 🔧 Poetry 관련 환경변수 모두 제거 (Base Image 설정 유지)
|
|
# ❌ 제거: POETRY_CONFIG_DIR, POETRY_DATA_DIR, POETRY_CACHE_DIR
|
|
# ❌ 제거: POETRY_VENV_PATH, POETRY_VIRTUALENVS_IN_PROJECT
|
|
|
|
# 🗂️ 볼륨 마운트 (단순화)
|
|
volumeMounts:
|
|
- name: vector-db-storage
|
|
mountPath: /home/appuser/vectordb
|
|
- name: tmp-volume
|
|
mountPath: /tmp
|
|
|
|
# 🔧 보안 컨텍스트
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
|
|
# 🔧 리소스 설정
|
|
resources:
|
|
requests:
|
|
memory: "2Gi"
|
|
cpu: "500m"
|
|
limits:
|
|
memory: "4Gi"
|
|
cpu: "1000m"
|
|
|
|
# 🏥 헬스체크 (Base Image 가상환경 확인)
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
# Base Image 가상환경 확인
|
|
poetry run python -c "import fastapi; print('✅ 정상')" 2>/dev/null || exit 1
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 30
|
|
timeoutSeconds: 10
|
|
failureThreshold: 3
|
|
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
# Base Image 패키지 확인
|
|
poetry run python -c "import fastapi, uvicorn, pydantic; print('✅ 준비됨')" 2>/dev/null || exit 1
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
|
|
startupProbe:
|
|
exec:
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
# Poetry 환경 확인
|
|
poetry env info && poetry show | head -5
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
timeoutSeconds: 10
|
|
failureThreshold: 12 # 60초 대기
|
|
|
|
# 📦 볼륨 설정 (단순화)
|
|
volumes:
|
|
- name: vector-db-storage
|
|
emptyDir:
|
|
sizeLimit: 10Gi
|
|
- name: tmp-volume
|
|
emptyDir:
|
|
sizeLimit: 500Mi
|
|
|
|
# 🔐 ACR 접근
|
|
imagePullSecrets:
|
|
- name: acr-secret
|
|
|
|
# 🎯 노드 선택
|
|
nodeSelector:
|
|
agentpool: aipool
|
|
|
|
tolerations:
|
|
- key: "dedicated"
|
|
operator: "Equal"
|
|
value: "aipool"
|
|
effect: "NoSchedule"
|
|
|
|
# 🔧 Pod 레벨 보안
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
|
|
restartPolicy: Always
|
|
dnsPolicy: ClusterFirst
|
|
terminationGracePeriodSeconds: 30
|
|
|