165 lines
4.1 KiB
YAML
165 lines
4.1 KiB
YAML
# deployment/manifests/deployment.yaml.fixed
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: vector-api
|
|
labels:
|
|
app: vector-api
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: vector-api
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: vector-api
|
|
spec:
|
|
# 🔧 볼륨 권한 설정을 위한 initContainer
|
|
initContainers:
|
|
- name: volume-permissions
|
|
image: busybox:1.35
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
echo "=== 볼륨 권한 설정 시작 ==="
|
|
mkdir -p /app/vectordb
|
|
chown -R 1000:1000 /app/vectordb
|
|
chmod -R 755 /app/vectordb
|
|
echo "=== 볼륨 권한 설정 완료 ==="
|
|
volumeMounts:
|
|
- name: vector-db-storage
|
|
mountPath: /app/vectordb
|
|
securityContext:
|
|
runAsUser: 0
|
|
|
|
containers:
|
|
- name: vector-api
|
|
image: acrdigitalgarage03.azurecr.io/vector-api:latest
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- containerPort: 8000
|
|
|
|
# 🔧 보안 컨텍스트
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
|
|
# 🔧 리소스 설정
|
|
resources:
|
|
requests:
|
|
memory: "4Gi"
|
|
cpu: "1000m"
|
|
limits:
|
|
memory: "8Gi"
|
|
cpu: "2000m"
|
|
|
|
# 🏥 헬스체크 설정
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 8000
|
|
initialDelaySeconds: 120
|
|
periodSeconds: 30
|
|
timeoutSeconds: 15
|
|
failureThreshold: 3
|
|
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 8000
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 10
|
|
timeoutSeconds: 10
|
|
failureThreshold: 3
|
|
|
|
# 📂 볼륨 마운트
|
|
volumeMounts:
|
|
- name: vector-db-storage
|
|
mountPath: /app/vectordb
|
|
|
|
# ConfigMap 환경 변수
|
|
envFrom:
|
|
- configMapRef:
|
|
name: vector-api-config
|
|
|
|
# 🌍 환경변수 설정 (인증 필드 제거)
|
|
env:
|
|
- name: PYTHONUNBUFFERED
|
|
value: "1"
|
|
- name: PYTHONDONTWRITEBYTECODE
|
|
value: "1"
|
|
# 🔧 ChromaDB 기본 설정 (인증 필드 제거)
|
|
- name: ANONYMIZED_TELEMETRY
|
|
value: "False"
|
|
- name: CHROMA_DB_IMPL
|
|
value: "duckdb+parquet"
|
|
- name: ALLOW_RESET
|
|
value: "True"
|
|
# 🔧 로그 레벨
|
|
- name: LOG_LEVEL
|
|
value: "info"
|
|
# 🔧 Claude API (ConfigMap에서 가져오기)
|
|
- name: CLAUDE_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: vector-api-secret
|
|
key: CLAUDE_API_KEY
|
|
- name: CLAUDE_MODEL
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: vector-api-config
|
|
key: CLAUDE_MODEL
|
|
# 🔧 기타 설정 (ConfigMap에서 가져오기)
|
|
- name: APP_TITLE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: vector-api-config
|
|
key: APP_TITLE
|
|
- name: APP_VERSION
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: vector-api-config
|
|
key: APP_VERSION
|
|
|
|
# 📦 볼륨 설정
|
|
volumes:
|
|
- name: vector-db-storage
|
|
persistentVolumeClaim:
|
|
claimName: vector-db-pvc
|
|
|
|
# 🔐 이미지 Pull Secret
|
|
imagePullSecrets:
|
|
- name: acr-secret
|
|
|
|
# 🎯 노드 선택 및 배치 설정
|
|
nodeSelector:
|
|
agentpool: aipool
|
|
|
|
tolerations:
|
|
- key: "dedicated"
|
|
operator: "Equal"
|
|
value: "aipool"
|
|
effect: "NoSchedule"
|
|
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- vector-api
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
restartPolicy: Always
|
|
dnsPolicy: ClusterFirst
|
|
|