apiVersion: apps/v1 kind: Deployment metadata: name: mic-after-work-server-impl-quarkus-main namespace: applications labels: app: mic-after-work-server-impl-quarkus-main version: "1.0.0" environment: production component: application project: lions-infrastructure-2025 annotations: description: "AfterWork API - Application sociale déployée via lionsctl" lionsctl.lions.dev/deployed-by: "lionsctl" spec: replicas: 1 revisionHistoryLimit: 3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: mic-after-work-server-impl-quarkus-main template: metadata: labels: app: mic-after-work-server-impl-quarkus-main version: "1.0.0" component: application project: lions-infrastructure-2025 annotations: # Prometheus scraping - Lions Prometheus auto-découvre via ces annotations prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "/afterwork/q/metrics" spec: securityContext: runAsNonRoot: true runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 seccompProfile: type: RuntimeDefault terminationGracePeriodSeconds: 30 containers: - name: mic-after-work-server-impl-quarkus-main image: registry.lions.dev/lionsdev/mic-after-work-server-impl-quarkus-main:latest imagePullPolicy: Always ports: - containerPort: 8080 name: http protocol: TCP # Variables d'environnement depuis ConfigMap et Secrets envFrom: - configMapRef: name: afterwork-config - secretRef: name: afterwork-secrets env: # Override explicites pour Quarkus - name: QUARKUS_DATASOURCE_DB_KIND value: "postgresql" - name: QUARKUS_DATASOURCE_USERNAME valueFrom: configMapKeyRef: name: afterwork-config key: DB_USERNAME - name: QUARKUS_DATASOURCE_PASSWORD valueFrom: secretKeyRef: name: afterwork-secrets key: DB_PASSWORD - name: QUARKUS_DATASOURCE_JDBC_URL value: "jdbc:postgresql://$(DB_HOST):$(DB_PORT)/$(DB_NAME)" # Kafka - Lions Kafka cluster - name: KAFKA_BOOTSTRAP_SERVERS valueFrom: configMapKeyRef: name: afterwork-config key: KAFKA_BOOTSTRAP_SERVERS # JWT - name: SMALLRYE_JWT_SIGN_KEY valueFrom: secretKeyRef: name: afterwork-secrets key: JWT_SECRET - name: MP_JWT_VERIFY_ISSUER valueFrom: configMapKeyRef: name: afterwork-config key: JWT_ISSUER # Java options - name: JAVA_OPTS value: "-Xms256m -Xmx512m -Djava.util.logging.manager=org.jboss.logmanager.LogManager" resources: requests: memory: "512Mi" cpu: "200m" limits: memory: "1Gi" cpu: "1000m" # Health checks HTTP (utilisent les endpoints SmallRye Health) livenessProbe: httpGet: path: /afterwork/q/health/live port: 8080 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /afterwork/q/health/ready port: 8080 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 # Startup probe pour éviter les kills pendant le démarrage startupProbe: httpGet: path: /afterwork/q/health/started port: 8080 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 30 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1001 runAsGroup: 1001 capabilities: drop: - ALL volumeMounts: - name: tmp-volume mountPath: /tmp - name: logs-volume mountPath: /app/logs volumes: - name: tmp-volume emptyDir: {} - name: logs-volume emptyDir: {} imagePullSecrets: - name: lionsregistry-secret restartPolicy: Always