# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Service metadata: labels: application: bank-of-anthos environment: development team: accounts tier: backend name: contacts spec: ports: - name: http port: 8080 targetPort: 8080 selector: app: contacts application: bank-of-anthos environment: development team: accounts tier: backend type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: labels: application: bank-of-anthos environment: development team: accounts tier: backend name: contacts spec: selector: matchLabels: app: contacts application: bank-of-anthos environment: development team: accounts tier: backend template: metadata: annotations: proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }' labels: app: contacts application: bank-of-anthos environment: development team: accounts tier: backend spec: containers: - env: - name: VERSION value: v0.6.6 - name: PORT value: "8080" - name: ENABLE_TRACING value: "true" - name: LOG_LEVEL value: info envFrom: - configMapRef: name: environment-config - configMapRef: name: accounts-db-config image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/contacts:v0.6.6@sha256:df90fc69dff90628ecdae4c785ed2447c28c2145002ef04779103843c1ded587 name: contacts readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 10 resources: limits: cpu: 250m ephemeral-storage: 0.25Gi memory: 128Mi requests: cpu: 100m ephemeral-storage: 0.25Gi memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - all privileged: false readOnlyRootFilesystem: true volumeMounts: - mountPath: /tmp name: tmp - mountPath: /tmp/.ssh name: publickey readOnly: true securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 serviceAccountName: bank-of-anthos terminationGracePeriodSeconds: 5 volumes: - emptyDir: {} name: tmp - name: publickey secret: items: - key: jwtRS256.key.pub path: publickey secretName: jwt-key