bootstrap ircs-prod gitops config

2026-06-14 11:46:13 +08:00
commit f83d1157b1
41 changed files with 3879 additions and 0 deletions
@@ -0,0 +1,113 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ircs-credential-service
+  namespace: ircs-prod
+  labels:
+    app: ircs-credential-service
+    app.kubernetes.io/part-of: ircs
+    environment: prod
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: ircs-credential-service
+  template:
+    metadata:
+      labels:
+        app: ircs-credential-service
+        app.kubernetes.io/part-of: ircs
+        environment: prod
+    spec:
+      imagePullSecrets:
+        - name: harbor-secret
+      containers:
+        - name: app
+          image: harbor.mnnu.eu.org/ircs/ircs-credential-service@sha256:327c7307de0547d7d320010cffcee2f098cddb4ade6a94d8020c864809078eda
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8080
+          envFrom:
+            - configMapRef:
+                name: ircs-prod-app-config
+          env:
+            - name: SPRING_APPLICATION_NAME
+              value: ircs-credential-service
+            - name: SPRING_DATASOURCE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: ircs-prod-app-config
+                  key: DB_URL
+            - name: SPRING_DATASOURCE_USERNAME
+              value: postgres
+            - name: SPRING_DATASOURCE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: ircs-prod-secrets
+                  key: DB_PASSWORD
+            - name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
+              value: "2"
+            - name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
+              value: "0"
+            - name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
+              value: "30000"
+            - name: APP_CREDENTIAL_SERVICE_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: ircs-prod-secrets
+                  key: SERVICE_CREDENTIAL_TOKEN
+            - name: APP_CREDENTIAL_INITIALIZER_ENABLED
+              value: "true"
+            - name: APP_CREDENTIAL_INITIALIZER_FILE_PATH
+              value: /etc/ircs/init/credentials.json
+            - name: APP_CREDENTIAL_INITIALIZER_CLASSPATH_FALLBACK_ENABLED
+              value: "true"
+            - name: APP_CREDENTIAL_CACHE_ENABLED
+              value: "true"
+            - name: APP_CREDENTIAL_CACHE_SUMMARY_TTL
+              value: PT60S
+          startupProbe:
+            httpGet:
+              path: /actuator/health/liveness
+              port: http
+            failureThreshold: 30
+            periodSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: http
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /actuator/health/liveness
+              port: http
+            periodSeconds: 30
+          resources:
+            requests:
+              cpu: 25m
+              memory: 128Mi
+            limits:
+              cpu: 250m
+              memory: 512Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ircs-credential-service
+  namespace: ircs-prod
+  labels:
+    app: ircs-credential-service
+    app.kubernetes.io/part-of: ircs
+    environment: prod
+spec:
+  type: ClusterIP
+  selector:
+    app: ircs-credential-service
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+