first commit

2026-03-11 12:18:52 +05:30 · 2026-03-11 12:18:52 +05:30 · 90bf7df763
commit 90bf7df763
6 changed files with 213 additions and 0 deletions
--- a/checkout/deployment.yaml
+++ b/checkout/deployment.yaml
@ -0,0 +1,50 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: checkout-sa
+  namespace: payments
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: checkout
+  namespace: payments
+  labels:
+    app: checkout
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: checkout
+  template:
+    metadata:
+      labels:
+        app: checkout
+    spec:
+      serviceAccountName: checkout-sa
+      containers:
+      - name: checkout
+        image: YOUR_REGISTRY/{{ ORG_NAME }}-project/checkout:latest
+        env:
+        - name: PAYMENT_API_URL
+          value: "http://payment-api:8080/transactions"
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "100m"
+          limits:
+            memory: "128Mi"
+            cpu: "200m"
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 1000
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+        volumeMounts:
+        - name: tmp
+          mountPath: /tmp
+      volumes:
+      - name: tmp
+        emptyDir: {}
+      imagePullSecrets:
+      - name: harbor-secret
--- a/payment-api/deployment.yaml
+++ b/payment-api/deployment.yaml
@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: payment-api
+  namespace: payments
+  labels:
+    app: payment-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: payment-api
+  template:
+    metadata:
+      labels:
+        app: payment-api
+    spec:
+      containers:
+      - name: payment-api
+        image: YOUR_REGISTRY/{{ ORG_NAME }}-project/payment-api:latest
+        ports:
+        - containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "100m"
+          limits:
+            memory: "128Mi"
+            cpu: "200m"
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 1000
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+        volumeMounts:
+        - name: tmp
+          mountPath: /tmp
+      volumes:
+      - name: tmp
+        emptyDir: {}
+      imagePullSecrets:
+      - name: harbor-secret
--- a/payment-api/service.yaml
+++ b/payment-api/service.yaml
@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: payment-api
+  namespace: payments
+  labels:
+    app: payment-api
+spec:
+  type: ClusterIP
+  selector:
+    app: payment-api
+  ports:
+  - port: 8080
+    targetPort: 8080
+    protocol: TCP
--- a/phoenix/deployment.yaml
+++ b/phoenix/deployment.yaml
@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phoenix-app
+  namespace: web
+  labels:
+    app: phoenix-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phoenix-app
+  template:
+    metadata:
+      labels:
+        app: phoenix-app
+    spec:
+      serviceAccountName: phoenix-sa
+      hostPID: true
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      imagePullSecrets:
+      - name: harbor-secret
+      containers:
+      - name: phoenix-app
+        image: YOUR_REGISTRY/{{ ORG_NAME }}-project/phoenix:latest
+        ports:
+        - containerPort: 8080
+          hostPort: 8080
+        env:
+        - name: DEBUG_PATH
+          valueFrom:
+            configMapKeyRef:
+              name: phoenix-config
+              key: DEBUG_PATH
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: host-root
+          mountPath: /host
+      volumes:
+      - name: host-root
+        hostPath:
+          path: /
--- a/phoenix/rbac.yaml
+++ b/phoenix/rbac.yaml
@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: phoenix-sa
+  namespace: web
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: phoenix-role
+  namespace: web
+rules:
+- apiGroups: [""]
+  resources: ["*"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["apps"]
+  resources: ["*"]
+  verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: phoenix-binding
+  namespace: web
+subjects:
+- kind: ServiceAccount
+  name: phoenix-sa
+  namespace: web
+roleRef:
+  kind: Role
+  name: phoenix-role
+  apiGroup: rbac.authorization.k8s.io
--- a/phoenix/service.yaml
+++ b/phoenix/service.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: phoenix-app
+  namespace: web
+spec:
+  type: LoadBalancer
+  selector:
+    app: phoenix-app
+  ports:
+  - port: 80
+    targetPort: 8080