commit 90bf7df763ddd24b8249fa48fbf58c9568af556a
Author: mayank <mayank@gmail.com>
Date:   Wed Mar 11 12:18:52 2026 +0530

    first commit

diff --git a/checkout/deployment.yaml b/checkout/deployment.yaml
new file mode 100644
index 0000000..94b95b1
--- /dev/null
+++ b/checkout/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: checkout-sa
+  namespace: payments
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: checkout
+  namespace: payments
+  labels:
+    app: checkout
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: checkout
+  template:
+    metadata:
+      labels:
+        app: checkout
+    spec:
+      serviceAccountName: checkout-sa
+      containers:
+      - name: checkout
+        image: YOUR_REGISTRY/{{ ORG_NAME }}-project/checkout:latest
+        env:
+        - name: PAYMENT_API_URL
+          value: "http://payment-api:8080/transactions"
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "100m"
+          limits:
+            memory: "128Mi"
+            cpu: "200m"
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 1000
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+        volumeMounts:
+        - name: tmp
+          mountPath: /tmp
+      volumes:
+      - name: tmp
+        emptyDir: {}
+      imagePullSecrets:
+      - name: harbor-secret
diff --git a/payment-api/deployment.yaml b/payment-api/deployment.yaml
new file mode 100644
index 0000000..8546408
--- /dev/null
+++ b/payment-api/deployment.yaml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: payment-api
+  namespace: payments
+  labels:
+    app: payment-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: payment-api
+  template:
+    metadata:
+      labels:
+        app: payment-api
+    spec:
+      containers:
+      - name: payment-api
+        image: YOUR_REGISTRY/{{ ORG_NAME }}-project/payment-api:latest
+        ports:
+        - containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "100m"
+          limits:
+            memory: "128Mi"
+            cpu: "200m"
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 1000
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+        volumeMounts:
+        - name: tmp
+          mountPath: /tmp
+      volumes:
+      - name: tmp
+        emptyDir: {}
+      imagePullSecrets:
+      - name: harbor-secret
diff --git a/payment-api/service.yaml b/payment-api/service.yaml
new file mode 100644
index 0000000..e27e7b7
--- /dev/null
+++ b/payment-api/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: payment-api
+  namespace: payments
+  labels:
+    app: payment-api
+spec:
+  type: ClusterIP
+  selector:
+    app: payment-api
+  ports:
+  - port: 8080
+    targetPort: 8080
+    protocol: TCP
diff --git a/phoenix/deployment.yaml b/phoenix/deployment.yaml
new file mode 100644
index 0000000..8e4679b
--- /dev/null
+++ b/phoenix/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phoenix-app
+  namespace: web
+  labels:
+    app: phoenix-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phoenix-app
+  template:
+    metadata:
+      labels:
+        app: phoenix-app
+    spec:
+      serviceAccountName: phoenix-sa
+      hostPID: true
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      imagePullSecrets:
+      - name: harbor-secret
+      containers:
+      - name: phoenix-app
+        image: YOUR_REGISTRY/{{ ORG_NAME }}-project/phoenix:latest
+        ports:
+        - containerPort: 8080
+          hostPort: 8080
+        env:
+        - name: DEBUG_PATH
+          valueFrom:
+            configMapKeyRef:
+              name: phoenix-config
+              key: DEBUG_PATH
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: host-root
+          mountPath: /host
+      volumes:
+      - name: host-root
+        hostPath:
+          path: /
diff --git a/phoenix/rbac.yaml b/phoenix/rbac.yaml
new file mode 100644
index 0000000..e9fa6dc
--- /dev/null
+++ b/phoenix/rbac.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: phoenix-sa
+  namespace: web
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: phoenix-role
+  namespace: web
+rules:
+- apiGroups: [""]
+  resources: ["*"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["apps"]
+  resources: ["*"]
+  verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: phoenix-binding
+  namespace: web
+subjects:
+- kind: ServiceAccount
+  name: phoenix-sa
+  namespace: web
+roleRef:
+  kind: Role
+  name: phoenix-role
+  apiGroup: rbac.authorization.k8s.io
diff --git a/phoenix/service.yaml b/phoenix/service.yaml
new file mode 100644
index 0000000..c918b08
--- /dev/null
+++ b/phoenix/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: phoenix-app
+  namespace: web
+spec:
+  type: LoadBalancer
+  selector:
+    app: phoenix-app
+  ports:
+  - port: 80
+    targetPort: 8080