apiVersion: apps/v1 kind: Deployment metadata: name: turash-backend namespace: turash labels: app: turash-backend component: backend version: v1 spec: replicas: 2 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: turash-backend template: metadata: labels: app: turash-backend component: backend version: v1 annotations: prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "/metrics" spec: containers: - name: backend image: registry.bk.glpx.pro/turash/turash-backend:latest imagePullPolicy: Always ports: - name: http containerPort: 8080 protocol: TCP envFrom: - configMapRef: name: turash-backend-config - secretRef: name: turash-backend-secret env: # Override PostgreSQL DSN with secret values - name: POSTGRES_DSN valueFrom: secretKeyRef: name: turash-backend-secret key: POSTGRES_DSN optional: true # Construct PostgreSQL DSN if not provided - name: POSTGRES_DSN value: "host=$(POSTGRES_HOST) port=$(POSTGRES_PORT) user=$(POSTGRES_USER) password=$(POSTGRES_PASSWORD) dbname=$(POSTGRES_DB) sslmode=$(POSTGRES_SSLMODE)" resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /health port: http initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 3 securityContext: runAsNonRoot: true runAsUser: 1000 allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL restartPolicy: Always terminationGracePeriodSeconds: 30