Vapora/provisioning/schemas/platform/templates/kubernetes/deployment.yaml.j2

apiVersion: apps/v1
kind: Deployment
metadata:
  name: vapora-backend
  namespace: vapora
  labels:
    app: vapora
    component: backend
    deployment-mode: {{ deployment_mode }}
spec:
  replicas: {% if deployment_mode == 'enterprise' %}3{% elif deployment_mode == 'multiuser' %}2{% else %}1{% endif %}
  selector:
    matchLabels:
      app: vapora
      component: backend
  template:
    metadata:
      labels:
        app: vapora
        component: backend
        deployment-mode: {{ deployment_mode }}
      annotations:
        prometheus.io/scrape: "{{ monitoring.prometheus_enabled|lower }}"
        prometheus.io/port: "{{ backend.port }}"
        prometheus.io/path: "{{ monitoring.metrics_path }}"
    spec:
      serviceAccountName: vapora
      {% if security.tls_enabled %}
      securityContext:
        fsGroup: 65534
        runAsNonRoot: true
        runAsUser: 65534
      {% endif %}
      containers:
      - name: backend
        image: vapora/backend:latest
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
          containerPort: {{ backend.port }}
          protocol: TCP

        env:
        - name: DEPLOYMENT_MODE
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: deployment-mode
        - name: WORKSPACE_NAME
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: workspace-name
        - name: BACKEND_HOST
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: backend-host
        - name: BACKEND_PORT
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: backend-port
        - name: BACKEND_WORKERS
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: backend-workers
        - name: DATABASE_URL
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: backend-database-url
        - name: DATABASE_POOL_SIZE
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: backend-database-pool-size
        - name: DATABASE_USER
          valueFrom:
            secretKeyRef:
              name: vapora-secrets
              key: database-username
              optional: true
        - name: DATABASE_PASSWORD
          valueFrom:
            secretKeyRef:
              name: vapora-secrets
              key: database-password
              optional: true
        - name: JWT_SECRET
          valueFrom:
            secretKeyRef:
              name: vapora-secrets
              key: jwt-secret
              optional: true
        - name: LOG_LEVEL
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: monitoring-log-level
        - name: PROMETHEUS_ENABLED
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: monitoring-prometheus-enabled
        - name: TLS_ENABLED
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: security-tls-enabled
        {% if security.tls_enabled %}
        - name: TLS_CERT_PATH
          value: /etc/vapora/certs/tls.crt
        - name: TLS_KEY_PATH
          value: /etc/vapora/certs/tls.key
        {% endif %}

        resources:
          requests:
            memory: {% if deployment_mode == 'enterprise' %}"512Mi"{% elif deployment_mode == 'multiuser' %}"256Mi"{% else %}"128Mi"{% endif %}
            cpu: {% if deployment_mode == 'enterprise' %}"500m"{% elif deployment_mode == 'multiuser' %}"250m"{% else %}"100m"{% endif %}
          limits:
            memory: {% if deployment_mode == 'enterprise' %}"1Gi"{% elif deployment_mode == 'multiuser' %}"512Mi"{% else %}"256Mi"{% endif %}
            cpu: {% if deployment_mode == 'enterprise' %}"1000m"{% elif deployment_mode == 'multiuser' %}"500m"{% else %}"200m"{% endif %}

        livenessProbe:
          httpGet:
            path: /health
            port: http
            scheme: {% if security.tls_enabled %}HTTPS{% else %}HTTP{% endif %}
          initialDelaySeconds: 10
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 3

        readinessProbe:
          httpGet:
            path: /ready
            port: http
            scheme: {% if security.tls_enabled %}HTTPS{% else %}HTTP{% endif %}
          initialDelaySeconds: 5
          periodSeconds: 5
          timeoutSeconds: 3
          failureThreshold: 3

        volumeMounts:
        - name: config
          mountPath: /etc/vapora/config
          readOnly: true
        - name: storage
          mountPath: "{{ backend.storage.path }}"
        {% if security.tls_enabled %}
        - name: tls-certs
          mountPath: /etc/vapora/certs
          readOnly: true
        {% endif %}

      volumes:
      - name: config
        configMap:
          name: vapora-config
      - name: storage
        {% if deployment_mode == 'enterprise' %}
        persistentVolumeClaim:
          claimName: vapora-storage
        {% else %}
        emptyDir:
          sizeLimit: {% if deployment_mode == 'multiuser' %}"5Gi"{% else %}"1Gi"{% endif %}
        {% endif %}
      {% if security.tls_enabled %}
      - name: tls-certs
        secret:
          secretName: vapora-tls
          defaultMode: 0400
      {% endif %}

      {% if deployment_mode == 'enterprise' %}
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - vapora
              topologyKey: kubernetes.io/hostname
      {% endif %}

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: vapora-agents
  namespace: vapora
  labels:
    app: vapora
    component: agents
    deployment-mode: {{ deployment_mode }}
spec:
  replicas: {% if deployment_mode == 'enterprise' %}3{% elif deployment_mode == 'multiuser' %}2{% else %}1{% endif %}
  selector:
    matchLabels:
      app: vapora
      component: agents
  template:
    metadata:
      labels:
        app: vapora
        component: agents
        deployment-mode: {{ deployment_mode }}
    spec:
      serviceAccountName: vapora
      containers:
      - name: agents
        image: vapora/agents:latest
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
          containerPort: {{ agents.port }}
          protocol: TCP

        env:
        - name: AGENTS_HOST
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: agents-host
        - name: AGENTS_PORT
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: agents-port
        - name: AGENTS_MAX_INSTANCES
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: agents-max-instances
        - name: AGENTS_HEARTBEAT_INTERVAL
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: agents-heartbeat-interval
        - name: LEARNING_ENABLED
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: agents-learning-enabled
        - name: NATS_ENABLED
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: agents-nats-enabled
        - name: NATS_URL
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: nats-url

        resources:
          requests:
            memory: {% if deployment_mode == 'enterprise' %}"256Mi"{% elif deployment_mode == 'multiuser' %}"128Mi"{% else %}"64Mi"{% endif %}
            cpu: {% if deployment_mode == 'enterprise' %}"250m"{% elif deployment_mode == 'multiuser' %}"100m"{% else %}"50m"{% endif %}
          limits:
            memory: {% if deployment_mode == 'enterprise' %}"512Mi"{% elif deployment_mode == 'multiuser' %}"256Mi"{% else %}"128Mi"{% endif %}
            cpu: {% if deployment_mode == 'enterprise' %}"500m"{% elif deployment_mode == 'multiuser' %}"200m"{% else %}"100m"{% endif %}

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: vapora-llm-router
  namespace: vapora
  labels:
    app: vapora
    component: llm-router
    deployment-mode: {{ deployment_mode }}
spec:
  replicas: {% if deployment_mode == 'enterprise' %}2{% elif deployment_mode == 'multiuser' %}1{% else %}1{% endif %}
  selector:
    matchLabels:
      app: vapora
      component: llm-router
  template:
    metadata:
      labels:
        app: vapora
        component: llm-router
        deployment-mode: {{ deployment_mode }}
    spec:
      serviceAccountName: vapora
      containers:
      - name: llm-router
        image: vapora/llm-router:latest
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
          containerPort: {{ llm_router.port }}
          protocol: TCP

        env:
        - name: LLM_ROUTER_HOST
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: llm-router-host
        - name: LLM_ROUTER_PORT
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: llm-router-port
        - name: COST_TRACKING_ENABLED
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: llm-router-cost-tracking-enabled
        - name: CLAUDE_ENABLED
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: llm-router-claude-enabled
        - name: OPENAI_ENABLED
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: llm-router-openai-enabled
        - name: OLLAMA_URL
          valueFrom:
            configMapKeyRef:
              name: vapora-config
              key: llm-router-ollama-url
        - name: ANTHROPIC_API_KEY
          valueFrom:
            secretKeyRef:
              name: vapora-secrets
              key: anthropic-api-key
              optional: true
        - name: OPENAI_API_KEY
          valueFrom:
            secretKeyRef:
              name: vapora-secrets
              key: openai-api-key
              optional: true

        resources:
          requests:
            memory: {% if deployment_mode == 'enterprise' %}"256Mi"{% elif deployment_mode == 'multiuser' %}"128Mi"{% else %}"64Mi"{% endif %}
            cpu: {% if deployment_mode == 'enterprise' %}"250m"{% elif deployment_mode == 'multiuser' %}"100m"{% else %}"50m"{% endif %}
          limits:
            memory: {% if deployment_mode == 'enterprise' %}"512Mi"{% elif deployment_mode == 'multiuser' %}"256Mi"{% else %}"128Mi"{% endif %}
            cpu: {% if deployment_mode == 'enterprise' %}"500m"{% elif deployment_mode == 'multiuser' %}"200m"{% else %}"100m"{% endif %}
chore: add cd/ci ops 2026-01-12 03:36:55 +00:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: vapora-backend`
			`namespace: vapora`
			`labels:`
			`app: vapora`
			`component: backend`
			`deployment-mode: {{ deployment_mode }}`
			`spec:`
			`replicas: {% if deployment_mode == 'enterprise' %}3{% elif deployment_mode == 'multiuser' %}2{% else %}1{% endif %}`
			`selector:`
			`matchLabels:`
			`app: vapora`
			`component: backend`
			`template:`
			`metadata:`
			`labels:`
			`app: vapora`
			`component: backend`
			`deployment-mode: {{ deployment_mode }}`
			`annotations:`
			`prometheus.io/scrape: "{{ monitoring.prometheus_enabled\|lower }}"`
			`prometheus.io/port: "{{ backend.port }}"`
			`prometheus.io/path: "{{ monitoring.metrics_path }}"`
			`spec:`
			`serviceAccountName: vapora`
			`{% if security.tls_enabled %}`
			`securityContext:`
			`fsGroup: 65534`
			`runAsNonRoot: true`
			`runAsUser: 65534`
			`{% endif %}`
			`containers:`
			`- name: backend`
			`image: vapora/backend:latest`
			`imagePullPolicy: IfNotPresent`
			`ports:`
			`- name: http`
			`containerPort: {{ backend.port }}`
			`protocol: TCP`

			`env:`
			`- name: DEPLOYMENT_MODE`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: deployment-mode`
			`- name: WORKSPACE_NAME`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: workspace-name`
			`- name: BACKEND_HOST`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: backend-host`
			`- name: BACKEND_PORT`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: backend-port`
			`- name: BACKEND_WORKERS`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: backend-workers`
			`- name: DATABASE_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: backend-database-url`
			`- name: DATABASE_POOL_SIZE`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: backend-database-pool-size`
			`- name: DATABASE_USER`
			`valueFrom:`
			`secretKeyRef:`
			`name: vapora-secrets`
			`key: database-username`
			`optional: true`
			`- name: DATABASE_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: vapora-secrets`
			`key: database-password`
			`optional: true`
			`- name: JWT_SECRET`
			`valueFrom:`
			`secretKeyRef:`
			`name: vapora-secrets`
			`key: jwt-secret`
			`optional: true`
			`- name: LOG_LEVEL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: monitoring-log-level`
			`- name: PROMETHEUS_ENABLED`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: monitoring-prometheus-enabled`
			`- name: TLS_ENABLED`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: security-tls-enabled`
			`{% if security.tls_enabled %}`
			`- name: TLS_CERT_PATH`
			`value: /etc/vapora/certs/tls.crt`
			`- name: TLS_KEY_PATH`
			`value: /etc/vapora/certs/tls.key`
			`{% endif %}`

			`resources:`
			`requests:`
			`memory: {% if deployment_mode == 'enterprise' %}"512Mi"{% elif deployment_mode == 'multiuser' %}"256Mi"{% else %}"128Mi"{% endif %}`
			`cpu: {% if deployment_mode == 'enterprise' %}"500m"{% elif deployment_mode == 'multiuser' %}"250m"{% else %}"100m"{% endif %}`
			`limits:`
			`memory: {% if deployment_mode == 'enterprise' %}"1Gi"{% elif deployment_mode == 'multiuser' %}"512Mi"{% else %}"256Mi"{% endif %}`
			`cpu: {% if deployment_mode == 'enterprise' %}"1000m"{% elif deployment_mode == 'multiuser' %}"500m"{% else %}"200m"{% endif %}`

			`livenessProbe:`
			`httpGet:`
			`path: /health`
			`port: http`
			`scheme: {% if security.tls_enabled %}HTTPS{% else %}HTTP{% endif %}`
			`initialDelaySeconds: 10`
			`periodSeconds: 10`
			`timeoutSeconds: 5`
			`failureThreshold: 3`

			`readinessProbe:`
			`httpGet:`
			`path: /ready`
			`port: http`
			`scheme: {% if security.tls_enabled %}HTTPS{% else %}HTTP{% endif %}`
			`initialDelaySeconds: 5`
			`periodSeconds: 5`
			`timeoutSeconds: 3`
			`failureThreshold: 3`

			`volumeMounts:`
			`- name: config`
			`mountPath: /etc/vapora/config`
			`readOnly: true`
			`- name: storage`
			`mountPath: "{{ backend.storage.path }}"`
			`{% if security.tls_enabled %}`
			`- name: tls-certs`
			`mountPath: /etc/vapora/certs`
			`readOnly: true`
			`{% endif %}`

			`volumes:`
			`- name: config`
			`configMap:`
			`name: vapora-config`
			`- name: storage`
			`{% if deployment_mode == 'enterprise' %}`
			`persistentVolumeClaim:`
			`claimName: vapora-storage`
			`{% else %}`
			`emptyDir:`
			`sizeLimit: {% if deployment_mode == 'multiuser' %}"5Gi"{% else %}"1Gi"{% endif %}`
			`{% endif %}`
			`{% if security.tls_enabled %}`
			`- name: tls-certs`
			`secret:`
			`secretName: vapora-tls`
			`defaultMode: 0400`
			`{% endif %}`

			`{% if deployment_mode == 'enterprise' %}`
			`affinity:`
			`podAntiAffinity:`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- weight: 100`
			`podAffinityTerm:`
			`labelSelector:`
			`matchExpressions:`
			`- key: app`
			`operator: In`
			`values:`
			`- vapora`
			`topologyKey: kubernetes.io/hostname`
			`{% endif %}`

			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: vapora-agents`
			`namespace: vapora`
			`labels:`
			`app: vapora`
			`component: agents`
			`deployment-mode: {{ deployment_mode }}`
			`spec:`
			`replicas: {% if deployment_mode == 'enterprise' %}3{% elif deployment_mode == 'multiuser' %}2{% else %}1{% endif %}`
			`selector:`
			`matchLabels:`
			`app: vapora`
			`component: agents`
			`template:`
			`metadata:`
			`labels:`
			`app: vapora`
			`component: agents`
			`deployment-mode: {{ deployment_mode }}`
			`spec:`
			`serviceAccountName: vapora`
			`containers:`
			`- name: agents`
			`image: vapora/agents:latest`
			`imagePullPolicy: IfNotPresent`
			`ports:`
			`- name: http`
			`containerPort: {{ agents.port }}`
			`protocol: TCP`

			`env:`
			`- name: AGENTS_HOST`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: agents-host`
			`- name: AGENTS_PORT`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: agents-port`
			`- name: AGENTS_MAX_INSTANCES`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: agents-max-instances`
			`- name: AGENTS_HEARTBEAT_INTERVAL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: agents-heartbeat-interval`
			`- name: LEARNING_ENABLED`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: agents-learning-enabled`
			`- name: NATS_ENABLED`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: agents-nats-enabled`
			`- name: NATS_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: nats-url`

			`resources:`
			`requests:`
			`memory: {% if deployment_mode == 'enterprise' %}"256Mi"{% elif deployment_mode == 'multiuser' %}"128Mi"{% else %}"64Mi"{% endif %}`
			`cpu: {% if deployment_mode == 'enterprise' %}"250m"{% elif deployment_mode == 'multiuser' %}"100m"{% else %}"50m"{% endif %}`
			`limits:`
			`memory: {% if deployment_mode == 'enterprise' %}"512Mi"{% elif deployment_mode == 'multiuser' %}"256Mi"{% else %}"128Mi"{% endif %}`
			`cpu: {% if deployment_mode == 'enterprise' %}"500m"{% elif deployment_mode == 'multiuser' %}"200m"{% else %}"100m"{% endif %}`

			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: vapora-llm-router`
			`namespace: vapora`
			`labels:`
			`app: vapora`
			`component: llm-router`
			`deployment-mode: {{ deployment_mode }}`
			`spec:`
			`replicas: {% if deployment_mode == 'enterprise' %}2{% elif deployment_mode == 'multiuser' %}1{% else %}1{% endif %}`
			`selector:`
			`matchLabels:`
			`app: vapora`
			`component: llm-router`
			`template:`
			`metadata:`
			`labels:`
			`app: vapora`
			`component: llm-router`
			`deployment-mode: {{ deployment_mode }}`
			`spec:`
			`serviceAccountName: vapora`
			`containers:`
			`- name: llm-router`
			`image: vapora/llm-router:latest`
			`imagePullPolicy: IfNotPresent`
			`ports:`
			`- name: http`
			`containerPort: {{ llm_router.port }}`
			`protocol: TCP`

			`env:`
			`- name: LLM_ROUTER_HOST`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: llm-router-host`
			`- name: LLM_ROUTER_PORT`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: llm-router-port`
			`- name: COST_TRACKING_ENABLED`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: llm-router-cost-tracking-enabled`
			`- name: CLAUDE_ENABLED`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: llm-router-claude-enabled`
			`- name: OPENAI_ENABLED`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: llm-router-openai-enabled`
			`- name: OLLAMA_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: vapora-config`
			`key: llm-router-ollama-url`
			`- name: ANTHROPIC_API_KEY`
			`valueFrom:`
			`secretKeyRef:`
			`name: vapora-secrets`
			`key: anthropic-api-key`
			`optional: true`
			`- name: OPENAI_API_KEY`
			`valueFrom:`
			`secretKeyRef:`
			`name: vapora-secrets`
			`key: openai-api-key`
			`optional: true`

			`resources:`
			`requests:`
			`memory: {% if deployment_mode == 'enterprise' %}"256Mi"{% elif deployment_mode == 'multiuser' %}"128Mi"{% else %}"64Mi"{% endif %}`
			`cpu: {% if deployment_mode == 'enterprise' %}"250m"{% elif deployment_mode == 'multiuser' %}"100m"{% else %}"50m"{% endif %}`
			`limits:`
			`memory: {% if deployment_mode == 'enterprise' %}"512Mi"{% elif deployment_mode == 'multiuser' %}"256Mi"{% else %}"128Mi"{% endif %}`
			`cpu: {% if deployment_mode == 'enterprise' %}"500m"{% elif deployment_mode == 'multiuser' %}"200m"{% else %}"100m"{% endif %}`