--- # Deployment for RAG Service apiVersion: apps/v1 kind: Deployment metadata: name: provisioning-rag namespace: provisioning-rag labels: app: provisioning-rag version: "8e" component: api-service annotations: description: "RAG Service with Orchestrator and REST API" deployment.kubernetes.io/revision: "1" spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: provisioning-rag component: api-service template: metadata: labels: app: provisioning-rag component: api-service version: "8e" annotations: prometheus.io/scrape: "true" prometheus.io/port: "8888" prometheus.io/path: "/metrics" spec: serviceAccountName: provisioning-rag securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 1000 initContainers: - name: wait-for-db image: busybox:1.35 command: ['sh', '-c', 'until nc -z surrealdb 8000; do echo waiting for surrealdb; sleep 2; done'] containers: - name: provisioning-rag image: provisioning-rag:latest imagePullPolicy: IfNotPresent ports: - name: api containerPort: 9090 protocol: TCP - name: metrics containerPort: 8888 protocol: TCP # Environment variables from ConfigMap envFrom: - configMapRef: name: provisioning-rag-config # Secrets env: - name: DB_PASSWORD valueFrom: secretKeyRef: name: provisioning-rag-secrets key: DB_PASSWORD - name: OPENAI_API_KEY valueFrom: secretKeyRef: name: provisioning-rag-secrets key: OPENAI_API_KEY # Resource limits and requests resources: requests: cpu: 500m memory: 512Mi limits: cpu: 2000m memory: 2Gi # Liveness probe - checks if container is alive livenessProbe: httpGet: path: /health port: api initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 3 # Readiness probe - checks if container is ready for traffic readinessProbe: httpGet: path: /health port: api initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 2 # Startup probe - checks if container has started startupProbe: httpGet: path: /health port: api initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 30 # Volume mounts volumeMounts: - name: data mountPath: /app/data - name: logs mountPath: /app/logs # Security context for container securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000 capabilities: drop: - ALL add: - NET_BIND_SERVICE # Volumes volumes: - name: data persistentVolumeClaim: claimName: provisioning-rag-data-pvc - name: logs emptyDir: {} # Pod scheduling affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - provisioning-rag topologyKey: kubernetes.io/hostname terminationGracePeriodSeconds: 30 --- # Deployment for SurrealDB apiVersion: apps/v1 kind: Deployment metadata: name: surrealdb namespace: provisioning-rag labels: app: surrealdb version: latest component: database spec: replicas: 1 selector: matchLabels: app: surrealdb component: database template: metadata: labels: app: surrealdb component: database spec: securityContext: fsGroup: 1000 containers: - name: surrealdb image: surrealdb/surrealdb:latest imagePullPolicy: IfNotPresent ports: - name: http containerPort: 8000 protocol: TCP # Environment env: - name: SURREAL_LOG value: "info" # Resource limits resources: requests: cpu: 250m memory: 256Mi limits: cpu: 1000m memory: 1Gi # Health checks livenessProbe: tcpSocket: port: http initialDelaySeconds: 10 periodSeconds: 20 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: tcpSocket: port: http initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 2 # Volume mounts volumeMounts: - name: data mountPath: /data # Volumes volumes: - name: data persistentVolumeClaim: claimName: surrealdb-data-pvc terminationGracePeriodSeconds: 10