---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tdg-server
namespace: tdg-system
labels:
app.kubernetes.io/name: tdg
app.kubernetes.io/component: server
app.kubernetes.io/version: "2.38.0"
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: tdg
app.kubernetes.io/component: server
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app.kubernetes.io/name: tdg
app.kubernetes.io/component: server
app.kubernetes.io/version: "2.38.0"
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9090"
prometheus.io/path: "/metrics"
spec:
serviceAccountName: tdg-server
securityContext:
runAsNonRoot: "true"
runAsUser: 1000
fsGroup: 1000
initContainers:
- name: init-storage
image: busybox:1.36
command: ['sh', '-c', 'mkdir -p /data/tdg && chown -R 1000:1000 /data']
volumeMounts:
- name: storage
mountPath: /data
containers:
- name: tdg-server
image: paiml/tdg-server:2.38.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: dashboard
containerPort: 8081
protocol: TCP
- name: metrics
containerPort: 9090
protocol: TCP
env:
- name: RUST_LOG
value: "info"
- name: TDG_CONFIG_PATH
value: "/config/tdg-config.yaml"
- name: TDG_ALERT_RULES_PATH
value: "/config/alert-rules.yaml"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
resources:
requests:
memory: "2Gi"
cpu: "500m"
limits:
memory: "8Gi"
cpu: "2000m"
livenessProbe:
httpGet:
path: /health/live
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: http
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/startup
port: http
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 30
volumeMounts:
- name: config
mountPath: /config
readOnly: "true"
- name: storage
mountPath: /data
- name: cache
mountPath: /cache
- name: tmp
mountPath: /tmp
securityContext:
allowPrivilegeEscalation: "false"
capabilities:
drop:
- ALL
readOnlyRootFilesystem: "true"
runAsNonRoot: "true"
runAsUser: 1000
volumes:
- name: config
configMap:
name: tdg-config
- name: storage
persistentVolumeClaim:
claimName: tdg-storage-pvc
- name: cache
emptyDir:
sizeLimit: 1Gi
- name: tmp
emptyDir:
sizeLimit: 500Mi
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- tdg
topologyKey: kubernetes.io/hostname
topologySpreadConstraints:
- maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: tdg
app.kubernetes.io/component: server