apiVersion: v1
kind: Service
metadata:
  name: dnc
  labels:
    app: dnc
  namespace: nextgenleads
spec:
  ports:
    - name: http-dnc
      port: 8080
      protocol: TCP
    - name: grpc-dnc
      port: 5000
      protocol: TCP
  selector:
    app: dnc
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: dnc
  namespace: nextgenleads
  labels:
    app: dnc
spec:
  replicas: 2
  selector:
    matchLabels:
      app: dnc
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: dnc
      annotations:
        traffic.sidecar.istio.io/excludeOutboundPorts: "9090"
        traffic.sidecar.istio.io/excludeInboundPorts: "9090"
      name: dnc
    spec:
      enableServiceLinks: false
      # Ensure we are spread out across all available zones
      topologySpreadConstraints:
        - maxSkew: 2
          topologyKey: topology.kubernetes.io/zone
          whenUnsatisfiable: ScheduleAnyway
          labelSelector:
            matchLabels:
              app: dnc
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
      volumes:
        - name: rw
          emptyDir: {}
      containers:
        - name: auction
          image: 908300759296.dkr.ecr.us-west-2.amazonaws.com/ngl-dnc:4.0.0
          imagePullPolicy: Always
          env:
            - name: NODE_ENV
              value: "production"
            - name: APP_NAME
              value: "DNC"
            - name: APP_HTTP_HOST
              value: "0.0.0.0"
            - name: APP_HTTP_PORT
              value: "8080"
            - name: APP_GRPC_HOST
              value: "0.0.0.0"
            - name: APP_GRPC_PORT
              value: "5000"
            - name: POSTGRESQL_HOST
              value: "ngl.c9lwk1dfvh5b.us-west-2.rds.amazonaws.com"
            - name: POSTGRESQL_DB
              value: "dnc"
            - name: POSTGRESQL_USER
              value: "postgres"
            - name: POSTGRESQL_PASSWORD
              value: "WnvHqUTWAuBDVB8rUuQU"
            - name: REDIS_HOST
              value: "redis.nextgenleads"
            - name: METRICS_ENABLED
              value: "true"
            - name: METRICS_PORT
              value: "9090"
            - name: NGL_LOGGLY_API_KEY
              value: "43b08a2c-f7c1-4c0e-bb2e-125bed056044"
          ports:
            - name: http-app
              containerPort: 8080
            - name: grpc-app
              containerPort: 5000
            - name: metrics
              containerPort: 9090
          volumeMounts:
            - name: rw
              mountPath: /home
              subPath: home
            - name: rw
              mountPath: /tmp
              subPath: tmp
          resources:
            requests:
              cpu: 50m
              memory: 150Mi
            limits:
              cpu: 125m
              memory: 300Mi
          livenessProbe:
            httpGet:
              path: /
              port: http-app
            periodSeconds: 5
            failureThreshold: 3
            initialDelaySeconds: 30
          readinessProbe:
            httpGet:
              path: /
              port: http-app
            periodSeconds: 5
            failureThreshold: 3
            initialDelaySeconds: 30
          securityContext:
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false