apiVersion: apps/v1
kind: Deployment
metadata:
  name: cyberstar-web
  labels:
    app: cyberstar-web
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cyberstar-web
  template:
    metadata:
      labels:
        app: cyberstar-web
    spec:
      imagePullSecrets:
      - name: cr-pull-secret
      containers:
      - name: cyberstar-web
        image: ${CI_REGISTRY_IMAGE}/cyberstar-web:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 3000
        env:
        - name: NODE_ENV
          value: "production"
        - name: PORT
          value: "3000"
        - name: HOSTNAME
          value: "0.0.0.0"
        - name: AUTH_URL
          value: "https://cyberstar.airlabs.art"
        - name: AUTH_TRUST_HOST
          value: "true"
        # 敏感配置 / 第三方凭据从 Secret 注入（部署前需 kubectl create secret generic cyberstar-env --from-env-file=.env）
        envFrom:
        - secretRef:
            name: cyberstar-env
            optional: true
        livenessProbe:
          httpGet:
            path: /
            port: 3000
          initialDelaySeconds: 30
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 3
        readinessProbe:
          httpGet:
            path: /
            port: 3000
          initialDelaySeconds: 10
          periodSeconds: 5
          timeoutSeconds: 3
          failureThreshold: 3
        resources:
          requests:
            memory: "256Mi"
            cpu: "200m"
          limits:
            memory: "1024Mi"
            cpu: "1000m"
---
apiVersion: v1
kind: Service
metadata:
  name: cyberstar-web
spec:
  selector:
    app: cyberstar-web
  ports:
    - protocol: TCP
      port: 80
      targetPort: 3000