1# Kubernetes Deployment for Flask application
2# This defines the desired state for running application pods
3
4apiVersion: apps/v1
5kind: Deployment
6metadata:
7 name: flask-app
8 labels:
9 app: flask-app
10 tier: backend
11 version: v1
12 annotations:
13 description: "Flask web application deployment"
14spec:
15 # Number of pod replicas for high availability
16 replicas: 3
17
18 # Deployment strategy
19 strategy:
20 type: RollingUpdate
21 rollingUpdate:
22 maxSurge: 1 # Max number of pods that can be created over desired replicas
23 maxUnavailable: 1 # Max number of pods that can be unavailable during update
24
25 # Selector to identify which pods belong to this deployment
26 selector:
27 matchLabels:
28 app: flask-app
29
30 # Pod template
31 template:
32 metadata:
33 labels:
34 app: flask-app
35 tier: backend
36 version: v1
37 annotations:
38 prometheus.io/scrape: "true"
39 prometheus.io/port: "5000"
40 prometheus.io/path: "/metrics"
41
42 spec:
43 # Security context for the pod
44 securityContext:
45 runAsNonRoot: true
46 runAsUser: 1000
47 fsGroup: 1000
48
49 # Service account for RBAC
50 serviceAccountName: flask-app-sa
51
52 containers:
53 - name: flask-app
54 image: your-registry/flask-app:1.0
55 imagePullPolicy: IfNotPresent
56
57 ports:
58 - containerPort: 5000
59 name: http
60 protocol: TCP
61
62 # Environment variables from ConfigMap and Secret
63 env:
64 - name: FLASK_ENV
65 valueFrom:
66 configMapKeyRef:
67 name: flask-config
68 key: flask_env
69
70 - name: DATABASE_URL
71 valueFrom:
72 secretKeyRef:
73 name: flask-secrets
74 key: database_url
75
76 - name: REDIS_URL
77 valueFrom:
78 secretKeyRef:
79 name: flask-secrets
80 key: redis_url
81
82 # Resource limits and requests
83 # Requests: guaranteed resources
84 # Limits: maximum resources
85 resources:
86 requests:
87 cpu: 100m # 0.1 CPU core
88 memory: 128Mi # 128 MiB
89 limits:
90 cpu: 500m # 0.5 CPU core
91 memory: 512Mi # 512 MiB
92
93 # Liveness probe: restart container if unhealthy
94 # Determines if container is running
95 livenessProbe:
96 httpGet:
97 path: /health
98 port: 5000
99 scheme: HTTP
100 initialDelaySeconds: 30 # Wait before first probe
101 periodSeconds: 10 # Probe interval
102 timeoutSeconds: 5 # Probe timeout
103 successThreshold: 1 # Success after n consecutive successes
104 failureThreshold: 3 # Restart after n consecutive failures
105
106 # Readiness probe: remove from service if not ready
107 # Determines if container can accept traffic
108 readinessProbe:
109 httpGet:
110 path: /health
111 port: 5000
112 scheme: HTTP
113 initialDelaySeconds: 10
114 periodSeconds: 5
115 timeoutSeconds: 3
116 successThreshold: 1
117 failureThreshold: 3
118
119 # Startup probe: handle slow-starting containers
120 # Disables liveness/readiness until first success
121 startupProbe:
122 httpGet:
123 path: /health
124 port: 5000
125 scheme: HTTP
126 initialDelaySeconds: 0
127 periodSeconds: 10
128 timeoutSeconds: 3
129 successThreshold: 1
130 failureThreshold: 30 # 30 * 10s = 5 minutes max startup time
131
132 # Security context for the container
133 securityContext:
134 allowPrivilegeEscalation: false
135 readOnlyRootFilesystem: true
136 runAsNonRoot: true
137 runAsUser: 1000
138 capabilities:
139 drop:
140 - ALL
141
142 # Volume mounts (if needed)
143 volumeMounts:
144 - name: tmp
145 mountPath: /tmp
146 - name: cache
147 mountPath: /app/cache
148
149 # Volumes
150 volumes:
151 - name: tmp
152 emptyDir: {}
153 - name: cache
154 emptyDir: {}
155
156 # Node affinity (optional): prefer specific nodes
157 # affinity:
158 # nodeAffinity:
159 # preferredDuringSchedulingIgnoredDuringExecution:
160 # - weight: 1
161 # preference:
162 # matchExpressions:
163 # - key: node-type
164 # operator: In
165 # values:
166 # - application
167
168 # Pod anti-affinity: spread pods across nodes
169 # This ensures high availability
170 affinity:
171 podAntiAffinity:
172 preferredDuringSchedulingIgnoredDuringExecution:
173 - weight: 100
174 podAffinityTerm:
175 labelSelector:
176 matchExpressions:
177 - key: app
178 operator: In
179 values:
180 - flask-app
181 topologyKey: kubernetes.io/hostname
182
183 # Tolerations (optional): allow scheduling on tainted nodes
184 # tolerations:
185 # - key: "dedicated"
186 # operator: "Equal"
187 # value: "application"
188 # effect: "NoSchedule"
189
190---
191# ServiceAccount for RBAC
192apiVersion: v1
193kind: ServiceAccount
194metadata:
195 name: flask-app-sa
196 labels:
197 app: flask-app
198
199---
200# HorizontalPodAutoscaler for automatic scaling
201apiVersion: autoscaling/v2
202kind: HorizontalPodAutoscaler
203metadata:
204 name: flask-app-hpa
205spec:
206 scaleTargetRef:
207 apiVersion: apps/v1
208 kind: Deployment
209 name: flask-app
210 minReplicas: 3
211 maxReplicas: 10
212 metrics:
213 # Scale based on CPU utilization
214 - type: Resource
215 resource:
216 name: cpu
217 target:
218 type: Utilization
219 averageUtilization: 70
220 # Scale based on memory utilization
221 - type: Resource
222 resource:
223 name: memory
224 target:
225 type: Utilization
226 averageUtilization: 80
227 behavior:
228 scaleDown:
229 stabilizationWindowSeconds: 300 # Wait 5 min before scaling down
230 policies:
231 - type: Percent
232 value: 50
233 periodSeconds: 60
234 scaleUp:
235 stabilizationWindowSeconds: 0
236 policies:
237 - type: Percent
238 value: 100
239 periodSeconds: 30
240 - type: Pods
241 value: 2
242 periodSeconds: 30