online-boutique/deploy/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: online-boutique
  labels:
    app: online-boutique
    app.kubernetes.io/name: online-boutique
    app.kubernetes.io/component: application
    app.kubernetes.io/part-of: golden-path
spec:
  replicas: 2
  selector:
    matchLabels:
      app: online-boutique
      app.kubernetes.io/name: online-boutique
  template:
    metadata:
      labels:
        app: online-boutique
        app.kubernetes.io/name: online-boutique
        app.kubernetes.io/version: "1.0.0"
      annotations:
        # Prometheus scraping annotations
        prometheus.io/scrape: "true"
        prometheus.io/port: "8080"
        prometheus.io/path: "/actuator/prometheus"
    spec:
      containers:
      - name: app
        image: bstagecjotdevacr.azurecr.io/online-boutique:latest
        imagePullPolicy: Always
        ports:
        - name: http
          containerPort: 8080
          protocol: TCP
        
        # Environment variables
        env:
        - name: SPRING_PROFILES_ACTIVE
          value: "development"
        - name: ENVIRONMENT
          value: "development"
        
        # Startup probe - gives app time to start
        startupProbe:
          httpGet:
            path: /actuator/health/liveness
            port: http
          initialDelaySeconds: 10
          periodSeconds: 5
          timeoutSeconds: 3
          failureThreshold: 30  # 150 seconds total
        
        # Liveness probe - restarts container if app is dead
        livenessProbe:
          httpGet:
            path: /actuator/health/liveness
            port: http
          initialDelaySeconds: 0
          periodSeconds: 10
          timeoutSeconds: 3
          failureThreshold: 3
        
        # Readiness probe - removes from load balancer if not ready
        readinessProbe:
          httpGet:
            path: /actuator/health/readiness
            port: http
          initialDelaySeconds: 0
          periodSeconds: 5
          timeoutSeconds: 3
          failureThreshold: 3
        
        # Resource limits and requests
        resources:
          requests:
            memory: "512Mi"
            cpu: "250m"
          limits:
            memory: "1Gi"
            cpu: "500m"
        
        # Security context
        securityContext:
          runAsNonRoot: true
          runAsUser: 1000
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: false
          capabilities:
            drop:
              - ALL
      
      # Pod-level security context
      securityContext:
        fsGroup: 1000
      
      # Graceful shutdown
      terminationGracePeriodSeconds: 30