atmadmin/athletic-map-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(acme): replica 7 contextos + bff + spa do piloto (multitenant)

Browse Source
This commit is contained in:
ATM Platform
2026-06-17 14:59:15 +00:00
parent a43c716209
commit 33e998eb62
11 changed files with 532 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tenants/acme/00-namespace-quota-netpol.yaml
+4 -4
View File
@@ -15,10 +15,10 @@ metadata:
namespace: acme-prod
spec:
hard:
requests.cpu: "2"
requests.memory: 2Gi
limits.cpu: "4"
limits.memory: 6Gi
requests.cpu: "3"
requests.memory: 4Gi
limits.cpu: "12"
limits.memory: 12Gi
pods: "20"
persistentvolumeclaims: "4"
---
tenants/acme/30-apps-stubs.yaml
+12 -93
View File
@@ -1,7 +1,7 @@
# Apps do tenant demo:
# - backend: Spring Boot OAuth2 Resource Server (imagem athletic-map-backend:1.3, porta 8083)
# Apps do tenant acme:
# - backend: Spring Boot OAuth2 Resource Server (imagem athletic-map-backend:1.0, importada no k3s)
# - frontend: SPA OIDC Authorization Code + PKCE (keycloak-js) chamando /api/me
# - bff: stub (whoami)
# - bff: stub (whoami) — sera substituido na evolucao
---
apiVersion: apps/v1
kind: Deployment
@@ -34,95 +34,6 @@ spec:
selector: { app: backend }
ports: [{ name: http, port: 80, targetPort: 8083 }]
---
apiVersion: apps/v1
kind: Deployment
metadata: { name: bff, namespace: acme-prod }
spec:
replicas: 1
selector: { matchLabels: { app: bff } }
template:
metadata: { labels: { app: bff } }
spec:
containers:
- name: whoami
image: traefik/whoami:latest
args: ["--name", "athletic-map-bff acme (stub)"]
ports: [{ containerPort: 80 }]
---
apiVersion: v1
kind: Service
metadata: { name: bff, namespace: acme-prod }
spec:
selector: { app: bff }
ports: [{ port: 80, targetPort: 80 }]
---
apiVersion: v1
kind: ConfigMap
metadata: { name: frontend-index, namespace: acme-prod }
data:
index.html: |
<!doctype html>
<html lang="pt-br"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1">
<title>Athletic Map — Acme</title>
<script src="https://auth-acme.athleticmap.influxdigital.com.br/js/keycloak.js"></script>
<style>
body{font-family:system-ui,sans-serif;background:#155eef;color:#eaf2ff;margin:0;padding:2rem}
.card{max-width:760px;margin:2rem auto;background:#0e2f57;border-top:4px solid #ffd23f;border-radius:12px;padding:2rem;box-shadow:0 12px 40px rgba(0,0,0,.4)}
h1{color:#ffd23f;margin:0 0 .3rem}.muted{color:#bcd3f5}b{color:#fff}
pre{background:#06182e;padding:1rem;border-radius:8px;overflow:auto;color:#9fe8aa;font-size:.85rem}
button{background:#188bf6;color:#fff;border:0;border-radius:8px;padding:.6rem 1.2rem;cursor:pointer;font-weight:700}
.tag{display:inline-block;background:#0a2547;border-radius:20px;padding:.15rem .7rem;margin:.15rem;font-size:.8rem}
</style></head>
<body><div class="card" id="app"><p class="muted">Carregando…</p></div>
<script>
const kc = new Keycloak({ url: 'https://auth-acme.athleticmap.influxdigital.com.br', realm: 'athleticmap', clientId: 'spa' });
kc.init({ onLoad: 'login-required', pkceMethod: 'S256', checkLoginIframe: false }).then(function (auth) {
if (!auth) { document.getElementById('app').innerHTML = '<p>Nao autenticado.</p>'; return; }
var t = kc.tokenParsed;
var roles = ((t.realm_access && t.realm_access.roles) || []).map(function (r) { return '<span class="tag">' + r + '</span>'; }).join('');
document.getElementById('app').innerHTML =
'<h1>Athletic Map</h1>' +
'<p class="muted">tenant <b>acme</b> · login OIDC (Authorization Code + PKCE)</p>' +
'<p>Bem-vindo, <b>' + t.preferred_username + '</b></p>' +
'<p>Roles no token: ' + roles + '</p>' +
'<h3>Backend <code>/api/me</code> (JWT validado no servidor):</h3>' +
'<pre id="me">chamando…</pre>' +
'<button onclick="kc.logout()">Sair</button>';
fetch('/api/me', { headers: { Authorization: 'Bearer ' + kc.token } })
.then(function (r) { return r.json(); })
.then(function (me) { document.getElementById('me').textContent = JSON.stringify(me, null, 2); })
.catch(function (e) { document.getElementById('me').textContent = 'erro: ' + e; });
}).catch(function (e) { document.getElementById('app').innerHTML = '<p>Erro ao iniciar Keycloak: ' + e + '</p>'; });
</script></body></html>
---
apiVersion: apps/v1
kind: Deployment
metadata: { name: frontend, namespace: acme-prod }
spec:
replicas: 1
selector: { matchLabels: { app: frontend } }
template:
metadata:
labels: { app: frontend }
annotations: { configVersion: "spa-2" }
spec:
containers:
- name: nginx
image: nginx:alpine
ports: [{ containerPort: 80 }]
volumeMounts:
- { name: html, mountPath: /usr/share/nginx/html }
volumes:
- name: html
configMap: { name: frontend-index }
---
apiVersion: v1
kind: Service
metadata: { name: frontend, namespace: acme-prod }
spec:
selector: { app: frontend }
ports: [{ port: 80, targetPort: 80 }]
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -142,8 +53,16 @@ spec:
- host: acme.athleticmap.influxdigital.com.br
http:
paths:
- { path: /api/configuracao, pathType: Prefix, backend: { service: { name: servico-configuracao, port: { number: 80 } } } }
- { path: /api/cadastro, pathType: Prefix, backend: { service: { name: servico-cadastro, port: { number: 80 } } } }
- { path: /bff, pathType: Prefix, backend: { service: { name: servico-bff, port: { number: 80 } } } }
- { path: /api/organizacao, pathType: Prefix, backend: { service: { name: servico-organizacao, port: { number: 80 } } } }
- { path: /api/planejamento, pathType: Prefix, backend: { service: { name: servico-planejamento, port: { number: 80 } } } }
- { path: /api/campeonato, pathType: Prefix, backend: { service: { name: servico-campeonato, port: { number: 80 } } } }
- { path: /api/saude, pathType: Prefix, backend: { service: { name: servico-saude, port: { number: 80 } } } }
- { path: /api/financeiro, pathType: Prefix, backend: { service: { name: servico-financeiro, port: { number: 80 } } } }
- { path: /api, pathType: Prefix, backend: { service: { name: backend, port: { number: 80 } } } }
- { path: /, pathType: Prefix, backend: { service: { name: frontend, port: { number: 80 } } } }
- { path: /, pathType: Prefix, backend: { service: { name: frontend-spa, port: { number: 80 } } } }
- host: auth-acme.athleticmap.influxdigital.com.br
http:
paths:
tenants/acme/70-servico-configuracao.yaml
+59
View File
@@ -0,0 +1,59 @@
# Bounded context "configuracao" como app proprio (ADR-0002): Deployment/pod
# medivel = centro de custo. Schema proprio "configuracao" no Postgres do silo
# (criado pelo Flyway). Roteado em /api/configuracao no ingress do tenant.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: servico-configuracao
namespace: acme-prod
labels:
app: servico-configuracao
athleticmap.io/contexto: configuracao
spec:
replicas: 1
selector: { matchLabels: { app: servico-configuracao } }
template:
metadata:
labels:
app: servico-configuracao
athleticmap.io/contexto: configuracao
spec:
containers:
- name: servico-configuracao
image: docker.io/library/servico-configuracao:1.0
imagePullPolicy: Never
ports: [{ containerPort: 8083 }]
env:
- { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
- { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef: { name: db-credentials, key: password }
- { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
- { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
- { name: ATM_TENANT, value: "acme" }
resources:
requests: { cpu: 150m, memory: 320Mi }
limits: { cpu: "1", memory: 768Mi }
readinessProbe:
httpGet: { path: /api/configuracao/health, port: 8083 }
initialDelaySeconds: 25
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet: { path: /actuator/health/liveness, port: 8083 }
initialDelaySeconds: 60
periodSeconds: 20
failureThreshold: 6
---
apiVersion: v1
kind: Service
metadata:
name: servico-configuracao
namespace: acme-prod
labels:
app: servico-configuracao
spec:
selector: { app: servico-configuracao }
ports: [{ name: http, port: 80, targetPort: 8083 }]
tenants/acme/72-servico-organizacao.yaml
+58
View File
@@ -0,0 +1,58 @@
# Bounded context "organizacao" como app proprio (ADR-0002): Elenco e Turma.
# Schema proprio "organizacao" (Flyway). Roteado em /api/organizacao no ingress.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: servico-organizacao
namespace: acme-prod
labels:
app: servico-organizacao
athleticmap.io/contexto: organizacao
spec:
replicas: 1
selector: { matchLabels: { app: servico-organizacao } }
template:
metadata:
labels:
app: servico-organizacao
athleticmap.io/contexto: organizacao
spec:
containers:
- name: servico-organizacao
image: docker.io/library/servico-organizacao:1.2
imagePullPolicy: Never
ports: [{ containerPort: 8083 }]
env:
- { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
- { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef: { name: db-credentials, key: password }
- { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
- { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
- { name: ATM_TENANT, value: "acme" }
resources:
requests: { cpu: 150m, memory: 320Mi }
limits: { cpu: "1", memory: 768Mi }
readinessProbe:
httpGet: { path: /api/organizacao/health, port: 8083 }
initialDelaySeconds: 25
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet: { path: /actuator/health/liveness, port: 8083 }
initialDelaySeconds: 60
periodSeconds: 20
failureThreshold: 6
---
apiVersion: v1
kind: Service
metadata:
name: servico-organizacao
namespace: acme-prod
labels:
app: servico-organizacao
spec:
selector: { app: servico-organizacao }
ports: [{ name: http, port: 80, targetPort: 8083 }]
tenants/acme/74-servico-planejamento.yaml
+58
View File
@@ -0,0 +1,58 @@
# Bounded context "planejamento" como app proprio (ADR-0002): Treino e Plano de Aula.
# Schema proprio "planejamento" (Flyway). Roteado em /api/planejamento no ingress.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: servico-planejamento
namespace: acme-prod
labels:
app: servico-planejamento
athleticmap.io/contexto: planejamento
spec:
replicas: 1
selector: { matchLabels: { app: servico-planejamento } }
template:
metadata:
labels:
app: servico-planejamento
athleticmap.io/contexto: planejamento
spec:
containers:
- name: servico-planejamento
image: docker.io/library/servico-planejamento:1.1
imagePullPolicy: Never
ports: [{ containerPort: 8083 }]
env:
- { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
- { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef: { name: db-credentials, key: password }
- { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
- { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
- { name: ATM_TENANT, value: "acme" }
resources:
requests: { cpu: 150m, memory: 320Mi }
limits: { cpu: "1", memory: 768Mi }
readinessProbe:
httpGet: { path: /api/planejamento/health, port: 8083 }
initialDelaySeconds: 25
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet: { path: /actuator/health/liveness, port: 8083 }
initialDelaySeconds: 60
periodSeconds: 20
failureThreshold: 6
---
apiVersion: v1
kind: Service
metadata:
name: servico-planejamento
namespace: acme-prod
labels:
app: servico-planejamento
spec:
selector: { app: servico-planejamento }
ports: [{ name: http, port: 80, targetPort: 8083 }]
tenants/acme/76-servico-campeonato.yaml
+58
View File
@@ -0,0 +1,58 @@
# Bounded context "campeonato" (2a onda): Campeonato (estrutura) + Jogo (sumula).
# Schema proprio "campeonato" (Flyway). Roteado em /api/campeonato no ingress.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: servico-campeonato
namespace: acme-prod
labels:
app: servico-campeonato
athleticmap.io/contexto: campeonato
spec:
replicas: 1
selector: { matchLabels: { app: servico-campeonato } }
template:
metadata:
labels:
app: servico-campeonato
athleticmap.io/contexto: campeonato
spec:
containers:
- name: servico-campeonato
image: docker.io/library/servico-campeonato:1.0
imagePullPolicy: Never
ports: [{ containerPort: 8083 }]
env:
- { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
- { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef: { name: db-credentials, key: password }
- { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
- { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
- { name: ATM_TENANT, value: "acme" }
resources:
requests: { cpu: 150m, memory: 320Mi }
limits: { cpu: "1", memory: 768Mi }
readinessProbe:
httpGet: { path: /api/campeonato/health, port: 8083 }
initialDelaySeconds: 25
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet: { path: /actuator/health/liveness, port: 8083 }
initialDelaySeconds: 60
periodSeconds: 20
failureThreshold: 6
---
apiVersion: v1
kind: Service
metadata:
name: servico-campeonato
namespace: acme-prod
labels:
app: servico-campeonato
spec:
selector: { app: servico-campeonato }
ports: [{ name: http, port: 80, targetPort: 8083 }]
tenants/acme/78-servico-saude.yaml
+58
View File
@@ -0,0 +1,58 @@
# Bounded context "saude" (2a onda): RegistroSaude (registros por especialidade).
# Schema proprio "saude" (Flyway). Roteado em /api/saude no ingress.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: servico-saude
namespace: acme-prod
labels:
app: servico-saude
athleticmap.io/contexto: saude
spec:
replicas: 1
selector: { matchLabels: { app: servico-saude } }
template:
metadata:
labels:
app: servico-saude
athleticmap.io/contexto: saude
spec:
containers:
- name: servico-saude
image: docker.io/library/servico-saude:1.0
imagePullPolicy: Never
ports: [{ containerPort: 8083 }]
env:
- { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
- { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef: { name: db-credentials, key: password }
- { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
- { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
- { name: ATM_TENANT, value: "acme" }
resources:
requests: { cpu: 150m, memory: 320Mi }
limits: { cpu: "1", memory: 768Mi }
readinessProbe:
httpGet: { path: /api/saude/health, port: 8083 }
initialDelaySeconds: 25
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet: { path: /actuator/health/liveness, port: 8083 }
initialDelaySeconds: 60
periodSeconds: 20
failureThreshold: 6
---
apiVersion: v1
kind: Service
metadata:
name: servico-saude
namespace: acme-prod
labels:
app: servico-saude
spec:
selector: { app: servico-saude }
ports: [{ name: http, port: 80, targetPort: 8083 }]
tenants/acme/79-servico-financeiro.yaml
+58
View File
@@ -0,0 +1,58 @@
# Bounded context "financeiro" (2a onda): Cobranca + ApuracaoRateio (centros de custo).
# Schema proprio "financeiro" (Flyway). Roteado em /api/financeiro no ingress.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: servico-financeiro
namespace: acme-prod
labels:
app: servico-financeiro
athleticmap.io/contexto: financeiro
spec:
replicas: 1
selector: { matchLabels: { app: servico-financeiro } }
template:
metadata:
labels:
app: servico-financeiro
athleticmap.io/contexto: financeiro
spec:
containers:
- name: servico-financeiro
image: docker.io/library/servico-financeiro:1.0
imagePullPolicy: Never
ports: [{ containerPort: 8083 }]
env:
- { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
- { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef: { name: db-credentials, key: password }
- { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
- { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
- { name: ATM_TENANT, value: "acme" }
resources:
requests: { cpu: 150m, memory: 320Mi }
limits: { cpu: "1", memory: 768Mi }
readinessProbe:
httpGet: { path: /api/financeiro/health, port: 8083 }
initialDelaySeconds: 25
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet: { path: /actuator/health/liveness, port: 8083 }
initialDelaySeconds: 60
periodSeconds: 20
failureThreshold: 6
---
apiVersion: v1
kind: Service
metadata:
name: servico-financeiro
namespace: acme-prod
labels:
app: servico-financeiro
spec:
selector: { app: servico-financeiro }
ports: [{ name: http, port: 80, targetPort: 8083 }]
tenants/acme/80-servico-cadastro.yaml
+59
View File
@@ -0,0 +1,59 @@
# Bounded context "cadastro" como app proprio (ADR-0002/0003): Deployment/pod
# medivel = centro de custo. Schema proprio "cadastro" no Postgres do silo
# (criado pelo Flyway). Roteado em /api/cadastro no ingress do tenant.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: servico-cadastro
namespace: acme-prod
labels:
app: servico-cadastro
athleticmap.io/contexto: cadastro
spec:
replicas: 1
selector: { matchLabels: { app: servico-cadastro } }
template:
metadata:
labels:
app: servico-cadastro
athleticmap.io/contexto: cadastro
spec:
containers:
- name: servico-cadastro
image: docker.io/library/servico-cadastro:1.2
imagePullPolicy: Never
ports: [{ containerPort: 8083 }]
env:
- { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
- { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef: { name: db-credentials, key: password }
- { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
- { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
- { name: ATM_TENANT, value: "acme" }
resources:
requests: { cpu: 150m, memory: 320Mi }
limits: { cpu: "1", memory: 768Mi }
readinessProbe:
httpGet: { path: /api/cadastro/health, port: 8083 }
initialDelaySeconds: 25
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet: { path: /actuator/health/liveness, port: 8083 }
initialDelaySeconds: 60
periodSeconds: 20
failureThreshold: 6
---
apiVersion: v1
kind: Service
metadata:
name: servico-cadastro
namespace: acme-prod
labels:
app: servico-cadastro
spec:
selector: { app: servico-cadastro }
ports: [{ name: http, port: 80, targetPort: 8083 }]
tenants/acme/90-servico-bff.yaml
+60
View File
@@ -0,0 +1,60 @@
# BFF (Backend-for-Frontend) — ponto unico da SPA; agrega configuracao + cadastro
# com token relay. Stateless (sem banco). Roteado em /bff no ingress do tenant.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: servico-bff
namespace: acme-prod
labels:
app: servico-bff
athleticmap.io/contexto: bff
spec:
replicas: 1
selector: { matchLabels: { app: servico-bff } }
template:
metadata:
labels:
app: servico-bff
athleticmap.io/contexto: bff
spec:
containers:
- name: servico-bff
image: docker.io/library/servico-bff:1.5
imagePullPolicy: Never
ports: [{ containerPort: 8083 }]
env:
- { name: ATM_CONFIG_URL, value: "http://servico-configuracao" }
- { name: ATM_CADASTRO_URL, value: "http://servico-cadastro" }
- { name: ATM_ORGANIZACAO_URL, value: "http://servico-organizacao" }
- { name: ATM_PLANEJAMENTO_URL, value: "http://servico-planejamento" }
- { name: ATM_CAMPEONATO_URL, value: "http://servico-campeonato" }
- { name: ATM_SAUDE_URL, value: "http://servico-saude" }
- { name: ATM_FINANCEIRO_URL, value: "http://servico-financeiro" }
- { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
- { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
- { name: ATM_TENANT, value: "acme" }
resources:
requests: { cpu: 100m, memory: 256Mi }
limits: { cpu: 500m, memory: 512Mi }
readinessProbe:
httpGet: { path: /bff/health, port: 8083 }
initialDelaySeconds: 20
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet: { path: /actuator/health/liveness, port: 8083 }
initialDelaySeconds: 50
periodSeconds: 20
failureThreshold: 6
---
apiVersion: v1
kind: Service
metadata:
name: servico-bff
namespace: acme-prod
labels:
app: servico-bff
spec:
selector: { app: servico-bff }
ports: [{ name: http, port: 80, targetPort: 8083 }]
tenants/acme/95-frontend-spa.yaml
+48
View File
@@ -0,0 +1,48 @@
# SPA Angular (shell OIDC + admin de catalogos + cadastro de Atleta) consumindo
# o BFF. Substitui o stub estatico nginx/configMap. Roteado em / no ingress.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend-spa
namespace: acme-prod
labels:
app: frontend-spa
athleticmap.io/contexto: frontend
spec:
replicas: 1
selector: { matchLabels: { app: frontend-spa } }
template:
metadata:
labels:
app: frontend-spa
athleticmap.io/contexto: frontend
spec:
containers:
- name: frontend-spa
image: docker.io/library/frontend-spa:1.6
imagePullPolicy: Never
ports: [{ containerPort: 80 }]
env:
- { name: ATM_KC_URL, value: "https://auth-acme.athleticmap.influxdigital.com.br" }
- { name: ATM_REALM, value: "athleticmap" }
- { name: ATM_CLIENT, value: "spa" }
- { name: ATM_TENANT, value: "acme" }
resources:
requests: { cpu: 50m, memory: 64Mi }
limits: { cpu: 200m, memory: 128Mi }
readinessProbe:
httpGet: { path: /, port: 80 }
initialDelaySeconds: 5
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: frontend-spa
namespace: acme-prod
labels:
app: frontend-spa
spec:
selector: { app: frontend-spa }
ports: [{ name: http, port: 80, targetPort: 80 }]