diff --git a/tenants/acme/00-namespace-quota-netpol.yaml b/tenants/acme/00-namespace-quota-netpol.yaml
index 7266431..3688787 100644
--- a/tenants/acme/00-namespace-quota-netpol.yaml
+++ b/tenants/acme/00-namespace-quota-netpol.yaml
@@ -15,10 +15,10 @@ metadata:
namespace: acme-prod
spec:
hard:
- requests.cpu: "2"
- requests.memory: 2Gi
- limits.cpu: "4"
- limits.memory: 6Gi
+ requests.cpu: "3"
+ requests.memory: 4Gi
+ limits.cpu: "12"
+ limits.memory: 12Gi
pods: "20"
persistentvolumeclaims: "4"
---
diff --git a/tenants/acme/30-apps-stubs.yaml b/tenants/acme/30-apps-stubs.yaml
index 5386990..99e1d1c 100644
--- a/tenants/acme/30-apps-stubs.yaml
+++ b/tenants/acme/30-apps-stubs.yaml
@@ -1,7 +1,7 @@
-# Apps do tenant demo:
-# - backend: Spring Boot OAuth2 Resource Server (imagem athletic-map-backend:1.3, porta 8083)
+# Apps do tenant acme:
+# - backend: Spring Boot OAuth2 Resource Server (imagem athletic-map-backend:1.0, importada no k3s)
# - frontend: SPA OIDC Authorization Code + PKCE (keycloak-js) chamando /api/me
-# - bff: stub (whoami)
+# - bff: stub (whoami) — sera substituido na evolucao
---
apiVersion: apps/v1
kind: Deployment
@@ -34,95 +34,6 @@ spec:
selector: { app: backend }
ports: [{ name: http, port: 80, targetPort: 8083 }]
---
-apiVersion: apps/v1
-kind: Deployment
-metadata: { name: bff, namespace: acme-prod }
-spec:
- replicas: 1
- selector: { matchLabels: { app: bff } }
- template:
- metadata: { labels: { app: bff } }
- spec:
- containers:
- - name: whoami
- image: traefik/whoami:latest
- args: ["--name", "athletic-map-bff acme (stub)"]
- ports: [{ containerPort: 80 }]
----
-apiVersion: v1
-kind: Service
-metadata: { name: bff, namespace: acme-prod }
-spec:
- selector: { app: bff }
- ports: [{ port: 80, targetPort: 80 }]
----
-apiVersion: v1
-kind: ConfigMap
-metadata: { name: frontend-index, namespace: acme-prod }
-data:
- index.html: |
-
-
- Athletic Map — Acme
-
-
-
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata: { name: frontend, namespace: acme-prod }
-spec:
- replicas: 1
- selector: { matchLabels: { app: frontend } }
- template:
- metadata:
- labels: { app: frontend }
- annotations: { configVersion: "spa-2" }
- spec:
- containers:
- - name: nginx
- image: nginx:alpine
- ports: [{ containerPort: 80 }]
- volumeMounts:
- - { name: html, mountPath: /usr/share/nginx/html }
- volumes:
- - name: html
- configMap: { name: frontend-index }
----
-apiVersion: v1
-kind: Service
-metadata: { name: frontend, namespace: acme-prod }
-spec:
- selector: { app: frontend }
- ports: [{ port: 80, targetPort: 80 }]
----
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -142,8 +53,16 @@ spec:
- host: acme.athleticmap.influxdigital.com.br
http:
paths:
+ - { path: /api/configuracao, pathType: Prefix, backend: { service: { name: servico-configuracao, port: { number: 80 } } } }
+ - { path: /api/cadastro, pathType: Prefix, backend: { service: { name: servico-cadastro, port: { number: 80 } } } }
+ - { path: /bff, pathType: Prefix, backend: { service: { name: servico-bff, port: { number: 80 } } } }
+ - { path: /api/organizacao, pathType: Prefix, backend: { service: { name: servico-organizacao, port: { number: 80 } } } }
+ - { path: /api/planejamento, pathType: Prefix, backend: { service: { name: servico-planejamento, port: { number: 80 } } } }
+ - { path: /api/campeonato, pathType: Prefix, backend: { service: { name: servico-campeonato, port: { number: 80 } } } }
+ - { path: /api/saude, pathType: Prefix, backend: { service: { name: servico-saude, port: { number: 80 } } } }
+ - { path: /api/financeiro, pathType: Prefix, backend: { service: { name: servico-financeiro, port: { number: 80 } } } }
- { path: /api, pathType: Prefix, backend: { service: { name: backend, port: { number: 80 } } } }
- - { path: /, pathType: Prefix, backend: { service: { name: frontend, port: { number: 80 } } } }
+ - { path: /, pathType: Prefix, backend: { service: { name: frontend-spa, port: { number: 80 } } } }
- host: auth-acme.athleticmap.influxdigital.com.br
http:
paths:
diff --git a/tenants/acme/70-servico-configuracao.yaml b/tenants/acme/70-servico-configuracao.yaml
new file mode 100644
index 0000000..f5468e6
--- /dev/null
+++ b/tenants/acme/70-servico-configuracao.yaml
@@ -0,0 +1,59 @@
+# Bounded context "configuracao" como app proprio (ADR-0002): Deployment/pod
+# medivel = centro de custo. Schema proprio "configuracao" no Postgres do silo
+# (criado pelo Flyway). Roteado em /api/configuracao no ingress do tenant.
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: servico-configuracao
+ namespace: acme-prod
+ labels:
+ app: servico-configuracao
+ athleticmap.io/contexto: configuracao
+spec:
+ replicas: 1
+ selector: { matchLabels: { app: servico-configuracao } }
+ template:
+ metadata:
+ labels:
+ app: servico-configuracao
+ athleticmap.io/contexto: configuracao
+ spec:
+ containers:
+ - name: servico-configuracao
+ image: docker.io/library/servico-configuracao:1.0
+ imagePullPolicy: Never
+ ports: [{ containerPort: 8083 }]
+ env:
+ - { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
+ - { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
+ - name: SPRING_DATASOURCE_PASSWORD
+ valueFrom:
+ secretKeyRef: { name: db-credentials, key: password }
+ - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
+ - { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
+ - { name: ATM_TENANT, value: "acme" }
+ resources:
+ requests: { cpu: 150m, memory: 320Mi }
+ limits: { cpu: "1", memory: 768Mi }
+ readinessProbe:
+ httpGet: { path: /api/configuracao/health, port: 8083 }
+ initialDelaySeconds: 25
+ periodSeconds: 10
+ failureThreshold: 30
+ livenessProbe:
+ httpGet: { path: /actuator/health/liveness, port: 8083 }
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ failureThreshold: 6
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: servico-configuracao
+ namespace: acme-prod
+ labels:
+ app: servico-configuracao
+spec:
+ selector: { app: servico-configuracao }
+ ports: [{ name: http, port: 80, targetPort: 8083 }]
diff --git a/tenants/acme/72-servico-organizacao.yaml b/tenants/acme/72-servico-organizacao.yaml
new file mode 100644
index 0000000..a2991d7
--- /dev/null
+++ b/tenants/acme/72-servico-organizacao.yaml
@@ -0,0 +1,58 @@
+# Bounded context "organizacao" como app proprio (ADR-0002): Elenco e Turma.
+# Schema proprio "organizacao" (Flyway). Roteado em /api/organizacao no ingress.
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: servico-organizacao
+ namespace: acme-prod
+ labels:
+ app: servico-organizacao
+ athleticmap.io/contexto: organizacao
+spec:
+ replicas: 1
+ selector: { matchLabels: { app: servico-organizacao } }
+ template:
+ metadata:
+ labels:
+ app: servico-organizacao
+ athleticmap.io/contexto: organizacao
+ spec:
+ containers:
+ - name: servico-organizacao
+ image: docker.io/library/servico-organizacao:1.2
+ imagePullPolicy: Never
+ ports: [{ containerPort: 8083 }]
+ env:
+ - { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
+ - { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
+ - name: SPRING_DATASOURCE_PASSWORD
+ valueFrom:
+ secretKeyRef: { name: db-credentials, key: password }
+ - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
+ - { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
+ - { name: ATM_TENANT, value: "acme" }
+ resources:
+ requests: { cpu: 150m, memory: 320Mi }
+ limits: { cpu: "1", memory: 768Mi }
+ readinessProbe:
+ httpGet: { path: /api/organizacao/health, port: 8083 }
+ initialDelaySeconds: 25
+ periodSeconds: 10
+ failureThreshold: 30
+ livenessProbe:
+ httpGet: { path: /actuator/health/liveness, port: 8083 }
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ failureThreshold: 6
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: servico-organizacao
+ namespace: acme-prod
+ labels:
+ app: servico-organizacao
+spec:
+ selector: { app: servico-organizacao }
+ ports: [{ name: http, port: 80, targetPort: 8083 }]
diff --git a/tenants/acme/74-servico-planejamento.yaml b/tenants/acme/74-servico-planejamento.yaml
new file mode 100644
index 0000000..909c544
--- /dev/null
+++ b/tenants/acme/74-servico-planejamento.yaml
@@ -0,0 +1,58 @@
+# Bounded context "planejamento" como app proprio (ADR-0002): Treino e Plano de Aula.
+# Schema proprio "planejamento" (Flyway). Roteado em /api/planejamento no ingress.
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: servico-planejamento
+ namespace: acme-prod
+ labels:
+ app: servico-planejamento
+ athleticmap.io/contexto: planejamento
+spec:
+ replicas: 1
+ selector: { matchLabels: { app: servico-planejamento } }
+ template:
+ metadata:
+ labels:
+ app: servico-planejamento
+ athleticmap.io/contexto: planejamento
+ spec:
+ containers:
+ - name: servico-planejamento
+ image: docker.io/library/servico-planejamento:1.1
+ imagePullPolicy: Never
+ ports: [{ containerPort: 8083 }]
+ env:
+ - { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
+ - { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
+ - name: SPRING_DATASOURCE_PASSWORD
+ valueFrom:
+ secretKeyRef: { name: db-credentials, key: password }
+ - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
+ - { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
+ - { name: ATM_TENANT, value: "acme" }
+ resources:
+ requests: { cpu: 150m, memory: 320Mi }
+ limits: { cpu: "1", memory: 768Mi }
+ readinessProbe:
+ httpGet: { path: /api/planejamento/health, port: 8083 }
+ initialDelaySeconds: 25
+ periodSeconds: 10
+ failureThreshold: 30
+ livenessProbe:
+ httpGet: { path: /actuator/health/liveness, port: 8083 }
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ failureThreshold: 6
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: servico-planejamento
+ namespace: acme-prod
+ labels:
+ app: servico-planejamento
+spec:
+ selector: { app: servico-planejamento }
+ ports: [{ name: http, port: 80, targetPort: 8083 }]
diff --git a/tenants/acme/76-servico-campeonato.yaml b/tenants/acme/76-servico-campeonato.yaml
new file mode 100644
index 0000000..ba9d7ec
--- /dev/null
+++ b/tenants/acme/76-servico-campeonato.yaml
@@ -0,0 +1,58 @@
+# Bounded context "campeonato" (2a onda): Campeonato (estrutura) + Jogo (sumula).
+# Schema proprio "campeonato" (Flyway). Roteado em /api/campeonato no ingress.
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: servico-campeonato
+ namespace: acme-prod
+ labels:
+ app: servico-campeonato
+ athleticmap.io/contexto: campeonato
+spec:
+ replicas: 1
+ selector: { matchLabels: { app: servico-campeonato } }
+ template:
+ metadata:
+ labels:
+ app: servico-campeonato
+ athleticmap.io/contexto: campeonato
+ spec:
+ containers:
+ - name: servico-campeonato
+ image: docker.io/library/servico-campeonato:1.0
+ imagePullPolicy: Never
+ ports: [{ containerPort: 8083 }]
+ env:
+ - { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
+ - { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
+ - name: SPRING_DATASOURCE_PASSWORD
+ valueFrom:
+ secretKeyRef: { name: db-credentials, key: password }
+ - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
+ - { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
+ - { name: ATM_TENANT, value: "acme" }
+ resources:
+ requests: { cpu: 150m, memory: 320Mi }
+ limits: { cpu: "1", memory: 768Mi }
+ readinessProbe:
+ httpGet: { path: /api/campeonato/health, port: 8083 }
+ initialDelaySeconds: 25
+ periodSeconds: 10
+ failureThreshold: 30
+ livenessProbe:
+ httpGet: { path: /actuator/health/liveness, port: 8083 }
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ failureThreshold: 6
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: servico-campeonato
+ namespace: acme-prod
+ labels:
+ app: servico-campeonato
+spec:
+ selector: { app: servico-campeonato }
+ ports: [{ name: http, port: 80, targetPort: 8083 }]
diff --git a/tenants/acme/78-servico-saude.yaml b/tenants/acme/78-servico-saude.yaml
new file mode 100644
index 0000000..8927490
--- /dev/null
+++ b/tenants/acme/78-servico-saude.yaml
@@ -0,0 +1,58 @@
+# Bounded context "saude" (2a onda): RegistroSaude (registros por especialidade).
+# Schema proprio "saude" (Flyway). Roteado em /api/saude no ingress.
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: servico-saude
+ namespace: acme-prod
+ labels:
+ app: servico-saude
+ athleticmap.io/contexto: saude
+spec:
+ replicas: 1
+ selector: { matchLabels: { app: servico-saude } }
+ template:
+ metadata:
+ labels:
+ app: servico-saude
+ athleticmap.io/contexto: saude
+ spec:
+ containers:
+ - name: servico-saude
+ image: docker.io/library/servico-saude:1.0
+ imagePullPolicy: Never
+ ports: [{ containerPort: 8083 }]
+ env:
+ - { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
+ - { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
+ - name: SPRING_DATASOURCE_PASSWORD
+ valueFrom:
+ secretKeyRef: { name: db-credentials, key: password }
+ - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
+ - { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
+ - { name: ATM_TENANT, value: "acme" }
+ resources:
+ requests: { cpu: 150m, memory: 320Mi }
+ limits: { cpu: "1", memory: 768Mi }
+ readinessProbe:
+ httpGet: { path: /api/saude/health, port: 8083 }
+ initialDelaySeconds: 25
+ periodSeconds: 10
+ failureThreshold: 30
+ livenessProbe:
+ httpGet: { path: /actuator/health/liveness, port: 8083 }
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ failureThreshold: 6
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: servico-saude
+ namespace: acme-prod
+ labels:
+ app: servico-saude
+spec:
+ selector: { app: servico-saude }
+ ports: [{ name: http, port: 80, targetPort: 8083 }]
diff --git a/tenants/acme/79-servico-financeiro.yaml b/tenants/acme/79-servico-financeiro.yaml
new file mode 100644
index 0000000..0bb3da2
--- /dev/null
+++ b/tenants/acme/79-servico-financeiro.yaml
@@ -0,0 +1,58 @@
+# Bounded context "financeiro" (2a onda): Cobranca + ApuracaoRateio (centros de custo).
+# Schema proprio "financeiro" (Flyway). Roteado em /api/financeiro no ingress.
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: servico-financeiro
+ namespace: acme-prod
+ labels:
+ app: servico-financeiro
+ athleticmap.io/contexto: financeiro
+spec:
+ replicas: 1
+ selector: { matchLabels: { app: servico-financeiro } }
+ template:
+ metadata:
+ labels:
+ app: servico-financeiro
+ athleticmap.io/contexto: financeiro
+ spec:
+ containers:
+ - name: servico-financeiro
+ image: docker.io/library/servico-financeiro:1.0
+ imagePullPolicy: Never
+ ports: [{ containerPort: 8083 }]
+ env:
+ - { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
+ - { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
+ - name: SPRING_DATASOURCE_PASSWORD
+ valueFrom:
+ secretKeyRef: { name: db-credentials, key: password }
+ - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
+ - { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
+ - { name: ATM_TENANT, value: "acme" }
+ resources:
+ requests: { cpu: 150m, memory: 320Mi }
+ limits: { cpu: "1", memory: 768Mi }
+ readinessProbe:
+ httpGet: { path: /api/financeiro/health, port: 8083 }
+ initialDelaySeconds: 25
+ periodSeconds: 10
+ failureThreshold: 30
+ livenessProbe:
+ httpGet: { path: /actuator/health/liveness, port: 8083 }
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ failureThreshold: 6
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: servico-financeiro
+ namespace: acme-prod
+ labels:
+ app: servico-financeiro
+spec:
+ selector: { app: servico-financeiro }
+ ports: [{ name: http, port: 80, targetPort: 8083 }]
diff --git a/tenants/acme/80-servico-cadastro.yaml b/tenants/acme/80-servico-cadastro.yaml
new file mode 100644
index 0000000..a03c2ff
--- /dev/null
+++ b/tenants/acme/80-servico-cadastro.yaml
@@ -0,0 +1,59 @@
+# Bounded context "cadastro" como app proprio (ADR-0002/0003): Deployment/pod
+# medivel = centro de custo. Schema proprio "cadastro" no Postgres do silo
+# (criado pelo Flyway). Roteado em /api/cadastro no ingress do tenant.
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: servico-cadastro
+ namespace: acme-prod
+ labels:
+ app: servico-cadastro
+ athleticmap.io/contexto: cadastro
+spec:
+ replicas: 1
+ selector: { matchLabels: { app: servico-cadastro } }
+ template:
+ metadata:
+ labels:
+ app: servico-cadastro
+ athleticmap.io/contexto: cadastro
+ spec:
+ containers:
+ - name: servico-cadastro
+ image: docker.io/library/servico-cadastro:1.2
+ imagePullPolicy: Never
+ ports: [{ containerPort: 8083 }]
+ env:
+ - { name: SPRING_DATASOURCE_URL, value: "jdbc:postgresql://postgres:5432/athleticmap" }
+ - { name: SPRING_DATASOURCE_USERNAME, value: "atm" }
+ - name: SPRING_DATASOURCE_PASSWORD
+ valueFrom:
+ secretKeyRef: { name: db-credentials, key: password }
+ - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
+ - { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
+ - { name: ATM_TENANT, value: "acme" }
+ resources:
+ requests: { cpu: 150m, memory: 320Mi }
+ limits: { cpu: "1", memory: 768Mi }
+ readinessProbe:
+ httpGet: { path: /api/cadastro/health, port: 8083 }
+ initialDelaySeconds: 25
+ periodSeconds: 10
+ failureThreshold: 30
+ livenessProbe:
+ httpGet: { path: /actuator/health/liveness, port: 8083 }
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ failureThreshold: 6
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: servico-cadastro
+ namespace: acme-prod
+ labels:
+ app: servico-cadastro
+spec:
+ selector: { app: servico-cadastro }
+ ports: [{ name: http, port: 80, targetPort: 8083 }]
diff --git a/tenants/acme/90-servico-bff.yaml b/tenants/acme/90-servico-bff.yaml
new file mode 100644
index 0000000..e85a0b6
--- /dev/null
+++ b/tenants/acme/90-servico-bff.yaml
@@ -0,0 +1,60 @@
+# BFF (Backend-for-Frontend) — ponto unico da SPA; agrega configuracao + cadastro
+# com token relay. Stateless (sem banco). Roteado em /bff no ingress do tenant.
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: servico-bff
+ namespace: acme-prod
+ labels:
+ app: servico-bff
+ athleticmap.io/contexto: bff
+spec:
+ replicas: 1
+ selector: { matchLabels: { app: servico-bff } }
+ template:
+ metadata:
+ labels:
+ app: servico-bff
+ athleticmap.io/contexto: bff
+ spec:
+ containers:
+ - name: servico-bff
+ image: docker.io/library/servico-bff:1.5
+ imagePullPolicy: Never
+ ports: [{ containerPort: 8083 }]
+ env:
+ - { name: ATM_CONFIG_URL, value: "http://servico-configuracao" }
+ - { name: ATM_CADASTRO_URL, value: "http://servico-cadastro" }
+ - { name: ATM_ORGANIZACAO_URL, value: "http://servico-organizacao" }
+ - { name: ATM_PLANEJAMENTO_URL, value: "http://servico-planejamento" }
+ - { name: ATM_CAMPEONATO_URL, value: "http://servico-campeonato" }
+ - { name: ATM_SAUDE_URL, value: "http://servico-saude" }
+ - { name: ATM_FINANCEIRO_URL, value: "http://servico-financeiro" }
+ - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" }
+ - { name: ATM_ISSUER, value: "https://auth-acme.athleticmap.influxdigital.com.br/realms/athleticmap" }
+ - { name: ATM_TENANT, value: "acme" }
+ resources:
+ requests: { cpu: 100m, memory: 256Mi }
+ limits: { cpu: 500m, memory: 512Mi }
+ readinessProbe:
+ httpGet: { path: /bff/health, port: 8083 }
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ failureThreshold: 30
+ livenessProbe:
+ httpGet: { path: /actuator/health/liveness, port: 8083 }
+ initialDelaySeconds: 50
+ periodSeconds: 20
+ failureThreshold: 6
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: servico-bff
+ namespace: acme-prod
+ labels:
+ app: servico-bff
+spec:
+ selector: { app: servico-bff }
+ ports: [{ name: http, port: 80, targetPort: 8083 }]
diff --git a/tenants/acme/95-frontend-spa.yaml b/tenants/acme/95-frontend-spa.yaml
new file mode 100644
index 0000000..7101c84
--- /dev/null
+++ b/tenants/acme/95-frontend-spa.yaml
@@ -0,0 +1,48 @@
+# SPA Angular (shell OIDC + admin de catalogos + cadastro de Atleta) consumindo
+# o BFF. Substitui o stub estatico nginx/configMap. Roteado em / no ingress.
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: frontend-spa
+ namespace: acme-prod
+ labels:
+ app: frontend-spa
+ athleticmap.io/contexto: frontend
+spec:
+ replicas: 1
+ selector: { matchLabels: { app: frontend-spa } }
+ template:
+ metadata:
+ labels:
+ app: frontend-spa
+ athleticmap.io/contexto: frontend
+ spec:
+ containers:
+ - name: frontend-spa
+ image: docker.io/library/frontend-spa:1.6
+ imagePullPolicy: Never
+ ports: [{ containerPort: 80 }]
+ env:
+ - { name: ATM_KC_URL, value: "https://auth-acme.athleticmap.influxdigital.com.br" }
+ - { name: ATM_REALM, value: "athleticmap" }
+ - { name: ATM_CLIENT, value: "spa" }
+ - { name: ATM_TENANT, value: "acme" }
+ resources:
+ requests: { cpu: 50m, memory: 64Mi }
+ limits: { cpu: 200m, memory: 128Mi }
+ readinessProbe:
+ httpGet: { path: /, port: 80 }
+ initialDelaySeconds: 5
+ periodSeconds: 10
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: frontend-spa
+ namespace: acme-prod
+ labels:
+ app: frontend-spa
+spec:
+ selector: { app: frontend-spa }
+ ports: [{ name: http, port: 80, targetPort: 80 }]