modelRT/deploy/k8s/modelrt-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: modelrt
  labels:
    app: modelrt
spec:
  replicas: 1
  selector:
    matchLabels:
      app: modelrt
  template:
    metadata:
      labels:
        app: modelrt
    spec:
      containers:
        - name: modelrt
          image: modelrt:v1
          imagePullPolicy: IfNotPresent
          command: ["/app/modelrt"]
          args:
            - "-modelRT_config_dir=/app/configs"
            - "-modelRT_config_name=config"
            - "-modelRT_config_type=yaml"
          ports:
            - containerPort: 8080
          env:
            # Downward API — injected into every log line by logger/zap.go containerFields()
            - name: K8S_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: K8S_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            # HOSTNAME is set automatically by K8s to the pod name
            # Sensitive values injected from Secret so they stay out of ConfigMap
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: modelrt-secret
                  key: postgres-password
            - name: SERVICE_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: modelrt-secret
                  key: secret-key
          volumeMounts:
            - name: config
              mountPath: /app/configs/config.yaml
              subPath: config.yaml
              readOnly: true
            - name: certs
              mountPath: /app/configs/certs
              readOnly: true
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 500m
              memory: 512Mi
          securityContext:
            runAsUser: 1000
            runAsNonRoot: true
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
          livenessProbe:
            tcpSocket:
              port: 8080
            initialDelaySeconds: 10
            periodSeconds: 30
            failureThreshold: 3
          readinessProbe:
            tcpSocket:
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 10
            failureThreshold: 3
      volumes:
        - name: config
          configMap:
            name: modelrt-config
        - name: certs
          secret:
            secretName: modelrt-certs
feat: add dedicated message-exchange for task lifecycle notifications - add constants/message.go with MessageTask* categories and message-exchange / message-queue / dead-letter routing constants - add mq/publish_message.go with PushMessageToRabbitMQ (confirm mode, dead-letter queue) separate from the existing event-exchange publisher - add mq/emit.go with TryEmitMessage for non-blocking, OTel-traced dispatch - add mq/event/task_event_gen.go with NewTaskSubmitted/Running/Completed/ Failed/CancelledMessage constructors - wire TryEmitMessage into task worker and create/cancel handlers so all 5 lifecycle transitions are published (previously task.* routed to event-exchange with no matching binding, causing silent drops) - harden Dockerfile: scratch final image, pinned alpine:3.21 certs stage, apk upgrade in builder, add -trimpath -mod=readonly go build flags - add full K8s manifests under deploy/k8s/ for Redis, RabbitMQ (mTLS), ModelRT (Downward API, scratch image, readOnlyRootFilesystem), Jaeger, Loki, Promtail, Grafana - expand deploy.md with async_task SQL schema, TLS cert generation steps, K8s deployment procedures, and SSH tunnel configuration 2026-05-13 16:58:36 +08:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: modelrt`
			`labels:`
			`app: modelrt`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: modelrt`
			`template:`
			`metadata:`
			`labels:`
			`app: modelrt`
			`spec:`
			`containers:`
			`- name: modelrt`
fix: fix K8s service names, deployment command, and GORM logger - rename all K8s services to xxx-service convention and update all configmap references (postgres, mongodb, loki, jaeger) - add explicit command: ["/app/modelrt"] to deployment to prevent args from being treated as the executable (no ENTRYPOINT in Dockerfile) - set deploy_env to development to bypass Redis empty-password guard in non-production Minikube environment - fix GormLogger Info/Warn/Error to use fmt.Sprintf(msg, data...) so GORM printf-style messages are formatted correctly and avoid json: unsupported type: func() time.Time serialization panic - expand pg PVC storage from 2Gi to 6Gi - rename loop variable msg to task in PushTaskToRabbitMQ for clarity - align comment indentation in queue_producer.go 2026-06-03 17:11:54 +08:00			`image: modelrt:v1`
feat: add dedicated message-exchange for task lifecycle notifications - add constants/message.go with MessageTask* categories and message-exchange / message-queue / dead-letter routing constants - add mq/publish_message.go with PushMessageToRabbitMQ (confirm mode, dead-letter queue) separate from the existing event-exchange publisher - add mq/emit.go with TryEmitMessage for non-blocking, OTel-traced dispatch - add mq/event/task_event_gen.go with NewTaskSubmitted/Running/Completed/ Failed/CancelledMessage constructors - wire TryEmitMessage into task worker and create/cancel handlers so all 5 lifecycle transitions are published (previously task.* routed to event-exchange with no matching binding, causing silent drops) - harden Dockerfile: scratch final image, pinned alpine:3.21 certs stage, apk upgrade in builder, add -trimpath -mod=readonly go build flags - add full K8s manifests under deploy/k8s/ for Redis, RabbitMQ (mTLS), ModelRT (Downward API, scratch image, readOnlyRootFilesystem), Jaeger, Loki, Promtail, Grafana - expand deploy.md with async_task SQL schema, TLS cert generation steps, K8s deployment procedures, and SSH tunnel configuration 2026-05-13 16:58:36 +08:00			`imagePullPolicy: IfNotPresent`
fix: fix K8s service names, deployment command, and GORM logger - rename all K8s services to xxx-service convention and update all configmap references (postgres, mongodb, loki, jaeger) - add explicit command: ["/app/modelrt"] to deployment to prevent args from being treated as the executable (no ENTRYPOINT in Dockerfile) - set deploy_env to development to bypass Redis empty-password guard in non-production Minikube environment - fix GormLogger Info/Warn/Error to use fmt.Sprintf(msg, data...) so GORM printf-style messages are formatted correctly and avoid json: unsupported type: func() time.Time serialization panic - expand pg PVC storage from 2Gi to 6Gi - rename loop variable msg to task in PushTaskToRabbitMQ for clarity - align comment indentation in queue_producer.go 2026-06-03 17:11:54 +08:00			`command: ["/app/modelrt"]`
feat: add dedicated message-exchange for task lifecycle notifications - add constants/message.go with MessageTask* categories and message-exchange / message-queue / dead-letter routing constants - add mq/publish_message.go with PushMessageToRabbitMQ (confirm mode, dead-letter queue) separate from the existing event-exchange publisher - add mq/emit.go with TryEmitMessage for non-blocking, OTel-traced dispatch - add mq/event/task_event_gen.go with NewTaskSubmitted/Running/Completed/ Failed/CancelledMessage constructors - wire TryEmitMessage into task worker and create/cancel handlers so all 5 lifecycle transitions are published (previously task.* routed to event-exchange with no matching binding, causing silent drops) - harden Dockerfile: scratch final image, pinned alpine:3.21 certs stage, apk upgrade in builder, add -trimpath -mod=readonly go build flags - add full K8s manifests under deploy/k8s/ for Redis, RabbitMQ (mTLS), ModelRT (Downward API, scratch image, readOnlyRootFilesystem), Jaeger, Loki, Promtail, Grafana - expand deploy.md with async_task SQL schema, TLS cert generation steps, K8s deployment procedures, and SSH tunnel configuration 2026-05-13 16:58:36 +08:00			`args:`
			`- "-modelRT_config_dir=/app/configs"`
			`- "-modelRT_config_name=config"`
			`- "-modelRT_config_type=yaml"`
			`ports:`
			`- containerPort: 8080`
			`env:`
			`# Downward API — injected into every log line by logger/zap.go containerFields()`
			`- name: K8S_NAMESPACE`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.namespace`
			`- name: K8S_NODE_NAME`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: spec.nodeName`
			`# HOSTNAME is set automatically by K8s to the pod name`
			`# Sensitive values injected from Secret so they stay out of ConfigMap`
			`- name: POSTGRES_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: modelrt-secret`
			`key: postgres-password`
			`- name: SERVICE_SECRET_KEY`
			`valueFrom:`
			`secretKeyRef:`
			`name: modelrt-secret`
			`key: secret-key`
			`volumeMounts:`
			`- name: config`
			`mountPath: /app/configs/config.yaml`
			`subPath: config.yaml`
			`readOnly: true`
			`- name: certs`
			`mountPath: /app/configs/certs`
			`readOnly: true`
			`resources:`
			`requests:`
			`cpu: 100m`
			`memory: 128Mi`
			`limits:`
			`cpu: 500m`
			`memory: 512Mi`
			`securityContext:`
			`runAsUser: 1000`
			`runAsNonRoot: true`
			`readOnlyRootFilesystem: true`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`livenessProbe:`
			`tcpSocket:`
			`port: 8080`
			`initialDelaySeconds: 10`
			`periodSeconds: 30`
			`failureThreshold: 3`
			`readinessProbe:`
			`tcpSocket:`
			`port: 8080`
			`initialDelaySeconds: 5`
			`periodSeconds: 10`
			`failureThreshold: 3`
			`volumes:`
			`- name: config`
			`configMap:`
			`name: modelrt-config`
			`- name: certs`
			`secret:`
			`secretName: modelrt-certs`