apiVersion: v1 kind: ServiceAccount metadata: name: mpc-session-coordinator namespace: mpc-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: mpc-session-coordinator-role namespace: mpc-system rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["services"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: mpc-session-coordinator-rolebinding namespace: mpc-system subjects: - kind: ServiceAccount name: mpc-session-coordinator namespace: mpc-system roleRef: kind: Role name: mpc-session-coordinator-role apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: name: mpc-session-coordinator namespace: mpc-system labels: app: mpc-session-coordinator component: core spec: replicas: 2 # Can scale horizontally for high availability selector: matchLabels: app: mpc-session-coordinator template: metadata: labels: app: mpc-session-coordinator component: core spec: serviceAccountName: mpc-session-coordinator containers: - name: session-coordinator image: mpc-system/session-coordinator:latest imagePullPolicy: IfNotPresent ports: - name: grpc containerPort: 50051 protocol: TCP - name: http containerPort: 8080 protocol: TCP env: - name: MPC_SERVER_GRPC_PORT value: "50051" - name: MPC_SERVER_HTTP_PORT value: "8080" - name: MPC_SERVER_ENVIRONMENT valueFrom: configMapKeyRef: name: mpc-config key: environment - name: MPC_DATABASE_HOST valueFrom: configMapKeyRef: name: mpc-config key: postgres_host - name: MPC_DATABASE_PORT value: "5432" - name: MPC_DATABASE_USER valueFrom: secretKeyRef: name: mpc-secrets key: postgres_user - name: MPC_DATABASE_PASSWORD valueFrom: secretKeyRef: name: mpc-secrets key: postgres_password - name: MPC_DATABASE_DBNAME value: "mpc_system" - name: MPC_DATABASE_SSLMODE value: "disable" - name: MPC_REDIS_HOST valueFrom: configMapKeyRef: name: mpc-config key: redis_host - name: MPC_REDIS_PORT value: "6379" - name: MPC_REDIS_PASSWORD valueFrom: secretKeyRef: name: mpc-secrets key: redis_password optional: true - name: MPC_RABBITMQ_HOST valueFrom: configMapKeyRef: name: mpc-config key: rabbitmq_host - name: MPC_RABBITMQ_PORT value: "5672" - name: MPC_RABBITMQ_USER valueFrom: secretKeyRef: name: mpc-secrets key: rabbitmq_user - name: MPC_RABBITMQ_PASSWORD valueFrom: secretKeyRef: name: mpc-secrets key: rabbitmq_password - name: MPC_JWT_SECRET_KEY valueFrom: secretKeyRef: name: mpc-secrets key: jwt_secret_key - name: MPC_JWT_ISSUER value: "mpc-system" # K8s service discovery configuration - name: K8S_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MPC_PARTY_SERVICE_NAME value: "mpc-server-party" - name: MPC_PARTY_LABEL_SELECTOR value: "app=mpc-server-party" - name: MPC_PARTY_GRPC_PORT value: "50051" - name: MPC_PARTY_DISCOVERY_INTERVAL value: "30s" resources: requests: memory: "256Mi" cpu: "250m" limits: memory: "512Mi" cpu: "500m" livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 2 --- apiVersion: v1 kind: Service metadata: name: mpc-session-coordinator namespace: mpc-system labels: app: mpc-session-coordinator spec: selector: app: mpc-session-coordinator type: ClusterIP ports: - name: grpc port: 50051 targetPort: 50051 protocol: TCP - name: http port: 8080 targetPort: 8080 protocol: TCP