Skip to content

P2: Reference deployment manifests — k8s + prod Compose (#179)#196

Open
dkijania wants to merge 1 commit into
mainfrom
docs/deploy-manifests
Open

P2: Reference deployment manifests — k8s + prod Compose (#179)#196
dkijania wants to merge 1 commit into
mainfrom
docs/deploy-manifests

Conversation

@dkijania

Copy link
Copy Markdown
Contributor

What & why

Part of the production-readiness epic (#163). Closes #179.

There were no production deployment artifacts — operators had npm/Docker/Compose for dev but no opinionated manifest with probes, resource limits, and a hardened runtime.

Adds deploy/

  • kubernetes.yamlDeployment + Service + HorizontalPodAutoscaler (+ placeholder Secret) with production defaults:
    • liveness on /healthcheck, readiness on /readiness
    • resource requests/limits, 2→6 CPU autoscaler
    • hardened pod securityContext (non-root, readOnlyRootFilesystem, no privilege escalation, all caps dropped, RuntimeDefault seccomp)
    • Prometheus scrape annotations for /metrics
    • terminationGracePeriodSeconds: 30 matching the graceful-shutdown drain
  • docker-compose.prod.yml — the published image against an external read-only Postgres, with CPU/memory caps.
  • README.md — usage + how it maps to the security deployment contract.

Linked from the root README. References the probe/metrics endpoints delivered by the sibling P1 PRs (#169/#173).

Testing

Docs/manifests only. prettier --debug-check . clean; YAML structure validated. No application code changed.

🤖 Generated with Claude Code

There were no production deployment artifacts — operators had npm/Docker/Compose
for dev but no opinionated manifest with probes, resource limits, and a hardened
runtime.

Add deploy/:
- kubernetes.yaml — Deployment + Service + HPA (+ placeholder Secret) with
  liveness (/healthcheck) and readiness (/readiness) probes, resource
  requests/limits, a 2→6 CPU autoscaler, Prometheus scrape annotations for
  /metrics, a hardened pod securityContext (non-root, readOnlyRootFilesystem,
  no privilege escalation, all caps dropped, RuntimeDefault seccomp), and a
  30s termination grace period matching the graceful-shutdown drain.
- docker-compose.prod.yml — the published image against an external read-only
  Postgres, with CPU/memory caps.
- README.md — usage and how this maps to the security deployment contract.

Linked from the root README. References the probe/metrics endpoints delivered by
the sibling P1 PRs.

Closes #179.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01QSuak9smCHbp4N17xjjLF6
@dkijania dkijania added documentation Improvements or additions to documentation production-readiness Work toward making the API production-ready / publicly available P2 GA polish / hygiene labels Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation P2 GA polish / hygiene production-readiness Work toward making the API production-ready / publicly available

Projects

None yet

Development

Successfully merging this pull request may close these issues.

P2: Reference deployment artifacts (k8s/Helm/Compose-prod) + resource limits

1 participant