Spaces:

salvinjose
/

HNTAI

Paused

File size: 2,846 Bytes

4156c57

apiVersion: v1
kind: Namespace
metadata:
  name: medical-ai
  labels:
    name: medical-ai
    compliance: hipaa
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: medical-ai-default-deny
  namespace: medical-ai
spec:
  podSelector: {}
  policyTypes: ["Ingress","Egress"]
  egress:
  - to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
    ports:
    - protocol: UDP
      port: 53
    - protocol: TCP
      port: 53
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ai-service
  namespace: medical-ai
spec:
  replicas: 2
  selector:
    matchLabels:
      app: ai-service
  template:
    metadata:
      labels:
        app: ai-service
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 1001
        fsGroup: 1001
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: ai-service
          image: your-registry/ai-service:latest
          ports:
            - containerPort: 7860
              name: http
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            capabilities:
              drop: ["ALL"]
          env:
          - name: DATABASE_URL
            valueFrom:
              secretKeyRef:
                name: medical-ai-secrets
                key: DATABASE_URL
          - name: REDIS_URL
            valueFrom:
              secretKeyRef:
                name: medical-ai-secrets
                key: REDIS_URL
          - name: SECRET_KEY
            valueFrom:
              secretKeyRef:
                name: medical-ai-secrets
                key: SECRET_KEY
          - name: JWT_SECRET_KEY
            valueFrom:
              secretKeyRef:
                name: medical-ai-secrets
                key: JWT_SECRET_KEY
          readinessProbe:
            httpGet:
              path: /health/ready
              port: http
            initialDelaySeconds: 20
          livenessProbe:
            httpGet:
              path: /health/live
              port: http
            initialDelaySeconds: 30
          volumeMounts:
          - name: tmp
            mountPath: /tmp
          - name: uploads
            mountPath: /app/uploads
          - name: models
            mountPath: /app/models
          resources:
            requests:
              cpu: "500m"
              memory: "2Gi"
            limits:
              cpu: "2000m"
              memory: "4Gi"
      volumes:
      - name: tmp
        emptyDir: {}
      - name: uploads
        emptyDir: {}
      - name: models
        emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: ai-service
  namespace: medical-ai
spec:
  selector:
    app: ai-service
  ports:
    - port: 80
      targetPort: http