# ============================================================ # Deployment: content-security-service # Content security microservice for UGC moderation. # Shared by multiple mini-games via game_id tenant isolation. # ============================================================ apiVersion: apps/v1 kind: Deployment metadata: name: content-security-service namespace: content-security labels: app: content-security-service app.kubernetes.io/part-of: content-security spec: replicas: 2 selector: matchLabels: app: content-security-service strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 template: metadata: labels: app: content-security-service annotations: prometheus.io/scrape: "true" prometheus.io/port: "3000" prometheus.io/path: "/metrics" spec: containers: - name: content-security-service image: content-security-service:latest imagePullPolicy: Never ports: - name: http containerPort: 3000 protocol: TCP envFrom: - configMapRef: name: content-security-config - secretRef: name: content-security-secrets livenessProbe: httpGet: path: /api/health port: 3000 initialDelaySeconds: 15 periodSeconds: 15 timeoutSeconds: 3 failureThreshold: 3 readinessProbe: httpGet: path: /api/health port: 3000 initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 2 failureThreshold: 3 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi volumeMounts: - name: audit-logs mountPath: /app/logs/audit volumes: - name: audit-logs emptyDir: {} terminationGracePeriodSeconds: 15