apiVersion: apps/v1 kind: Deployment metadata: name: rxminder-frontend spec: template: spec: containers: - name: frontend resources: requests: memory: '256Mi' cpu: '100m' limits: memory: '512Mi' cpu: '500m' # Production environment variables env: - name: NODE_ENV value: 'production' - name: LOG_LEVEL value: 'warn' - name: ENABLE_MONITORING value: 'true' # Production readiness and liveness probes with tighter timings livenessProbe: httpGet: path: /health port: 80 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /ready port: 80 initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 3 # Security context for production securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 capabilities: drop: - ALL # Pod-level security and scheduling for production securityContext: fsGroup: 1000 runAsNonRoot: true seccompProfile: type: RuntimeDefault # Production scheduling preferences affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - rxminder - key: component operator: In values: - frontend topologyKey: kubernetes.io/hostname # Toleration for production node taints tolerations: - key: 'node-role.kubernetes.io/production' operator: 'Equal' value: 'true' effect: 'NoSchedule'