Google Git
Sign in
skia / buildbot / b2265e3673b70636c785decde89da2b1a43a608c / . / golden / k8s-config-templates / gold-skiacorrectness-template.yaml
blob: d01da583559050b403fb8a33c6798ec6755759a7 [file] [log] [blame]
apiVersion: v1
kind: Service
metadata:
name: gold-{{.INSTANCE_ID}}-skiacorrectness
annotations:
beta.cloud.google.com/backend-config: '{"ports": {"8000":"skia-default-backendconfig"}}'
spec:
ports:
- name: http
port: 8000
- name: metrics
port: 20000
selector:
app: gold-{{.INSTANCE_ID}}-skiacorrectness
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gold-{{.INSTANCE_ID}}-skiacorrectness
spec:
replicas: 1
selector:
matchLabels:
app: gold-{{.INSTANCE_ID}}-skiacorrectness
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: gold-{{.INSTANCE_ID}}-skiacorrectness
appgroup: gold-{{.INSTANCE_ID}}
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: gold-{{.INSTANCE_ID}}-skiacorrectness
image: {{.SKIACORRECTNESS_IMAGE}}
args:
- "--app_title={{.SKCORR_TITLE}}"
- "--authoritative={{.AUTHORITATIVE}}"
- "--auth_users={{.AUTH_USERS}}"
- "--bt_instance={{.BIGTABLE_INSTANCE}}"
- "--bt_project_id={{.BIGTABLE_PROJECT}}"
- "--changelist_tracking={{.CHANGELIST_TRACKING}}"
- "--cis_url_template={{.CIS_URL_TEMPLATE}}"
- "--crs_url_template={{.CRS_URL_TEMPLATE}}"
- "--default_corpus={{.SKCORR_DEFAULT_CORPUS}}"
- "--diff_server_grpc={{.SKCORR_DIFF_SERVER}}:8000"
- "--diff_server_http={{.SKCORR_DIFF_SERVER}}:8001"
- "--ds_namespace={{.DATASTORE_NAMESPACE}}"
- "--ds_project_id={{.DATASTORE_PROJECT}}"
- "--event_topic=gold-{{.INSTANCE_ID}}-eventbus"
- "--force_login={{.FORCE_LOGIN}}"
- "--fs_namespace={{.FIRESTORE_NAMESPACE}}"
- "--fs_project_id={{.FIRESTORE_PROJECT}}"
- "--gerrit_url={{.GERRIT_URL}}"
- "--git_bt_table={{.GIT_BT_TABLE}}"
- "--git_repo_url={{.GITREPO_URL}}"
{{if eq .CODE_REVIEW_SYSTEM "github"}}
- "--github_cred_path=/var/secrets/github/github_token"
- "--github_repo={{.GITHUB_REPO}}"
{{end}}
- "--hashes_gs_path={{.BUCKET}}/hash_files/{{.HASHES_FILE}}"
- "--lit_html_dir=/usr/local/share/skiacorrectness"
- "--logtostderr=true"
- "--n_commits={{.N_COMMITS}}"
- "--no_cloud_log=true"
- "--primary_crs={{.CODE_REVIEW_SYSTEM}}"
- "--port=:8000"
- "--prom_port=:20000"
{{if .AUTHORIZED_PARAMS}}
- "--public_whitelist=/etc/gold/authorized-params.json5"
{{else}}
- "--public_whitelist=all"
{{end}}
- "--pubsub_project_id={{.PUBSUB_PROJECT}}"
- "--redirect_url={{.SITE_URL}}/oauth2callback/"
- "--resources_dir=/usr/local/share/skiacorrectness/frontend"
- "--show_bot_progress=false"
- "--site_url={{.SITE_URL}}"
- "--tile_freshness={{.TILE_FRESHNESS}}"
- "--trace_bt_table={{.BIGTABLE_TABLE}}"
ports:
- containerPort: 8000
name: http
- containerPort: 20000
name: prom
volumeMounts:
- name: gold-service-account-secrets
mountPath: /var/secrets/google/
- name: {{.LOGIN_SECRETS}}
mountPath: /etc/skia.org/
{{if .AUTHORIZED_PARAMS}}
- name: gold-authorized-params-volume
mountPath: /etc/gold/
{{end}}
{{if eq .CODE_REVIEW_SYSTEM "github"}}
- name: gold-github-token
mountPath: /var/secrets/github/
{{end}}
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/service-account.json
resources:
requests:
memory: "{{.MAIN_MEMORY}}"
cpu: "{{.MAIN_CPU}}"
readinessProbe:
httpGet:
path: /healthz
port: 8000
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
volumes:
- name: gold-service-account-secrets
secret:
secretName: gold-service-account-secrets
- name: {{.LOGIN_SECRETS}}
secret:
secretName: {{.LOGIN_SECRETS}}
{{if .AUTHORIZED_PARAMS}}
- name: gold-authorized-params-volume
configMap:
defaultMode: 420
name: {{.AUTHORIZED_PARAMS}}
{{end}}
{{if eq .CODE_REVIEW_SYSTEM "github"}}
- name: gold-github-token
secret:
secretName: gold-github-token
{{end}}