| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: gold-{{.INSTANCE_ID}}-skiacorrectness |
| annotations: |
| beta.cloud.google.com/backend-config: '{"ports": {"8000":"skia-default-backendconfig"}}' |
| spec: |
| ports: |
| - name: http |
| port: 8000 |
| - name: metrics |
| port: 20000 |
| selector: |
| app: gold-{{.INSTANCE_ID}}-skiacorrectness |
| type: NodePort |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: gold-{{.INSTANCE_ID}}-skiacorrectness |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| app: gold-{{.INSTANCE_ID}}-skiacorrectness |
| strategy: |
| type: RollingUpdate |
| template: |
| metadata: |
| labels: |
| app: gold-{{.INSTANCE_ID}}-skiacorrectness |
| appgroup: gold-{{.INSTANCE_ID}} |
| annotations: |
| prometheus.io.scrape: "true" |
| prometheus.io.port: "20000" |
| spec: |
| automountServiceAccountToken: false |
| securityContext: |
| runAsUser: 2000 # aka skia |
| fsGroup: 2000 # aka skia |
| containers: |
| - name: gold-{{.INSTANCE_ID}}-skiacorrectness |
| image: {{.SKIACORRECTNESS_IMAGE}} |
| args: |
| - "--app_title={{.SKCORR_TITLE}}" |
| - "--authoritative={{.AUTHORITATIVE}}" |
| - "--auth_users={{.AUTH_USERS}}" |
| - "--bt_instance={{.BIGTABLE_INSTANCE}}" |
| - "--bt_project_id={{.BIGTABLE_PROJECT}}" |
| - "--changelist_tracking={{.CHANGELIST_TRACKING}}" |
| - "--cis_url_template={{.CIS_URL_TEMPLATE}}" |
| - "--crs_url_template={{.CRS_URL_TEMPLATE}}" |
| - "--default_corpus={{.SKCORR_DEFAULT_CORPUS}}" |
| - "--diff_server_grpc={{.SKCORR_DIFF_SERVER}}:8000" |
| - "--diff_server_http={{.SKCORR_DIFF_SERVER}}:8001" |
| - "--ds_namespace={{.DATASTORE_NAMESPACE}}" |
| - "--ds_project_id={{.DATASTORE_PROJECT}}" |
| - "--event_topic=gold-{{.INSTANCE_ID}}-eventbus" |
| - "--force_login={{.FORCE_LOGIN}}" |
| - "--fs_namespace={{.FIRESTORE_NAMESPACE}}" |
| - "--fs_project_id={{.FIRESTORE_PROJECT}}" |
| - "--gerrit_url={{.GERRIT_URL}}" |
| - "--git_bt_table={{.GIT_BT_TABLE}}" |
| - "--git_repo_url={{.GITREPO_URL}}" |
| {{if eq .CODE_REVIEW_SYSTEM "github"}} |
| - "--github_cred_path=/var/secrets/github/github_token" |
| - "--github_repo={{.GITHUB_REPO}}" |
| {{end}} |
| - "--hashes_gs_path={{.BUCKET}}/hash_files/{{.HASHES_FILE}}" |
| - "--lit_html_dir=/usr/local/share/skiacorrectness" |
| - "--logtostderr=true" |
| - "--n_commits={{.N_COMMITS}}" |
| - "--no_cloud_log=true" |
| - "--primary_crs={{.CODE_REVIEW_SYSTEM}}" |
| - "--port=:8000" |
| - "--prom_port=:20000" |
| {{if .AUTHORIZED_PARAMS}} |
| - "--public_whitelist=/etc/gold/authorized-params.json5" |
| {{else}} |
| - "--public_whitelist=all" |
| {{end}} |
| - "--pubsub_project_id={{.PUBSUB_PROJECT}}" |
| - "--redirect_url={{.SITE_URL}}/oauth2callback/" |
| - "--resources_dir=/usr/local/share/skiacorrectness/frontend" |
| - "--show_bot_progress=false" |
| - "--site_url={{.SITE_URL}}" |
| - "--tile_freshness={{.TILE_FRESHNESS}}" |
| - "--trace_bt_table={{.BIGTABLE_TABLE}}" |
| ports: |
| - containerPort: 8000 |
| name: http |
| - containerPort: 20000 |
| name: prom |
| volumeMounts: |
| - name: gold-service-account-secrets |
| mountPath: /var/secrets/google/ |
| - name: {{.LOGIN_SECRETS}} |
| mountPath: /etc/skia.org/ |
| {{if .AUTHORIZED_PARAMS}} |
| - name: gold-authorized-params-volume |
| mountPath: /etc/gold/ |
| {{end}} |
| {{if eq .CODE_REVIEW_SYSTEM "github"}} |
| - name: gold-github-token |
| mountPath: /var/secrets/github/ |
| {{end}} |
| env: |
| - name: GOOGLE_APPLICATION_CREDENTIALS |
| value: /var/secrets/google/service-account.json |
| resources: |
| requests: |
| memory: "{{.MAIN_MEMORY}}" |
| cpu: "{{.MAIN_CPU}}" |
| readinessProbe: |
| httpGet: |
| path: /healthz |
| port: 8000 |
| initialDelaySeconds: 30 |
| periodSeconds: 10 |
| failureThreshold: 6 |
| volumes: |
| - name: gold-service-account-secrets |
| secret: |
| secretName: gold-service-account-secrets |
| - name: {{.LOGIN_SECRETS}} |
| secret: |
| secretName: {{.LOGIN_SECRETS}} |
| {{if .AUTHORIZED_PARAMS}} |
| - name: gold-authorized-params-volume |
| configMap: |
| defaultMode: 420 |
| name: {{.AUTHORIZED_PARAMS}} |
| {{end}} |
| {{if eq .CODE_REVIEW_SYSTEM "github"}} |
| - name: gold-github-token |
| secret: |
| secretName: gold-github-token |
| {{end}} |