blob: 2ff48016fc734f04bc300857bc256b38cde94f21 [file] [log] [blame]
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: autoroll-be-skia-autoroll
spec:
serviceName: "autoroll-be-skia-autoroll"
replicas: 1
selector:
matchLabels:
app: autoroll-be-skia-autoroll
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: autoroll-be-skia-autoroll # Pod template's label selector
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: autoroll-be-skia-autoroll
image: gcr.io/skia-public/autoroll-be:2019-10-01T16_39_30Z-borenet-ad41711-clean
args:
- "--logtostderr"
- "--config=eyJjaGlsZE5hbWUiOiJTa2lhIiwiY29udGFjdHMiOlsiYm9yZW5ldEBnb29nbGUuY29tIl0sImlzSW50ZXJuYWwiOmZhbHNlLCJwYXJlbnROYW1lIjoiQ2hyb21pdW0iLCJwYXJlbnRXYXRlcmZhbGwiOiJodHRwczovL2J1aWxkLmNocm9taXVtLm9yZyIsInJvbGxlck5hbWUiOiJza2lhLWF1dG9yb2xsIiwic2VydmljZUFjY291bnQiOiJjaHJvbWl1bS1hdXRvcm9sbEBza2lhLXB1YmxpYy5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInNoZXJpZmYiOlsiaHR0cHM6Ly9za2lhLXRyZWUtc3RhdHVzLmFwcHNwb3QuY29tL2N1cnJlbnQtc2hlcmlmZiJdLCJnZXJyaXQiOnsidXJsIjoiaHR0cHM6Ly9jaHJvbWl1bS1yZXZpZXcuZ29vZ2xlc291cmNlLmNvbSIsInByb2plY3QiOiJjaHJvbWl1bS9zcmMiLCJjb25maWciOiJjaHJvbWl1bSJ9LCJmcmVlVHlwZVJlcG9NYW5hZ2VyIjpudWxsLCJub0NoZWNrb3V0REVQU1JlcG9NYW5hZ2VyIjp7ImNoaWxkQnJhbmNoIjoibWFzdGVyIiwiY2hpbGRQYXRoIjoic3JjL3RoaXJkX3BhcnR5L3NraWEiLCJwYXJlbnRCcmFuY2giOiJtYXN0ZXIiLCJjaGlsZFJldkxpbmtUbXBsIjoiaHR0cHM6Ly9za2lhLmdvb2dsZXNvdXJjZS5jb20vc2tpYS5naXQvKy8lcyIsImNvbW1pdE1zZ1RtcGwiOiIiLCJwYXJlbnRSZXBvIjoiaHR0cHM6Ly9jaHJvbWl1bS5nb29nbGVzb3VyY2UuY29tL2Nocm9taXVtL3NyYy5naXQiLCJjaGlsZFJlcG8iOiJodHRwczovL3NraWEuZ29vZ2xlc291cmNlLmNvbS9za2lhLmdpdCIsImluY2x1ZGVCdWdzIjp0cnVlLCJpbmNsdWRlTG9nIjp0cnVlLCJ0cmFuc2l0aXZlRGVwcyI6bnVsbH0sImt1YmVybmV0ZXMiOnsiY3B1IjoiMSIsIm1lbW9yeSI6IjJHaSIsImRpc2siOiIifSwiY3FFeHRyYVRyeWJvdHMiOlsibHVjaS5jaHJvbWl1bS50cnk6YW5kcm9pZF9vcHRpb25hbF9ncHVfdGVzdHNfcmVsIiwibHVjaS5jaHJvbWl1bS50cnk6bGludXgtYmxpbmstcmVsIiwibHVjaS5jaHJvbWl1bS50cnk6bGludXgtY2hyb21lb3MtY29tcGlsZS1kYmciLCJsdWNpLmNocm9taXVtLnRyeTpsaW51eF9vcHRpb25hbF9ncHVfdGVzdHNfcmVsIiwibHVjaS5jaHJvbWl1bS50cnk6bWFjX29wdGlvbmFsX2dwdV90ZXN0c19yZWwiLCJsdWNpLmNocm9taXVtLnRyeTp3aW5fb3B0aW9uYWxfZ3B1X3Rlc3RzX3JlbCJdLCJtYXhSb2xsRnJlcXVlbmN5IjoiMG0iLCJub3RpZmllcnMiOlt7ImZpbHRlciI6Indhcm5pbmciLCJlbWFpbCI6eyJlbWFpbHMiOlsiYm9yZW5ldEBnb29nbGUuY29tIl19fV0sInN1cHBvcnRzTWFudWFsUm9sbHMiOnRydWV9"
- "--email_creds=/var/secrets/autoroll-email-creds"
- "--firestore_instance=production"
- "--port=:8000"
- "--prom_port=:20000"
- "--recipes_cfg=/usr/local/share/autoroll/recipes.cfg"
- "--workdir=/tmp"
- "--chat_webhooks_file=/etc/notifier-chat-config/chat_config.txt"
ports:
- containerPort: 8000
- containerPort: 20000
volumeMounts:
- name: autoroll-be-chromium-autoroll-sa
mountPath: /var/secrets/google
- name: autoroll-email-creds
mountPath: /var/secrets/autoroll-email-creds
- name: notifier-chat-config
mountPath: /etc/notifier-chat-config/
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
- name: TMPDIR
value: /tmp
resources:
limits:
memory: "2Gi"
cpu: 1
readinessProbe:
httpGet:
path: /healthz
port: 8000
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 10
volumes:
- name: autoroll-be-chromium-autoroll-sa
secret:
secretName: chromium-autoroll
- name: autoroll-email-creds
secret:
secretName: autoroll-email-creds
- name: notifier-chat-config
secret:
secretName: notifier-chat-config