blob: aa18f2a85595befeedc07df424c30f1f56dd613c [file] [log] [blame]
apiVersion: v1
kind: Service
metadata:
labels:
app: fiddler
name: fiddler
spec:
ports:
- name: http
port: 8000
selector:
app: fiddler
type: NodePort
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: fiddler
spec:
replicas: 20
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 5
template:
metadata:
labels:
app: fiddler
appgroup: fiddle
spec:
nodeSelector:
reservedFor: fiddler
tolerations:
- key: "reservedFor"
operator: "Equal"
value: "fiddler"
effect: "NoSchedule"
terminationGracePeriodSeconds: 1
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: fiddler
image: gcr.io/skia-public/fiddler:5e53115f4cd2ad85980115ff496f4d193e13c113
args:
- "--checkout=/tmp/skia/skia/"
- "--fiddle_root=/tmp"
- "--logtostderr"
- "--port=:8000"
ports:
- containerPort: 8000
volumeMounts:
- name: skia-fiddler-sa
mountPath: /var/secrets/google
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
resources:
requests:
memory: "1Gi"
cpu: "200m"
limits:
memory: "8Gi"
cpu: "8"
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- SYS_PTRACE
livenessProbe:
httpGet:
path: /healthz
port: 8000
initialDelaySeconds: 1
periodSeconds: 2
volumes:
- name: skia-fiddler-sa
secret:
secretName: skia-fiddler