blob: f9728d248fced2475c71aec35524bdaaf56b9431 [file] [log] [blame]
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: autoroll-be-afdo-chromium-autoroll
spec:
serviceName: "autoroll-be-afdo-chromium-autoroll"
replicas: 1
selector:
matchLabels:
app: autoroll-be-afdo-chromium-autoroll
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: autoroll-be-afdo-chromium-autoroll # Pod template's label selector
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: autoroll-be-afdo-chromium-autoroll
image: gcr.io/skia-public/autoroll-be:2019-10-01T16_39_30Z-borenet-ad41711-clean
args:
- "--logtostderr"
- "--config=eyJjaGlsZE5hbWUiOiJBRkRPIiwiY29udGFjdHMiOlsiZ2JpdkBjaHJvbWl1bS5vcmciXSwiaXNJbnRlcm5hbCI6ZmFsc2UsInBhcmVudE5hbWUiOiJDaHJvbWl1bSIsInBhcmVudFdhdGVyZmFsbCI6Imh0dHBzOi8vYnVpbGQuY2hyb21pdW0ub3JnIiwicm9sbGVyTmFtZSI6ImFmZG8tY2hyb21pdW0tYXV0b3JvbGwiLCJzZXJ2aWNlQWNjb3VudCI6ImNocm9taXVtLWF1dG9yb2xsQHNraWEtcHVibGljLmdvb2dsZS5jb20uaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzaGVyaWZmIjpbImdiaXZAY2hyb21pdW0ub3JnIl0sImdlcnJpdCI6eyJ1cmwiOiJodHRwczovL2Nocm9taXVtLXJldmlldy5nb29nbGVzb3VyY2UuY29tIiwicHJvamVjdCI6ImNocm9taXVtL3NyYyIsImNvbmZpZyI6ImNocm9taXVtIn0sImZyZWVUeXBlUmVwb01hbmFnZXIiOm51bGwsInNlbVZlckdDU1JlcG9NYW5hZ2VyIjp7ImNoaWxkQnJhbmNoIjoibWFzdGVyIiwiY2hpbGRQYXRoIjoiY2hyb21lL2FuZHJvaWQvcHJvZmlsZXMvbmV3ZXN0LnR4dCIsInBhcmVudEJyYW5jaCI6Im1hc3RlciIsImNoaWxkUmV2TGlua1RtcGwiOiIiLCJjb21taXRNc2dUbXBsIjoiUm9sbCBBRkRPIGZyb20ge3suUm9sbGluZ0Zyb20uU3RyaW5nfX0gdG8ge3suUm9sbGluZ1RvLlN0cmluZ319XG5cblRoaXMgQ0wgbWF5IGNhdXNlIGEgc21hbGwgYmluYXJ5IHNpemUgaW5jcmVhc2UsIHJvdWdobHkgcHJvcG9ydGlvbmFsXG50byBob3cgbG9uZyBpdCdzIGJlZW4gc2luY2Ugb3VyIGxhc3QgQUZETyBwcm9maWxlIHJvbGwuIEZvciBsYXJnZXJcbmluY3JlYXNlcyAoYXJvdW5kIG9yIGV4Y2VlZGluZyAxMDBLQiksIHBsZWFzZSBmaWxlIGEgYnVnIGFnYWluc3RcbmdiaXZAY2hyb21pdW0ub3JnLiBBZGRpdGlvbmFsIGNvbnRleHQ6IGh0dHBzOi8vY3JidWcuY29tLzgwNTUzOVxuXG5QbGVhc2Ugbm90ZSB0aGF0LCBkZXNwaXRlIHJvbGxpbmcgdG8gY2hyb21lL2FuZHJvaWQsIHRoaXMgcHJvZmlsZSBpc1xudXNlZCBmb3IgYm90aCBMaW51eCBhbmQgQW5kcm9pZC5cblxuSWYgdGhpcyByb2xsIGhhcyBjYXVzZWQgYSBicmVha2FnZSwgcmV2ZXJ0IHRoaXMgQ0wgYW5kIHN0b3AgdGhlIHJvbGxlclxudXNpbmcgdGhlIGNvbnRyb2xzIGhlcmU6XG57ey5TZXJ2ZXJVUkx9fVxuUGxlYXNlIENDIHt7c3RyaW5nc0pvaW4gLlJldmlld2VycyBcIixcIn19IG9uIHRoZSByZXZlcnQgdG8gZW5zdXJlIHRoYXQgYSBodW1hblxuaXMgYXdhcmUgb2YgdGhlIHByb2JsZW0uXG5cblRvIHJlcG9ydCBhIHByb2JsZW0gd2l0aCB0aGUgQXV0b1JvbGxlciBpdHNlbGYsIHBsZWFzZSBmaWxlIGEgYnVnOlxuaHR0cHM6Ly9idWdzLmNocm9taXVtLm9yZy9wL3NraWEvaXNzdWVzL2VudHJ5P3RlbXBsYXRlPUF1dG9yb2xsZXIrQnVnXG5cbkRvY3VtZW50YXRpb24gZm9yIHRoZSBBdXRvUm9sbGVyIGlzIGhlcmU6XG5odHRwczovL3NraWEuZ29vZ2xlc291cmNlLmNvbS9idWlsZGJvdC8rL21hc3Rlci9hdXRvcm9sbC9SRUFETUUubWRcblxue3tpZiAuQ3FFeHRyYVRyeWJvdHN9fUNRX0lOQ0xVREVfVFJZQk9UUz17ey5DcUV4dHJhVHJ5Ym90c319XG57e2VuZH19VEJSPXt7c3RyaW5nc0pvaW4gLlJldmlld2VycyBcIixcIn19XG4iLCJwYXJlbnRSZXBvIjoiaHR0cHM6Ly9jaHJvbWl1bS5nb29nbGVzb3VyY2UuY29tL2Nocm9taXVtL3NyYy5naXQiLCJHQ1NCdWNrZXQiOiJjaHJvbWVvcy1wcmVidWlsdCIsIkdDU1BhdGgiOiJhZmRvLWpvYi9sbHZtIiwiVmVyc2lvbkZpbGUiOiJjaHJvbWUvYW5kcm9pZC9wcm9maWxlcy9uZXdlc3QudHh0IiwiU2hvcnRSZXZSZWdleCI6IihcXGQrKVxcLihcXGQrKVxcLihcXGQrKVxcLjBfcmMtcihcXGQrKS1tZXJnZWQiLCJWZXJzaW9uUmVnZXgiOiJeY2hyb21lb3MtY2hyb21lLWFtZDY0LShcXGQrKVxcLihcXGQrKVxcLihcXGQrKVxcLjBfcmMtcihcXGQrKS1tZXJnZWRcXC5hZmRvXFwuYnoyJCJ9LCJrdWJlcm5ldGVzIjp7ImNwdSI6IjEiLCJtZW1vcnkiOiIyR2kiLCJkaXNrIjoiIn0sIm1heFJvbGxGcmVxdWVuY3kiOiIwbSJ9"
- "--email_creds=/var/secrets/autoroll-email-creds"
- "--firestore_instance=production"
- "--port=:8000"
- "--prom_port=:20000"
- "--recipes_cfg=/usr/local/share/autoroll/recipes.cfg"
- "--workdir=/tmp"
- "--chat_webhooks_file=/etc/notifier-chat-config/chat_config.txt"
ports:
- containerPort: 8000
- containerPort: 20000
volumeMounts:
- name: autoroll-be-chromium-autoroll-sa
mountPath: /var/secrets/google
- name: autoroll-email-creds
mountPath: /var/secrets/autoroll-email-creds
- name: notifier-chat-config
mountPath: /etc/notifier-chat-config/
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
- name: TMPDIR
value: /tmp
resources:
limits:
memory: "2Gi"
cpu: 1
readinessProbe:
httpGet:
path: /healthz
port: 8000
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 10
volumes:
- name: autoroll-be-chromium-autoroll-sa
secret:
secretName: chromium-autoroll
- name: autoroll-email-creds
secret:
secretName: autoroll-email-creds
- name: notifier-chat-config
secret:
secretName: notifier-chat-config