blob: fb57a1eee017a8060a0b2ec4cb959847f7e8a84b [file] [log] [blame]
apiVersion: v1
kind: Service
metadata:
labels:
app: leasing
name: leasing
annotations:
beta.cloud.google.com/backend-config: '{"ports": {"8000":"skia-default-backendconfig"}}'
skia.org.domain: leasing.skia.org
spec:
ports:
- name: metrics
port: 20000
- name: http
port: 8000
selector:
app: leasing
type: NodePort
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: leasing
spec:
replicas: 1
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: leasing
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: leasing
image: gcr.io/skia-public/leasing:2019-10-09T17_50_58Z-rmistry-88d1894-clean
args:
- "--workdir=/tmp/workdir"
- "--namespace=leasing-server"
- "--project_name=skia-public"
- "--host=leasing.skia.org"
- "--logtostderr"
- "--port=:8000"
- "--prom_port=:20000"
- "--resources_dir=/usr/local/share/leasing/"
- "--email_client_secret_file=/etc/leasing-email-secrets/client_secret.json"
- "--email_token_cache_file=/etc/leasing-email-secrets/client_token.json"
- "--service_account_file=/var/secrets/google/key.json"
ports:
- containerPort: 20000
- containerPort: 8000
volumeMounts:
- name: leasing-email-secrets
mountPath: /etc/leasing-email-secrets
- name: skia-public-auth
mountPath: /var/secrets/skia-public-auth
- name: skia-leasing-sa
mountPath: /var/secrets/google
- name: skia-org-legacy-login-secrets
mountPath: /etc/skia.org/
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
resources:
requests:
memory: "300Mi"
cpu: "10m"
readinessProbe:
httpGet:
path: /healthz
port: 8000
initialDelaySeconds: 1
periodSeconds: 3
failureThreshold: 10
volumes:
- name: leasing-email-secrets
secret:
secretName: leasing-email-secrets
- name: skia-public-auth
secret:
secretName: skia-public-auth
- name: skia-leasing-sa
secret:
secretName: skia-leasing
- name: skia-org-legacy-login-secrets
secret:
secretName: skia-org-legacy-login-secrets