blob: 4ce7e8f19c3d9e6601eb16d6aeafa2b1fdb573f3 [file] [log] [blame]
apiVersion: v1
kind: Service
metadata:
labels:
app: ct-master
name: ct-master
spec:
ports:
- name: metrics
port: 20000
selector:
app: ct-master
type: NodePort
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: ct-master
spec:
replicas: 1
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: ct-master
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: ct-master
image: gcr.io/skia-public/ct-master:2019-01-30T15_31_04Z-rmistry-576258a-clean
args:
- "--logtostderr"
- "--ctfe_url=https://ct.skia.org/"
- "--ctfe_internal_url=http://ctfe:9000/"
- "--email_client_secret_file=/etc/ct-email-secrets/client_secret.json"
- "--email_token_cache_file=/etc/ct-email-secrets/client_token.json"
- "--service_account_file=/var/secrets/google/key.json"
- "--service_account=skia-ct-master@skia-public.iam.gserviceaccount.com"
ports:
- containerPort: 20000
volumeMounts:
- name: ct-email-secrets
mountPath: /etc/ct-email-secrets
- name: ct-master-storage
mountPath: /b/storage
- name: skia-ct-master-sa
mountPath: /var/secrets/google
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
resources:
requests:
memory: "200Gi"
cpu: "16"
volumes:
- name: ct-email-secrets
secret:
secretName: ct-email-secrets
- name: ct-master-storage
emptyDir: {}
- name: skia-ct-master-sa
secret:
secretName: skia-ct-master
- name: skia-org-legacy-login-secrets
secret:
secretName: skia-org-legacy-login-secrets