| apiVersion: v1 |
| kind: Service |
| metadata: |
| labels: |
| app: fiddler |
| name: fiddler |
| spec: |
| ports: |
| - name: http |
| port: 8000 |
| selector: |
| app: fiddler |
| type: NodePort |
| --- |
| apiVersion: apps/v1beta1 |
| kind: Deployment |
| metadata: |
| name: fiddler |
| spec: |
| replicas: 20 |
| strategy: |
| type: RollingUpdate |
| rollingUpdate: |
| maxUnavailable: 5 |
| template: |
| metadata: |
| labels: |
| app: fiddler |
| appgroup: fiddle |
| spec: |
| nodeSelector: |
| reservedFor: fiddler |
| tolerations: |
| - key: "reservedFor" |
| operator: "Equal" |
| value: "fiddler" |
| effect: "NoSchedule" |
| terminationGracePeriodSeconds: 1 |
| automountServiceAccountToken: false |
| securityContext: |
| runAsUser: 2000 # aka skia |
| fsGroup: 2000 # aka skia |
| containers: |
| - name: fiddler |
| image: gcr.io/skia-public/fiddler:9f765966461e0860c113c0559d81fc4e13b8c077 |
| args: |
| - "--checkout=/tmp/skia/skia/" |
| - "--fiddle_root=/tmp" |
| - "--logtostderr" |
| - "--port=:8000" |
| ports: |
| - containerPort: 8000 |
| volumeMounts: |
| - name: skia-fiddler-sa |
| mountPath: /var/secrets/google |
| env: |
| - name: GOOGLE_APPLICATION_CREDENTIALS |
| value: /var/secrets/google/key.json |
| resources: |
| requests: |
| memory: "1Gi" |
| cpu: "200m" |
| limits: |
| memory: "8Gi" |
| cpu: "8" |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| add: |
| - SYS_PTRACE |
| livenessProbe: |
| httpGet: |
| path: /healthz |
| port: 8000 |
| initialDelaySeconds: 1 |
| periodSeconds: 2 |
| volumes: |
| - name: skia-fiddler-sa |
| secret: |
| secretName: skia-fiddler |