blob: b79475afeb90a06cd3d91d988cccef91a6d73b7b [file] [log] [blame]
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: autoroll-be-chromite-chromium-autoroll
spec:
serviceName: "autoroll-be-chromite-chromium-autoroll"
replicas: 1
selector:
matchLabels:
app: autoroll-be-chromite-chromium-autoroll
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: autoroll-be-chromite-chromium-autoroll # Pod template's label selector
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: autoroll-be-chromite-chromium-autoroll
image: gcr.io/skia-public/autoroll-be:2019-12-02T18_21_00Z-borenet-cec0bcf-clean
command: ["/usr/local/bin/autoroll-be"]
args:
- "--logtostderr"
- "--config=eyJjaGlsZE5hbWUiOiJDaHJvbWl0ZSIsImNvbnRhY3RzIjpbImJwYXN0ZW5lQGdvb2dsZS5jb20iXSwiaXNJbnRlcm5hbCI6ZmFsc2UsInBhcmVudE5hbWUiOiJDaHJvbWl1bSIsInBhcmVudFdhdGVyZmFsbCI6Imh0dHBzOi8vYnVpbGQuY2hyb21pdW0ub3JnIiwicm9sbGVyTmFtZSI6ImNocm9taXRlLWNocm9taXVtLWF1dG9yb2xsIiwic2VydmljZUFjY291bnQiOiJjaHJvbWl1bS1hdXRvcm9sbEBza2lhLXB1YmxpYy5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInNoZXJpZmYiOlsiY2hyb21lLW9zLWdhcmRlbmVyc0Bnb29nbGUuY29tIl0sImdlcnJpdCI6eyJ1cmwiOiJodHRwczovL2Nocm9taXVtLXJldmlldy5nb29nbGVzb3VyY2UuY29tIiwicHJvamVjdCI6ImNocm9taXVtL3NyYyIsImNvbmZpZyI6ImNocm9taXVtIn0sImZyZWVUeXBlUmVwb01hbmFnZXIiOm51bGwsIm5vQ2hlY2tvdXRERVBTUmVwb01hbmFnZXIiOnsiY2hpbGRCcmFuY2giOiJtYXN0ZXIiLCJjaGlsZFBhdGgiOiJzcmMvdGhpcmRfcGFydHkvY2hyb21pdGUiLCJpbmNsdWRlQnVncyI6ZmFsc2UsImluY2x1ZGVMb2ciOnRydWUsInBhcmVudEJyYW5jaCI6Im1hc3RlciIsInBhcmVudFJlcG8iOiJodHRwczovL2Nocm9taXVtLmdvb2dsZXNvdXJjZS5jb20vY2hyb21pdW0vc3JjLmdpdCIsImNoaWxkUmV2TGlua1RtcGwiOiJodHRwczovL2Nocm9taXVtLmdvb2dsZXNvdXJjZS5jb20vY2hyb21pdW1vcy9jaHJvbWl0ZS5naXQvKy8lcyIsImNvbW1pdE1zZ1RtcGwiOiIiLCJjaGlsZFJlcG8iOiJodHRwczovL2Nocm9taXVtLmdvb2dsZXNvdXJjZS5jb20vY2hyb21pdW1vcy9jaHJvbWl0ZS5naXQiLCJ0cmFuc2l0aXZlRGVwcyI6bnVsbH0sImt1YmVybmV0ZXMiOnsiY3B1IjoiMSIsIm1lbW9yeSI6IjJHaSIsImRpc2siOiIifSwiY3FFeHRyYVRyeWJvdHMiOlsibHVjaS5jaHJvbWl1bS50cnk6Y2hyb21lb3Mta2V2aW4tcmVsIl0sIm1heFJvbGxGcmVxdWVuY3kiOiI2aCIsIm5vdGlmaWVycyI6W3sibXNnVHlwZVdoaXRlbGlzdCI6WyJsYXN0IG4gZmFpbGVkIl0sIm1vbm9yYWlsIjp7InByb2plY3QiOiJjaHJvbWl1bSIsIm93bmVyIjoiYnBhc3RlbmVAY2hyb21pdW0ub3JnIiwiY2MiOlsiYWNodWl0aEBjaHJvbWl1bS5vcmciXSwiY29tcG9uZW50cyI6WyJJbmZyYVx1MDAzZUNsaWVudFx1MDAzZUNocm9tZSJdLCJsYWJlbHMiOlsiSG90bGlzdC1Dck9TLUdhcmRlbmVyIl19fV0sInRpbWVXaW5kb3ciOiJNLUYgMTU6MDAtMTk6MDAifQ=="
- "--email_creds=/var/secrets/autoroll-email-creds"
- "--firestore_instance=production"
- "--port=:8000"
- "--prom_port=:20000"
- "--recipes_cfg=/usr/local/share/autoroll/recipes.cfg"
- "--workdir=/tmp"
- "--chat_webhooks_file=/etc/notifier-chat-config/chat_config.txt"
ports:
- containerPort: 8000
- containerPort: 20000
volumeMounts:
- name: autoroll-be-chromium-autoroll-sa
mountPath: /var/secrets/google
- name: autoroll-email-creds
mountPath: /var/secrets/autoroll-email-creds
- name: notifier-chat-config
mountPath: /etc/notifier-chat-config/
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
- name: TMPDIR
value: /tmp
resources:
limits:
memory: "2Gi"
cpu: 1
readinessProbe:
httpGet:
path: /healthz
port: 8000
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 10
volumes:
- name: autoroll-be-chromium-autoroll-sa
secret:
secretName: chromium-autoroll
- name: autoroll-email-creds
secret:
secretName: autoroll-email-creds
- name: notifier-chat-config
secret:
secretName: notifier-chat-config