blob: 83b526d4464e7cd8b895ce1634c1f361fbcf527d [file] [log] [blame]
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: autoroll-be-skcms-skia-autoroll
spec:
serviceName: "autoroll-be-skcms-skia-autoroll"
replicas: 1
selector:
matchLabels:
app: autoroll-be-skcms-skia-autoroll
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: autoroll-be-skcms-skia-autoroll # Pod template's label selector
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: autoroll-be-skcms-skia-autoroll
image: gcr.io/skia-public/autoroll-be:2019-12-02T18_21_00Z-borenet-cec0bcf-clean
command: ["/usr/local/bin/autoroll-be"]
args:
- "--logtostderr"
- "--config=eyJjaGlsZE5hbWUiOiJza2NtcyIsImNvbnRhY3RzIjpbImJyaWFub3NtYW5AZ29vZ2xlLmNvbSIsIm10a2xlaW5AZ29vZ2xlLmNvbSJdLCJpc0ludGVybmFsIjpmYWxzZSwicGFyZW50TmFtZSI6IlNraWEiLCJwYXJlbnRXYXRlcmZhbGwiOiJodHRwczovL3N0YXR1cy5za2lhLm9yZyIsInJvbGxlck5hbWUiOiJza2Ntcy1za2lhLWF1dG9yb2xsIiwic2VydmljZUFjY291bnQiOiJza2lhLWF1dG9yb2xsQHNraWEtcHVibGljLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic2hlcmlmZiI6WyJodHRwczovL3NraWEtdHJlZS1zdGF0dXMuYXBwc3BvdC5jb20vY3VycmVudC1zaGVyaWZmIiwibXRrbGVpbkBnb29nbGUuY29tIl0sImdlcnJpdCI6eyJ1cmwiOiJodHRwczovL3NraWEtcmV2aWV3Lmdvb2dsZXNvdXJjZS5jb20iLCJwcm9qZWN0Ijoic2tjbXMiLCJjb25maWciOiJjaHJvbWl1bSJ9LCJjb3B5UmVwb01hbmFnZXIiOnsiY2hpbGRCcmFuY2giOiJtYXN0ZXIiLCJjaGlsZFBhdGgiOiJza2lhL3RoaXJkX3BhcnR5L3NrY21zIiwiaW5jbHVkZUJ1Z3MiOmZhbHNlLCJpbmNsdWRlTG9nIjp0cnVlLCJwYXJlbnRCcmFuY2giOiJtYXN0ZXIiLCJwYXJlbnRSZXBvIjoiaHR0cHM6Ly9za2lhLmdvb2dsZXNvdXJjZS5jb20vc2tpYS5naXQiLCJjaGlsZFJldkxpbmtUbXBsIjoiaHR0cHM6Ly9za2lhLmdvb2dsZXNvdXJjZS5jb20vc2tjbXMuZ2l0LysvJXMiLCJjb21taXRNc2dUbXBsIjoiIiwiY2hpbGRSZXBvIjoiaHR0cHM6Ly9za2lhLmdvb2dsZXNvdXJjZS5jb20vc2tjbXMuZ2l0IiwiY29waWVzIjpbeyJzcmNSZWxQYXRoIjoiTElDRU5TRSIsImRzdFJlbFBhdGgiOiJ0aGlyZF9wYXJ0eS9za2Ntcy9MSUNFTlNFIn0seyJzcmNSZWxQYXRoIjoiUkVBRE1FLmNocm9taXVtIiwiZHN0UmVsUGF0aCI6InRoaXJkX3BhcnR5L3NrY21zL1JFQURNRS5jaHJvbWl1bSJ9LHsic3JjUmVsUGF0aCI6InNrY21zLmNjIiwiZHN0UmVsUGF0aCI6InRoaXJkX3BhcnR5L3NrY21zL3NrY21zLmNjIn0seyJzcmNSZWxQYXRoIjoic2tjbXMuZ25pIiwiZHN0UmVsUGF0aCI6InRoaXJkX3BhcnR5L3NrY21zL3NrY21zLmduaSJ9LHsic3JjUmVsUGF0aCI6InNrY21zX2ludGVybmFsLmgiLCJkc3RSZWxQYXRoIjoidGhpcmRfcGFydHkvc2tjbXMvc2tjbXNfaW50ZXJuYWwuaCJ9LHsic3JjUmVsUGF0aCI6InNyYyIsImRzdFJlbFBhdGgiOiJ0aGlyZF9wYXJ0eS9za2Ntcy9zcmMifSx7InNyY1JlbFBhdGgiOiJza2Ntcy5oIiwiZHN0UmVsUGF0aCI6ImluY2x1ZGUvdGhpcmRfcGFydHkvc2tjbXMvc2tjbXMuaCJ9XX0sImZyZWVUeXBlUmVwb01hbmFnZXIiOm51bGwsImt1YmVybmV0ZXMiOnsiY3B1IjoiMSIsIm1lbW9yeSI6IjhHaSIsImRpc2siOiI1MEdpIn0sImNxRXh0cmFUcnlib3RzIjpbImx1Y2kuY2hyb21pdW0udHJ5OmxpbnV4LWJsaW5rLXJlbCJdLCJtYXhSb2xsRnJlcXVlbmN5IjoiMG0iLCJzdXBwb3J0c01hbnVhbFJvbGxzIjp0cnVlfQ=="
- "--email_creds=/var/secrets/autoroll-email-creds"
- "--firestore_instance=production"
- "--port=:8000"
- "--prom_port=:20000"
- "--recipes_cfg=/usr/local/share/autoroll/recipes.cfg"
- "--workdir=/data"
- "--chat_webhooks_file=/etc/notifier-chat-config/chat_config.txt"
ports:
- containerPort: 8000
- containerPort: 20000
volumeMounts:
- name: autoroll-be-skcms-skia-autoroll-storage
mountPath: /data
- name: autoroll-be-skia-autoroll-sa
mountPath: /var/secrets/google
- name: autoroll-email-creds
mountPath: /var/secrets/autoroll-email-creds
- name: notifier-chat-config
mountPath: /etc/notifier-chat-config/
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
- name: TMPDIR
value: /data/tmp
resources:
limits:
memory: "8Gi"
cpu: 1
readinessProbe:
httpGet:
path: /healthz
port: 8000
initialDelaySeconds: 600
periodSeconds: 60
failureThreshold: 10
volumes:
- name: autoroll-be-skia-autoroll-sa
secret:
secretName: skia-autoroll
- name: autoroll-email-creds
secret:
secretName: autoroll-email-creds
- name: notifier-chat-config
secret:
secretName: notifier-chat-config
volumeClaimTemplates:
- metadata:
name: autoroll-be-skcms-skia-autoroll-storage
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 50Gi