blob: fc3d7cae388945e39f90f0b226c1d5786ca1266b [file] [log] [blame]
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: autoroll-be-freetype-chromium
spec:
serviceName: "autoroll-be-freetype-chromium"
replicas: 1
selector:
matchLabels:
app: autoroll-be-freetype-chromium
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: autoroll-be-freetype-chromium # Pod template's label selector
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: autoroll-be-freetype-chromium
image: gcr.io/skia-public/autoroll-be:2019-10-01T16_39_30Z-borenet-ad41711-clean
args:
- "--logtostderr"
- "--config=eyJjaGlsZE5hbWUiOiJGcmVlVHlwZSIsImNvbnRhY3RzIjpbImJ1bmdlbWFuQGdvb2dsZS5jb20iLCJkcm90dEBnb29nbGUuY29tIl0sImlzSW50ZXJuYWwiOmZhbHNlLCJwYXJlbnROYW1lIjoiQ2hyb21pdW0iLCJwYXJlbnRXYXRlcmZhbGwiOiJodHRwczovL2J1aWxkLmNocm9taXVtLm9yZyIsInJvbGxlck5hbWUiOiJmcmVldHlwZS1jaHJvbWl1bSIsInNlcnZpY2VBY2NvdW50IjoiY2hyb21pdW0tYXV0b3JvbGxAc2tpYS1wdWJsaWMuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzaGVyaWZmIjpbImJ1bmdlbWFuQGdvb2dsZS5jb20iLCJkcm90dEBnb29nbGUuY29tIiwidGhlc3RpZ0Bnb29nbGUuY29tIl0sImdlcnJpdCI6eyJ1cmwiOiJodHRwczovL2Nocm9taXVtLXJldmlldy5nb29nbGVzb3VyY2UuY29tIiwicHJvamVjdCI6ImNocm9taXVtL3NyYyIsImNvbmZpZyI6ImNocm9taXVtIn0sImZyZWVUeXBlUmVwb01hbmFnZXIiOnsiY2hpbGRCcmFuY2giOiJtYXN0ZXIiLCJjaGlsZFBhdGgiOiJzcmMvdGhpcmRfcGFydHkvZnJlZXR5cGUvc3JjIiwicGFyZW50QnJhbmNoIjoibWFzdGVyIiwiY2hpbGRSZXZMaW5rVG1wbCI6Imh0dHBzOi8vY2hyb21pdW0uZ29vZ2xlc291cmNlLmNvbS9jaHJvbWl1bS9zcmMvdGhpcmRfcGFydHkvZnJlZXR5cGUyLmdpdC8rLyVzIiwiY29tbWl0TXNnVG1wbCI6IiIsInBhcmVudFJlcG8iOiJodHRwczovL2Nocm9taXVtLmdvb2dsZXNvdXJjZS5jb20vY2hyb21pdW0vc3JjLmdpdCIsImNoaWxkUmVwbyI6Imh0dHBzOi8vY2hyb21pdW0uZ29vZ2xlc291cmNlLmNvbS9jaHJvbWl1bS9zcmMvdGhpcmRfcGFydHkvZnJlZXR5cGUyLmdpdCIsImluY2x1ZGVCdWdzIjpmYWxzZSwiaW5jbHVkZUxvZyI6dHJ1ZSwidHJhbnNpdGl2ZURlcHMiOm51bGx9LCJrdWJlcm5ldGVzIjp7ImNwdSI6IjEiLCJtZW1vcnkiOiIyR2kiLCJkaXNrIjoiMkdpIn0sImNxRXh0cmFUcnlib3RzIjpbImx1Y2kuY2hyb21pdW0udHJ5OmxpbnV4X2Nocm9taXVtX21zYW5fcmVsX25nIiwibHVjaS5jaHJvbWl1bS50cnk6bGludXgtYmxpbmstcmVsIiwibHVjaS5jaHJvbWl1bS50cnk6bWFjMTAuMTItYmxpbmstcmVsIiwibHVjaS5jaHJvbWl1bS50cnk6bWFjMTAuMTNfcmV0aW5hLWJsaW5rLXJlbCIsImx1Y2kuY2hyb21pdW0udHJ5OndpbjEwLWJsaW5rLXJlbCIsImx1Y2kuY2hyb21pdW0udHJ5OndpbjctYmxpbmstcmVsIl0sIm1heFJvbGxGcmVxdWVuY3kiOiIwbSIsInN1cHBvcnRzTWFudWFsUm9sbHMiOnRydWV9"
- "--email_creds=/var/secrets/autoroll-email-creds"
- "--firestore_instance=production"
- "--port=:8000"
- "--prom_port=:20000"
- "--recipes_cfg=/usr/local/share/autoroll/recipes.cfg"
- "--workdir=/data"
- "--chat_webhooks_file=/etc/notifier-chat-config/chat_config.txt"
ports:
- containerPort: 8000
- containerPort: 20000
volumeMounts:
- name: autoroll-be-freetype-chromium-storage
mountPath: /data
- name: autoroll-be-chromium-autoroll-sa
mountPath: /var/secrets/google
- name: autoroll-email-creds
mountPath: /var/secrets/autoroll-email-creds
- name: notifier-chat-config
mountPath: /etc/notifier-chat-config/
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
- name: TMPDIR
value: /data/tmp
resources:
limits:
memory: "2Gi"
cpu: 1
readinessProbe:
httpGet:
path: /healthz
port: 8000
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 10
volumes:
- name: autoroll-be-chromium-autoroll-sa
secret:
secretName: chromium-autoroll
- name: autoroll-email-creds
secret:
secretName: autoroll-email-creds
- name: notifier-chat-config
secret:
secretName: notifier-chat-config
volumeClaimTemplates:
- metadata:
name: autoroll-be-freetype-chromium-storage
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 2Gi