leasing.yaml - skia-public-config - Git at Google

 apiVersion: v1
 kind: Service
 metadata:
   labels:
     app: leasing
   name: leasing
   annotations:
     beta.cloud.google.com/backend-config: '{"ports": {"8000":"skia-default-backendconfig"}}'
     skia.org.domain: leasing.skia.org
 spec:
   ports:
     - name: metrics
       port: 20000
     - name: http
       port: 8000
   selector:
     app: leasing
   type: NodePort
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
   name: leasing
 spec:
   replicas: 1
   strategy:
     type: RollingUpdate
   template:
     metadata:
       labels:
         app: leasing
       annotations:
         prometheus.io.scrape: "true"
         prometheus.io.port: "20000"
     spec:
       automountServiceAccountToken: false
       securityContext:
         runAsUser: 2000 # aka skia
         fsGroup: 2000   # aka skia
       containers:
         - name: leasing
           image: gcr.io/skia-public/leasing:2019-10-09T17_50_58Z-rmistry-88d1894-clean
           args:
             - "--workdir=/tmp/workdir"
             - "--namespace=leasing-server"
             - "--project_name=skia-public"
             - "--host=leasing.skia.org"
             - "--logtostderr"
             - "--port=:8000"
             - "--prom_port=:20000"
             - "--resources_dir=/usr/local/share/leasing/"
             - "--email_client_secret_file=/etc/leasing-email-secrets/client_secret.json"
             - "--email_token_cache_file=/etc/leasing-email-secrets/client_token.json"
             - "--service_account_file=/var/secrets/google/key.json"
           ports:
             - containerPort: 20000
             - containerPort:  8000
           volumeMounts:
             - name: leasing-email-secrets
               mountPath: /etc/leasing-email-secrets
             - name: skia-public-auth
               mountPath: /var/secrets/skia-public-auth
             - name: skia-leasing-sa
               mountPath: /var/secrets/google
             - name: skia-org-legacy-login-secrets
               mountPath: /etc/skia.org/
           env:
             - name: GOOGLE_APPLICATION_CREDENTIALS
               value: /var/secrets/google/key.json
           resources:
             requests:
               memory: "300Mi"
               cpu: "10m"
           readinessProbe:
             httpGet:
               path: /healthz
               port: 8000
             initialDelaySeconds: 1
             periodSeconds: 3
             failureThreshold: 10
       volumes:
         - name: leasing-email-secrets
           secret:
             secretName: leasing-email-secrets
         - name: skia-public-auth
           secret:
             secretName: skia-public-auth
         - name: skia-leasing-sa
           secret:
             secretName: skia-leasing
         - name: skia-org-legacy-login-secrets
           secret:
             secretName: skia-org-legacy-login-secrets
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: leasing
	name: leasing
	annotations:
	beta.cloud.google.com/backend-config: '{"ports": {"8000":"skia-default-backendconfig"}}'
	skia.org.domain: leasing.skia.org
	spec:
	ports:
	- name: metrics
	port: 20000
	- name: http
	port: 8000
	selector:
	app: leasing
	type: NodePort
	---
	apiVersion: apps/v1beta1
	kind: Deployment
	metadata:
	name: leasing
	spec:
	replicas: 1
	strategy:
	type: RollingUpdate
	template:
	metadata:
	labels:
	app: leasing
	annotations:
	prometheus.io.scrape: "true"
	prometheus.io.port: "20000"
	spec:
	automountServiceAccountToken: false
	securityContext:
	runAsUser: 2000 # aka skia
	fsGroup: 2000 # aka skia
	containers:
	- name: leasing
	image: gcr.io/skia-public/leasing:2019-10-09T17_50_58Z-rmistry-88d1894-clean
	args:
	- "--workdir=/tmp/workdir"
	- "--namespace=leasing-server"
	- "--project_name=skia-public"
	- "--host=leasing.skia.org"
	- "--logtostderr"
	- "--port=:8000"
	- "--prom_port=:20000"
	- "--resources_dir=/usr/local/share/leasing/"
	- "--email_client_secret_file=/etc/leasing-email-secrets/client_secret.json"
	- "--email_token_cache_file=/etc/leasing-email-secrets/client_token.json"
	- "--service_account_file=/var/secrets/google/key.json"
	ports:
	- containerPort: 20000
	- containerPort: 8000
	volumeMounts:
	- name: leasing-email-secrets
	mountPath: /etc/leasing-email-secrets
	- name: skia-public-auth
	mountPath: /var/secrets/skia-public-auth
	- name: skia-leasing-sa
	mountPath: /var/secrets/google
	- name: skia-org-legacy-login-secrets
	mountPath: /etc/skia.org/
	env:
	- name: GOOGLE_APPLICATION_CREDENTIALS
	value: /var/secrets/google/key.json
	resources:
	requests:
	memory: "300Mi"
	cpu: "10m"
	readinessProbe:
	httpGet:
	path: /healthz
	port: 8000
	initialDelaySeconds: 1
	periodSeconds: 3
	failureThreshold: 10
	volumes:
	- name: leasing-email-secrets
	secret:
	secretName: leasing-email-secrets
	- name: skia-public-auth
	secret:
	secretName: skia-public-auth
	- name: skia-leasing-sa
	secret:
	secretName: skia-leasing
	- name: skia-org-legacy-login-secrets
	secret:
	secretName: skia-org-legacy-login-secrets