| apiVersion: v1 |
| kind: Service |
| metadata: |
| labels: |
| app: leasing |
| name: leasing |
| annotations: |
| beta.cloud.google.com/backend-config: '{"ports": {"8000":"skia-default-backendconfig"}}' |
| skia.org.domain: leasing.skia.org |
| spec: |
| ports: |
| - name: metrics |
| port: 20000 |
| - name: http |
| port: 8000 |
| selector: |
| app: leasing |
| type: NodePort |
| --- |
| apiVersion: apps/v1beta1 |
| kind: Deployment |
| metadata: |
| name: leasing |
| spec: |
| replicas: 1 |
| strategy: |
| type: RollingUpdate |
| template: |
| metadata: |
| labels: |
| app: leasing |
| annotations: |
| prometheus.io.scrape: "true" |
| prometheus.io.port: "20000" |
| spec: |
| automountServiceAccountToken: false |
| securityContext: |
| runAsUser: 2000 # aka skia |
| fsGroup: 2000 # aka skia |
| containers: |
| - name: leasing |
| image: gcr.io/skia-public/leasing:2019-10-09T17_50_58Z-rmistry-88d1894-clean |
| args: |
| - "--workdir=/tmp/workdir" |
| - "--namespace=leasing-server" |
| - "--project_name=skia-public" |
| - "--host=leasing.skia.org" |
| - "--logtostderr" |
| - "--port=:8000" |
| - "--prom_port=:20000" |
| - "--resources_dir=/usr/local/share/leasing/" |
| - "--email_client_secret_file=/etc/leasing-email-secrets/client_secret.json" |
| - "--email_token_cache_file=/etc/leasing-email-secrets/client_token.json" |
| - "--service_account_file=/var/secrets/google/key.json" |
| ports: |
| - containerPort: 20000 |
| - containerPort: 8000 |
| volumeMounts: |
| - name: leasing-email-secrets |
| mountPath: /etc/leasing-email-secrets |
| - name: skia-public-auth |
| mountPath: /var/secrets/skia-public-auth |
| - name: skia-leasing-sa |
| mountPath: /var/secrets/google |
| - name: skia-org-legacy-login-secrets |
| mountPath: /etc/skia.org/ |
| env: |
| - name: GOOGLE_APPLICATION_CREDENTIALS |
| value: /var/secrets/google/key.json |
| resources: |
| requests: |
| memory: "300Mi" |
| cpu: "10m" |
| readinessProbe: |
| httpGet: |
| path: /healthz |
| port: 8000 |
| initialDelaySeconds: 1 |
| periodSeconds: 3 |
| failureThreshold: 10 |
| volumes: |
| - name: leasing-email-secrets |
| secret: |
| secretName: leasing-email-secrets |
| - name: skia-public-auth |
| secret: |
| secretName: skia-public-auth |
| - name: skia-leasing-sa |
| secret: |
| secretName: skia-leasing |
| - name: skia-org-legacy-login-secrets |
| secret: |
| secretName: skia-org-legacy-login-secrets |