blob: ecd21b62bdafcdde7d4cef334767cc0f6f44cebc [file] [log] [blame]
apiVersion: v1
kind: Service
metadata:
labels:
app: fuzzer-fe
instance: "0"
name: fuzzer-fe
spec:
ports:
- name: metrics
port: 20000
- name: http
port: 8000
selector:
app: fuzzer-fe
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: fuzzer-fe
spec:
replicas: 2
selector:
matchLabels:
app: fuzzer-fe
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: fuzzer-fe
instance: "1"
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: fuzzer-fe
image: gcr.io/skia-public/fuzzer-fe:2019-01-18T13_51_25Z-kjlubick-df794b8-clean
args:
- "--logtostderr"
- "--port=:8000"
- "--prom_port=:20000"
- "--resources_dir=/usr/local/share/fuzzer-fe/"
- "--bolt_db_path=/mnt/fuzzing/fe-db"
- "--host=fuzzer.skia.org"
- "--skia_root=/mnt/fuzzing/skia-fe"
- "--depot_tools_path=/opt/depot_tools"
- "--fuzz_sync_period=1m0s"
- "--download_processes=32"
- "--backend_names=skia-fuzzer-be-0"
- "--backend_names=skia-fuzzer-be-1"
- "--backend_names=skia-fuzzer-be-2"
- "--backend_names=skia-fuzzer-be-3"
- "--backend_names=skia-fuzzer-be-4"
- "--backend_names=skia-fuzzer-be-5"
- "--backend_names=skia-fuzzer-be-6"
- "--backend_names=skia-fuzzer-be-7"
- "--backend_names=skia-fuzzer-be-8"
- "--backend_names=skia-fuzzer-be-9"
ports:
- containerPort: 20000
volumeMounts:
- name: skia-fuzzer-fe-sa
mountPath: /var/secrets/google
- name: fuzzer-fe-storage
mountPath: /mnt/fuzzing
- name: skia-org-legacy-login-secrets
mountPath: /etc/skia.org/
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
resources:
requests:
memory: "10Gi"
cpu: "4"
ephemeral-storage: "20Gi"
limits:
memory: "20Gi"
ephemeral-storage: "50Gi"
readinessProbe:
tcpSocket:
port: 20000
initialDelaySeconds: 30
periodSeconds: 3
volumes:
- name: skia-fuzzer-fe-sa
secret: # intentionally share with backend fuzzer because they
secretName: skia-fuzzer-be # both only need read/write access to GCS
- name: fuzzer-fe-storage
emptyDir: {}
- name: skia-org-legacy-login-secrets
secret:
secretName: skia-org-legacy-login-secrets