| apiVersion: v1 |
| kind: Service |
| metadata: |
| labels: |
| app: ct-master |
| name: ct-master |
| spec: |
| ports: |
| - name: metrics |
| port: 20000 |
| selector: |
| app: ct-master |
| type: NodePort |
| --- |
| apiVersion: apps/v1beta1 |
| kind: Deployment |
| metadata: |
| name: ct-master |
| spec: |
| replicas: 1 |
| strategy: |
| type: RollingUpdate |
| template: |
| metadata: |
| labels: |
| app: ct-master |
| annotations: |
| prometheus.io.scrape: "true" |
| prometheus.io.port: "20000" |
| spec: |
| automountServiceAccountToken: false |
| securityContext: |
| runAsUser: 2000 # aka skia |
| fsGroup: 2000 # aka skia |
| containers: |
| - name: ct-master |
| image: gcr.io/skia-public/ct-master:2019-08-19T15_10_32Z-rmistry-0aaee3b-clean |
| args: |
| - "--logtostderr" |
| - "--ctfe_url=https://ct.skia.org/" |
| - "--ctfe_internal_url=http://ctfe:9000/" |
| - "--email_client_secret_file=/etc/ct-email-secrets/client_secret.json" |
| - "--email_token_cache_file=/etc/ct-email-secrets/client_token.json" |
| - "--service_account_file=/var/secrets/google/key.json" |
| - "--service_account=skia-ct-master@skia-public.iam.gserviceaccount.com" |
| ports: |
| - containerPort: 20000 |
| volumeMounts: |
| - name: ct-email-secrets |
| mountPath: /etc/ct-email-secrets |
| - name: ct-master-storage |
| mountPath: /b/storage |
| - name: skia-ct-master-sa |
| mountPath: /var/secrets/google |
| env: |
| - name: GOOGLE_APPLICATION_CREDENTIALS |
| value: /var/secrets/google/key.json |
| resources: |
| requests: |
| memory: "200Gi" |
| cpu: "16" |
| volumes: |
| - name: ct-email-secrets |
| secret: |
| secretName: ct-email-secrets |
| - name: ct-master-storage |
| emptyDir: {} |
| - name: skia-ct-master-sa |
| secret: |
| secretName: skia-ct-master |
| - name: skia-org-legacy-login-secrets |
| secret: |
| secretName: skia-org-legacy-login-secrets |