blob: e599fa534224da09633237e508436001fac4c04c [file] [log] [blame]
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: autoroll-be-skia-flutter-autoroll
spec:
serviceName: "autoroll-be-skia-flutter-autoroll"
replicas: 1
selector:
matchLabels:
app: autoroll-be-skia-flutter-autoroll
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: autoroll-be-skia-flutter-autoroll # Pod template's label selector
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
automountServiceAccountToken: false
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: autoroll-be-skia-flutter-autoroll
image: gcr.io/skia-public/autoroll-be:2019-12-02T18_21_00Z-borenet-cec0bcf-clean
command: ["/usr/local/bin/autoroll-be"]
args:
- "--logtostderr"
- "--config=eyJjaGlsZE5hbWUiOiJTa2lhIiwiY29udGFjdHMiOlsiYnJpYW5vc21hbkBnb29nbGUuY29tIiwicm1pc3RyeUBnb29nbGUuY29tIl0sImlzSW50ZXJuYWwiOmZhbHNlLCJwYXJlbnROYW1lIjoiRmx1dHRlciIsInBhcmVudFdhdGVyZmFsbCI6Imh0dHBzOi8vYnVpbGQuY2hyb21pdW0ub3JnL3AvY2xpZW50LmZsdXR0ZXIvY29uc29sZSIsInJvbGxlck5hbWUiOiJza2lhLWZsdXR0ZXItYXV0b3JvbGwiLCJzZXJ2aWNlQWNjb3VudCI6ImZsdXR0ZXItZW5naW5lLWF1dG9yb2xsQHNraWEtcHVibGljLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic2hlcmlmZiI6WyJodHRwczovL3NraWEtdHJlZS1zdGF0dXMuYXBwc3BvdC5jb20vY3VycmVudC1zaGVyaWZmIl0sImdpdGh1YiI6eyJyZXBvT3duZXIiOiJmbHV0dGVyIiwicmVwb05hbWUiOiJlbmdpbmUiLCJjaGVja3NOdW0iOjEwLCJjaGVja3NXYWl0Rm9yIjpbImx1Y2ktZW5naW5lIl19LCJmcmVlVHlwZVJlcG9NYW5hZ2VyIjpudWxsLCJnaXRodWJERVBTUmVwb01hbmFnZXIiOnsiY2hpbGRCcmFuY2giOiJtYXN0ZXIiLCJjaGlsZFBhdGgiOiJzcmMvdGhpcmRfcGFydHkvc2tpYSIsImluY2x1ZGVCdWdzIjpmYWxzZSwiaW5jbHVkZUxvZyI6dHJ1ZSwicGFyZW50QnJhbmNoIjoibWFzdGVyIiwicGFyZW50UmVwbyI6ImdpdEBnaXRodWIuY29tOmZsdXR0ZXIvZW5naW5lLmdpdCIsImNoaWxkUmV2TGlua1RtcGwiOiJodHRwczovL3NraWEuZ29vZ2xlc291cmNlLmNvbS9za2lhLmdpdC8rLyVzIiwiY29tbWl0TXNnVG1wbCI6IiIsInByZVVwbG9hZFN0ZXBzIjpbIkZsdXR0ZXJMaWNlbnNlU2NyaXB0cyJdLCJnY2xpZW50U3BlYyI6InNvbHV0aW9ucz1be1wibmFtZVwiOlwic3JjL2ZsdXR0ZXJcIixcInVybFwiOlwiZ2l0QGdpdGh1Yi5jb206c2tpYS1mbHV0dGVyLWF1dG9yb2xsL2VuZ2luZS5naXRcIixcImRlcHNfZmlsZVwiOlwiREVQU1wiLFwibWFuYWdlZFwiOkZhbHNlLFwiY3VzdG9tX2RlcHNcIjp7fSxcInNhZmVzeW5jX3VybFwiOlwiXCJ9XSIsImdpdGh1YlBhcmVudFBhdGgiOiJzcmMvZmx1dHRlciIsInRyYW5zaXRpdmVEZXBzIjpudWxsfSwia3ViZXJuZXRlcyI6eyJjcHUiOiIxIiwibWVtb3J5IjoiOEdpIiwiZGlzayI6IjUwR2kifSwibWF4Um9sbEZyZXF1ZW5jeSI6IjNoIiwibm90aWZpZXJzIjpbeyJmaWx0ZXIiOiJ3YXJuaW5nIiwiZW1haWwiOnsiZW1haWxzIjpbIiRTSEVSSUZGIl19fV19"
- "--email_creds=/var/secrets/autoroll-email-creds"
- "--firestore_instance=production"
- "--port=:8000"
- "--prom_port=:20000"
- "--recipes_cfg=/usr/local/share/autoroll/recipes.cfg"
- "--workdir=/data"
- "--chat_webhooks_file=/etc/notifier-chat-config/chat_config.txt"
ports:
- containerPort: 8000
- containerPort: 20000
volumeMounts:
- name: autoroll-be-skia-flutter-autoroll-storage
mountPath: /data
- name: autoroll-be-flutter-engine-autoroll-sa
mountPath: /var/secrets/google
- name: autoroll-email-creds
mountPath: /var/secrets/autoroll-email-creds
- name: notifier-chat-config
mountPath: /etc/notifier-chat-config/
- name: flutter-engine-github-token
mountPath: /var/secrets/github-token
- name: flutter-engine-ssh-key
mountPath: /var/secrets/ssh-key
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
- name: TMPDIR
value: /data/tmp
resources:
limits:
memory: "8Gi"
cpu: 1
readinessProbe:
httpGet:
path: /healthz
port: 8000
initialDelaySeconds: 600
periodSeconds: 60
failureThreshold: 10
volumes:
- name: autoroll-be-flutter-engine-autoroll-sa
secret:
secretName: flutter-engine-autoroll
- name: autoroll-email-creds
secret:
secretName: autoroll-email-creds
- name: notifier-chat-config
secret:
secretName: notifier-chat-config
- name: flutter-engine-github-token
secret:
secretName: flutter-engine-github-token
- name: flutter-engine-ssh-key
secret:
secretName: flutter-engine-ssh-key
volumeClaimTemplates:
- metadata:
name: autoroll-be-skia-flutter-autoroll-storage
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 50Gi