blob: 318730b744aa064546d930ba6327e33c82dd50ed [file] [log] [blame]
apiVersion: v1
kind: Service
metadata:
labels:
app: docker-pushes-watcher
name: docker-pushes-watcher
spec:
ports:
- name: metrics
port: 20000
selector:
app: docker-pushes-watcher
type: NodePort
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: docker-pushes-watcher
spec:
replicas: 1
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: docker-pushes-watcher
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
serviceAccountName: continuous
automountServiceAccountToken: true
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 412 # aka docker
containers:
- name: docker-pushes-watcher
image: gcr.io/skia-public/docker_pushes_watcher:2019-12-03T19_05_59Z-rmistry-eea29f5-dirty
args:
- "--logtostderr"
- "--prom_port=:20000"
- "--tag_prod_image=infra-v2"
# - "--deploy_image=infra-v2"
- "--fs_namespace=docker_pushes_watcher"
# - "--hang"
ports:
- containerPort: 20000
volumeMounts:
- name: skia-docker-pushes-watcher-sa
mountPath: /var/secrets/google
- name: dockersock
mountPath: /var/run/docker.sock
securityContext:
privileged: true
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
resources:
requests:
memory: "10Mi"
cpu: "10m"
readinessProbe:
httpGet:
path: /metrics
port: 20000
initialDelaySeconds: 1
periodSeconds: 3
volumes:
- name: skia-docker-pushes-watcher-sa
secret:
secretName: skia-docker-pushes-watcher
- name: dockersock
hostPath:
path: /var/run/docker.sock
type: File