Google Git
Sign in
fuchsia / cobalt / 22bfc7bbb1819095196e4c87212fdcf4d9e18902 / . / kubernetes / report_master / report_master_deployment.yaml
blob: e1e0e464274c02ee553b63005edaf018543228f8 [file] [log] [blame]
# Copyright 2016 The Fuchsia Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file contans the definitions of the Analyzer Service's Deployment object
# (which includes an embedded defintion of the it's Pod object) and the
# Analyzer Service's Service object.
#
# The definitions contain some parameters (indicated by $$PARAMETER_NAME$$)
# that will be replaced by the script tools/container_util.py prior to being
# passed to "kubectl create"
# The defintion of the Deployment and Pod
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: report-master
labels:
name: report-master
# Pod object
spec:
replicas: 1
template:
metadata:
name: report-master
labels:
name: report-master
spec:
containers:
- name: endpoint
image: gcr.io/endpoints-release/endpoints-runtime:1
args: [
'-S', '443',
'-s', '$$ENDPOINT_NAME$$',
'-v', '$$ENDPOINT_CONFIG_ID$$',
'-a', 'grpc://127.0.0.1:7000'
]
ports:
- containerPort: 8000
- containerPort: 443
volumeMounts:
- mountPath: /etc/nginx/ssl
# The name must match the volumes.name corresponding to the
# secret $$REPORT_MASTER_CERTIFICATE_SECRET_NAME$$ below.
name: report-master-certificate-storage
readOnly: true
- name: report-master
# The URI of a Docker image in a Docker repository.
image: $$REPORT_MASTER_IMAGE_URI$$
args:
- '-port'
- '7000'
- '-bigtable_project_name'
- $$BIGTABLE_PROJECT_NAME$$
- '-bigtable_instance_id'
- $$BIGTABLE_INSTANCE_ID$$
- '-cobalt_config_proto_path'
# This path must match the path to where the binproto config file is
# copied in Dockerfile.
- '/etc/cobalt/cobalt_config.binproto'
- '-config_parser_bin_path'
# This path must match the path to where the config parser binary is
# copied in Dockerfile.
- '/usr/local/bin/config_parser'
- '-config_update_repository_url'
- '"$$REPORT_MASTER_CONFIG_UPDATE_REPO_URL$$"'
- $$REPORT_MASTER_ENABLE_REPORT_SCHEDULING_FLAG$$
# This configures the AuthEnforcer.
- '-googlers_only'
- '-logtostderr'
# TODO(rudominer) Eventually remove this.
- '-v=3'
ports:
- containerPort: 7000
volumeMounts:
# The mount path below must match the directory part of the
# path to which the environment variable
# COBALT_GCS_SERVICE_ACCOUNT_CREDENTIALS is set in the Dockerfile.
- mountPath: /var/lib/cobalt/gcskey
# The name must match the volumes.name corresponding to the
# secret $$REPORT_MASTER_GCS_SERVICE_ACCOUNT_SECRET_NAME$$ below.
name: report-master-gcs-service-account-key-storage
readOnly: true
volumes:
- name: report-master-certificate-storage
secret:
secretName: $$REPORT_MASTER_CERTIFICATE_SECRET_NAME$$
- name: report-master-gcs-service-account-key-storage
secret:
secretName: $$REPORT_MASTER_GCS_SERVICE_ACCOUNT_SECRET_NAME$$
---
# The defintion of the Service
apiVersion: v1
kind: Service
metadata:
name: report-master
spec:
ports:
# Requests to this port are forwarded to the Endpoints implementation
# on the same port. Requests made to this port protected by TLS.
# All clients should access Report Master via this port.
- port: 443
protocol: TCP
name: endpoint-https
selector:
# This must match the metadata.labels section of the Deployment above.
name: report-master
type: LoadBalancer
loadBalancerIP: $$REPORT_MASTER_STATIC_IP_ADDRESS$$