| # Copyright 2016 The Fuchsia Authors |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # This file contans the definitions of the Analyzer Service's Deployment object |
| # (which includes an embedded defintion of the it's Pod object) and the |
| # Analyzer Service's Service object. |
| # |
| # The definitions contain some parameters (indicated by $$PARAMETER_NAME$$) |
| # that will be replaced by the script tools/container_util.py prior to being |
| # passed to "kubectl create" |
| |
| # The defintion of the Deployment and Pod |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: report-master |
| labels: |
| name: report-master |
| # Pod object |
| spec: |
| replicas: 1 |
| template: |
| metadata: |
| name: report-master |
| labels: |
| name: report-master |
| spec: |
| containers: |
| - name: endpoint |
| image: gcr.io/endpoints-release/endpoints-runtime:1 |
| args: [ |
| '-S', '443', |
| '-s', '$$ENDPOINT_NAME$$', |
| '-v', '$$ENDPOINT_CONFIG_ID$$', |
| '-a', 'grpc://127.0.0.1:7000' |
| ] |
| ports: |
| - containerPort: 8000 |
| - containerPort: 443 |
| volumeMounts: |
| - mountPath: /etc/nginx/ssl |
| # The name must match the volumes.name corresponding to the |
| # secret $$REPORT_MASTER_CERTIFICATE_SECRET_NAME$$ below. |
| name: report-master-certificate-storage |
| readOnly: true |
| - name: report-master |
| # The URI of a Docker image in a Docker repository. |
| image: $$REPORT_MASTER_IMAGE_URI$$ |
| args: |
| - '-port' |
| - '7000' |
| - '-bigtable_project_name' |
| - $$BIGTABLE_PROJECT_NAME$$ |
| - '-bigtable_instance_id' |
| - $$BIGTABLE_INSTANCE_ID$$ |
| - '-cobalt_config_proto_path' |
| # This path must match the path to where the binproto config file is |
| # copied in Dockerfile. |
| - '/etc/cobalt/cobalt_config.binproto' |
| - '-config_parser_bin_path' |
| # This path must match the path to where the config parser binary is |
| # copied in Dockerfile. |
| - '/usr/local/bin/config_parser' |
| - '-config_update_repository_url' |
| - '"$$REPORT_MASTER_CONFIG_UPDATE_REPO_URL$$"' |
| - $$REPORT_MASTER_ENABLE_REPORT_SCHEDULING_FLAG$$ |
| # This configures the AuthEnforcer. |
| - '-googlers_only' |
| - '-logtostderr' |
| # TODO(rudominer) Eventually remove this. |
| - '-v=3' |
| ports: |
| - containerPort: 7000 |
| volumeMounts: |
| # The mount path below must match the directory part of the |
| # path to which the environment variable |
| # COBALT_GCS_SERVICE_ACCOUNT_CREDENTIALS is set in the Dockerfile. |
| - mountPath: /var/lib/cobalt/gcskey |
| # The name must match the volumes.name corresponding to the |
| # secret $$REPORT_MASTER_GCS_SERVICE_ACCOUNT_SECRET_NAME$$ below. |
| name: report-master-gcs-service-account-key-storage |
| readOnly: true |
| volumes: |
| - name: report-master-certificate-storage |
| secret: |
| secretName: $$REPORT_MASTER_CERTIFICATE_SECRET_NAME$$ |
| - name: report-master-gcs-service-account-key-storage |
| secret: |
| secretName: $$REPORT_MASTER_GCS_SERVICE_ACCOUNT_SECRET_NAME$$ |
| --- |
| # The defintion of the Service |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: report-master |
| spec: |
| ports: |
| # Requests to this port are forwarded to the Endpoints implementation |
| # on the same port. Requests made to this port protected by TLS. |
| # All clients should access Report Master via this port. |
| - port: 443 |
| protocol: TCP |
| name: endpoint-https |
| selector: |
| # This must match the metadata.labels section of the Deployment above. |
| name: report-master |
| type: LoadBalancer |
| loadBalancerIP: $$REPORT_MASTER_STATIC_IP_ADDRESS$$ |
| |