| # Copyright 2018 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # This file contans the definitions of the Analyzer Service's Deployment object |
| # (which includes an embedded defintion of its Pod object). |
| # |
| # The definitions contain some parameters (indicated by $$PARAMETER_NAME$$) |
| # that will be replaced by the script tools/container_util.py prior to being |
| # passed to "kubectl apply" |
| |
| # The defintion of the Deployment and Pod |
| apiVersion: apps/v1beta1 |
| kind: StatefulSet |
| metadata: |
| name: report-master |
| labels: |
| name: report-master |
| # Pod object |
| spec: |
| serviceName: report-master |
| replicas: 1 |
| updateStrategy: |
| type: RollingUpdate |
| selector: |
| matchLabels: |
| name: report-master |
| template: |
| metadata: |
| name: report-master |
| labels: |
| name: report-master |
| spec: |
| containers: |
| - name: endpoint |
| image: gcr.io/endpoints-release/endpoints-runtime:1 |
| args: [ |
| '-S', '443', |
| '-s', '$$ENDPOINT_NAME$$', |
| '-v', '$$ENDPOINT_CONFIG_ID$$', |
| '-a', 'grpc://127.0.0.1:7000' |
| ] |
| ports: |
| - containerPort: 443 |
| volumeMounts: |
| - mountPath: /etc/nginx/ssl |
| # The name must match the volumes.name corresponding to the |
| # secret $$REPORT_MASTER_CERTIFICATE_SECRET_NAME$$ below. |
| name: report-master-certificate-storage |
| readOnly: true |
| - name: report-master |
| # The URI of a Docker image in a Docker repository. |
| image: $$REPORT_MASTER_IMAGE_URI$$ |
| args: |
| - '-port' |
| - '7000' |
| - '-bigtable_project_name' |
| - $$BIGTABLE_PROJECT_NAME$$ |
| - '-bigtable_instance_id' |
| - $$BIGTABLE_INSTANCE_ID$$ |
| - '-cobalt_registry_proto_path' |
| # This path must match the path to where the binproto config file is |
| # copied in Dockerfile. |
| - '/etc/cobalt/cobalt_config.binproto' |
| - '-config_parser_bin_path' |
| # This path must match the path to where the config parser binary is |
| # copied in Dockerfile. |
| - '/usr/local/bin/config_parser' |
| - '-config_update_repository_url' |
| - '$$REPORT_MASTER_CONFIG_UPDATE_REPO_URL$$' |
| - $$REPORT_MASTER_ENABLE_REPORT_SCHEDULING_FLAG$$ |
| # This configures the AuthEnforcer. |
| - '-googlers_only' |
| - '-logtostderr' |
| # TODO(rudominer) Eventually remove this. |
| - '-v=3' |
| ports: |
| - containerPort: 7000 |
| volumeMounts: |
| # The mount path below must match the directory part of the |
| # path to which the environment variable |
| # COBALT_GCS_SERVICE_ACCOUNT_CREDENTIALS is set in the Dockerfile. |
| - mountPath: /var/lib/cobalt/gcskey |
| # The name must match the volumes.name corresponding to the |
| # secret $$REPORT_MASTER_GCS_SERVICE_ACCOUNT_SECRET_NAME$$ below. |
| name: report-master-gcs-service-account-key-storage |
| readOnly: true |
| volumes: |
| - name: report-master-certificate-storage |
| secret: |
| secretName: $$REPORT_MASTER_CERTIFICATE_SECRET_NAME$$ |
| - name: report-master-gcs-service-account-key-storage |
| secret: |
| secretName: $$REPORT_MASTER_GCS_SERVICE_ACCOUNT_SECRET_NAME$$ |
