blob: 2a9e1018b3dc5e7cb44f2970b02477e0a709f1c0 [file] [log] [blame]
# Copyright 2023 The Go Authors. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prod
name: gomoteserver-deployment
spec:
selector:
matchLabels:
app: gomoteserver
template:
metadata:
labels:
app: gomoteserver
spec:
serviceAccountName: gomoteserver
containers:
- name: gomoteserver
image: gcr.io/symbolic-datum-552/gomoteserver:latest
imagePullPolicy: Always
command:
- "/gomoteserver"
- "-listen-http=:80"
- "-listen-https-autocert=:443"
- "-autocert-bucket=gomote-golang-org-autocert-cache"
- "-listen-https-selfsigned=:444"
- "-private-host-key=secret:symbolic-datum-552/gomoteserver-private-host-key"
- "-public-host-key=secret:symbolic-datum-552/gomoteserver-public-host-key"
ports:
- containerPort: 80
- containerPort: 443
- containerPort: 444
- containerPort: 2222 # ssh proxy port
resources:
requests:
cpu: "2"
memory: "16Gi"
limits:
cpu: "4"
memory: "16Gi"
---
apiVersion: v1
kind: Service
metadata:
namespace: prod
name: gomoteserver
spec:
ports:
- port: 80
targetPort: 80
name: http
- port: 443
targetPort: 443
name: https
- port: 2222
targetPort: 2222
name: ssh
selector:
app: gomoteserver
type: LoadBalancer
loadBalancerIP: 35.232.178.214 # gomote-ssh-golang-org
externalTrafficPolicy: Local
---
apiVersion: v1
kind: Service
metadata:
namespace: prod
name: gomoteserver-internal-iap
annotations:
cloud.google.com/backend-config: '{"default": "gomoteserver-iap-backend"}'
cloud.google.com/neg: '{"ingress": false}'
cloud.google.com/app-protocols: '{"https":"HTTP2"}'
spec:
ports:
- port: 444
targetPort: 444
name: https
selector:
app: gomoteserver
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
namespace: prod
name: gomoteserver-internal
annotations:
cloud.google.com/neg: '{"ingress": false}'
cloud.google.com/app-protocols: '{"https":"HTTP2"}'
spec:
ports:
- port: 444
targetPort: 444
name: https
selector:
app: gomoteserver
type: NodePort
---
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
namespace: prod
name: gomoteserver-iap-backend
spec:
iap:
enabled: true
oauthclientCredentials:
secretName: iap-oauth
timeoutSec: 86400 # For long-running gomote RPCs. See https://go.dev/issue/56423.