| # Copyright 2022 The Go Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style |
| # license that can be found in the LICENSE file. |
| |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| namespace: prod |
| name: coordinator-deployment |
| spec: |
| selector: |
| matchLabels: |
| app: coordinator |
| template: |
| metadata: |
| labels: |
| app: coordinator |
| annotations: |
| container.seccomp.security.alpha.kubernetes.io/coordinator: docker/default |
| container.apparmor.security.beta.kubernetes.io/coordinator: runtime/default |
| spec: |
| serviceAccountName: coordinator |
| containers: |
| - name: coordinator |
| image: gcr.io/symbolic-datum-552/coordinator:latest |
| imagePullPolicy: Always |
| command: ["/coordinator", "-listen-http=:80", "-listen-https-autocert=:443", "-autocert-bucket=farmer-golang-org-autocert-cache", "-listen-https-selfsigned=:444"] |
| ports: |
| - containerPort: 80 |
| - containerPort: 443 |
| - containerPort: 444 |
| - containerPort: 2222 # ssh proxy port |
| - containerPort: 8123 # module proxy port (internal, not accessible directly from public) |
| resources: |
| requests: |
| cpu: "4" |
| memory: "32Gi" |
| limits: |
| cpu: "6" |
| memory: "36Gi" |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| namespace: prod |
| name: coordinator |
| spec: |
| ports: |
| - port: 80 |
| targetPort: 80 |
| name: http |
| - port: 443 |
| targetPort: 443 |
| name: https |
| - port: 2222 |
| targetPort: 2222 |
| name: ssh |
| selector: |
| app: coordinator |
| type: LoadBalancer |
| loadBalancerIP: 107.178.219.46 |
| externalTrafficPolicy: Local |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| namespace: prod |
| name: coordinator-internal-iap |
| annotations: |
| cloud.google.com/backend-config: '{"default": "coordinator-iap-backend"}' |
| cloud.google.com/neg: '{"ingress": false}' |
| cloud.google.com/app-protocols: '{"https":"HTTP2"}' |
| spec: |
| ports: |
| - port: 444 |
| targetPort: 444 |
| name: https |
| selector: |
| app: coordinator |
| type: NodePort |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| namespace: prod |
| name: coordinator-internal |
| annotations: |
| cloud.google.com/neg: '{"ingress": false}' |
| cloud.google.com/app-protocols: '{"https":"HTTP2"}' |
| spec: |
| ports: |
| - port: 444 |
| targetPort: 444 |
| name: https |
| selector: |
| app: coordinator |
| type: NodePort |
| --- |
| apiVersion: cloud.google.com/v1 |
| kind: BackendConfig |
| metadata: |
| namespace: prod |
| name: coordinator-iap-backend |
| spec: |
| iap: |
| enabled: true |
| oauthclientCredentials: |
| secretName: iap-oauth |
| timeoutSec: 86400 # For long-running gomote RPCs. See https://go.dev/issue/56423. |