blob: dff349a4afae401b67900431bdd10244a8aa4907 [file] [log] [blame]
# Copyright 2022 The Go Authors. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prod
name: coordinator-deployment
spec:
selector:
matchLabels:
app: coordinator
template:
metadata:
labels:
app: coordinator
annotations:
container.seccomp.security.alpha.kubernetes.io/coordinator: docker/default
container.apparmor.security.beta.kubernetes.io/coordinator: runtime/default
spec:
serviceAccountName: coordinator
containers:
- name: coordinator
image: gcr.io/symbolic-datum-552/coordinator:latest
imagePullPolicy: Always
command: ["/coordinator", "-listen-http=:80", "-listen-https-autocert=:443", "-autocert-bucket=farmer-golang-org-autocert-cache", "-listen-https-selfsigned=:444"]
ports:
- containerPort: 80
- containerPort: 443
- containerPort: 444
- containerPort: 2222 # ssh proxy port
- containerPort: 8123 # module proxy port (internal, not accessible directly from public)
resources:
requests:
cpu: "4"
memory: "32Gi"
limits:
cpu: "6"
memory: "36Gi"
---
apiVersion: v1
kind: Service
metadata:
namespace: prod
name: coordinator
spec:
ports:
- port: 80
targetPort: 80
name: http
- port: 443
targetPort: 443
name: https
- port: 2222
targetPort: 2222
name: ssh
selector:
app: coordinator
type: LoadBalancer
loadBalancerIP: 107.178.219.46
externalTrafficPolicy: Local
---
apiVersion: v1
kind: Service
metadata:
namespace: prod
name: coordinator-internal-iap
annotations:
cloud.google.com/backend-config: '{"default": "coordinator-iap-backend"}'
cloud.google.com/neg: '{"ingress": false}'
cloud.google.com/app-protocols: '{"https":"HTTP2"}'
spec:
ports:
- port: 444
targetPort: 444
name: https
selector:
app: coordinator
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
namespace: prod
name: coordinator-internal
annotations:
cloud.google.com/neg: '{"ingress": false}'
cloud.google.com/app-protocols: '{"https":"HTTP2"}'
spec:
ports:
- port: 444
targetPort: 444
name: https
selector:
app: coordinator
type: NodePort
---
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
namespace: prod
name: coordinator-iap-backend
spec:
iap:
enabled: true
oauthclientCredentials:
secretName: iap-oauth
timeoutSec: 86400 # For long-running gomote RPCs. See https://go.dev/issue/56423.