| # Copyright 2022 The Go Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style |
| # license that can be found in the LICENSE file. |
| |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| namespace: prod |
| name: relui-deployment |
| spec: |
| selector: |
| matchLabels: |
| app: relui |
| strategy: |
| type: Recreate |
| template: |
| metadata: |
| labels: |
| app: relui |
| spec: |
| serviceAccountName: relui |
| containers: |
| - name: relui |
| image: gcr.io/symbolic-datum-552/relui:latest |
| imagePullPolicy: Always |
| command: |
| - "/usr/bin/tini" |
| - "--" |
| - "./relui" |
| - "--listen-https-selfsigned=:444" |
| - "--base-url=https://build.golang.org/releases" |
| # Define the site header and external service configuration. |
| - "--site-title=Go Releases" |
| - "--site-header-css=Site-header--production" |
| - "--sendgrid-api-key=secret:symbolic-datum-552/sendgrid-sendonly-api-key" |
| - "--announce-mail-from=announce@golang.org" |
| - "--announce-mail-to=golang-nuts@googlegroups.com" |
| - "--announce-mail-bcc=golang-announce@googlegroups.com, golang-dev@googlegroups.com" |
| - "--schedule-mail-from=nobody@golang.org" |
| - "--schedule-mail-to=go-builders-alerts@google.com" |
| - "--gopls-announce-mail-from=announce@golang.org" |
| # TODO(hxjiang): replace builder alerts with tooling gopher google group. |
| - "--gopls-announce-mail-to=go-builders-alerts@google.com" |
| - "--vscode-go-announce-mail-from=announce@golang.org" |
| - "--vscode-go-announce-mail-to=go-builders-alerts@google.com" |
| - "--twitter-api-secret=secret:symbolic-datum-552/twitter-api-secret" |
| - "--mastodon-api-secret=secret:symbolic-datum-552/mastodon-api-secret" |
| - "--builder-master-key=secret:symbolic-datum-552/builder-master-key" |
| - "--github-token=secret:symbolic-datum-552/maintner-github-token" |
| - "--scratch-files-base=gs://golang-release-staging/relui-scratch" |
| - "--signed-files-base=gs://golang-release-staging/relui-scratch/relworker-scratch" |
| - "--serving-files-base=gs://golang" |
| - "--edge-cache-url=https://dl.google.com/go" |
| - "--website-upload-url=https://go.dev/dl/upload" |
| - "--cloud-build-project=symbolic-datum-552" |
| - "--cloud-build-account=projects/symbolic-datum-552/serviceAccounts/relui-prod@symbolic-datum-552.iam.gserviceaccount.com" |
| - "--swarming-url=https://chrome-swarming.appspot.com" |
| - "--swarming-account=relui-tasks@symbolic-datum-552.iam.gserviceaccount.com" |
| - "--swarming-pool=luci.golang.security-try-workers" |
| - "--swarming-realm=golang:security-try-workers" |
| - "--buildbucket-host=cr-buildbucket.appspot.com" |
| readinessProbe: |
| httpGet: |
| path: /healthz |
| port: 444 |
| scheme: HTTPS |
| ports: |
| - containerPort: 444 |
| env: |
| - name: PGUSER |
| value: relui-prod@symbolic-datum-552.iam |
| - name: PGHOST |
| value: 127.0.0.1 |
| - name: PGDATABASE |
| value: relui |
| resources: |
| requests: |
| cpu: "8" |
| memory: "8Gi" |
| - name: cloud-sql-proxy |
| # It is recommended to use the latest version of the Cloud SQL proxy |
| image: gcr.io/cloudsql-docker/gce-proxy:latest |
| command: |
| - "/cloud_sql_proxy" |
| # If connecting from a VPC-native GKE cluster, you can use the |
| # following flag to have the proxy connect over private IP |
| - "-ip_address_types=PRIVATE" |
| - "-enable_iam_login" |
| # Replace DB_PORT with the port the proxy should listen on |
| # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433 |
| - "-instances=symbolic-datum-552:us-central1:relui-prod-01=tcp:5432" |
| securityContext: |
| # The default Cloud SQL proxy image runs as the |
| # "nonroot" user and group (uid: 65532) by default. |
| runAsNonRoot: true |
| # Resource configuration depends on an application's requirements. You |
| # should adjust the following values based on what your application |
| # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| resources: |
| requests: |
| # The proxy's memory use scales linearly with the number of active |
| # connections. Fewer open connections will use less memory. Adjust |
| # this value based on your application's requirements. |
| memory: "2Gi" |
| # The proxy's CPU use scales linearly with the amount of IO between |
| # the database and the application. Adjust this value based on your |
| # application's requirements. |
| cpu: "1" |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| namespace: prod |
| name: relui |
| annotations: |
| iam.gke.io/gcp-service-account: relui-prod@symbolic-datum-552.iam.gserviceaccount.com |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| namespace: prod |
| name: relui-internal |
| annotations: |
| cloud.google.com/backend-config: '{"default": "relui-iap-backend"}' |
| cloud.google.com/neg: '{"ingress": false}' |
| cloud.google.com/app-protocols: '{"https":"HTTP2"}' |
| spec: |
| ports: |
| - port: 444 |
| targetPort: 444 |
| name: https |
| selector: |
| app: relui |
| type: NodePort |
| --- |
| apiVersion: cloud.google.com/v1 |
| kind: BackendConfig |
| metadata: |
| namespace: prod |
| name: relui-iap-backend |
| spec: |
| iap: |
| enabled: true |
| oauthclientCredentials: |
| secretName: iap-oauth |
| healthCheck: |
| timeoutSec: 10 |
| checkIntervalSec: 15 |
| type: HTTPS |
| requestPath: /healthz |