golang.org/x/build@v0.0.0-20240506185731-218518f32b70/cmd/relui/deployment-prod.yaml

# Copyright 2022 The Go Authors. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: prod
  name: relui-deployment
spec:
  selector:
    matchLabels:
      app: relui
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: relui
    spec:
      serviceAccountName: relui
      containers:
        - name: relui
          image: gcr.io/symbolic-datum-552/relui:latest
          imagePullPolicy: Always
          command:
            - "/usr/bin/tini"
            - "--"
            - "./relui"
            - "--listen-https-selfsigned=:444"
            - "--base-url=https://build.golang.org/releases"
            # Define the site header and external service configuration.
            - "--site-title=Go Releases"
            - "--site-header-css=Site-header--production"
            - "--sendgrid-api-key=secret:symbolic-datum-552/sendgrid-sendonly-api-key"
            - "--announce-mail-from=announce@golang.org"
            - "--announce-mail-to=golang-nuts@googlegroups.com"
            - "--announce-mail-bcc=golang-announce@googlegroups.com, golang-dev@googlegroups.com"
            - "--schedule-mail-from=nobody@golang.org"
            - "--schedule-mail-to=go-builders-alerts@google.com"
            - "--twitter-api-secret=secret:symbolic-datum-552/twitter-api-secret"
            - "--mastodon-api-secret=secret:symbolic-datum-552/mastodon-api-secret"
            - "--builder-master-key=secret:symbolic-datum-552/builder-master-key"
            - "--github-token=secret:symbolic-datum-552/maintner-github-token"
            - "--scratch-files-base=gs://golang-release-staging/relui-scratch"
            - "--signed-files-base=gs://golang-release-staging/relui-scratch/relworker-scratch"
            - "--serving-files-base=gs://golang"
            - "--edge-cache-url=https://dl.google.com/go"
            - "--website-upload-url=https://go.dev/dl/upload"
            - "--cloud-build-project=symbolic-datum-552"
            - "--cloud-build-account=projects/symbolic-datum-552/serviceAccounts/relui-prod@symbolic-datum-552.iam.gserviceaccount.com"
            - "--swarming-url=https://chrome-swarming.appspot.com"
            - "--swarming-account=relui-tasks@symbolic-datum-552.iam.gserviceaccount.com"
            - "--swarming-pool=luci.golang.security-try-workers"
            - "--swarming-realm=golang:security-try-workers"
          readinessProbe:
            httpGet:
              path: /healthz
              port: 444
              scheme: HTTPS
          ports:
            - containerPort: 444
          env:
            - name: PGUSER
              value: relui-prod@symbolic-datum-552.iam
            - name: PGHOST
              value: 127.0.0.1
            - name: PGDATABASE
              value: relui
          resources:
            requests:
              cpu: "8"
              memory: "8Gi"
        - name: cloud-sql-proxy
          # It is recommended to use the latest version of the Cloud SQL proxy
          image: gcr.io/cloudsql-docker/gce-proxy:latest
          command:
            - "/cloud_sql_proxy"
            # If connecting from a VPC-native GKE cluster, you can use the
            # following flag to have the proxy connect over private IP
            - "-ip_address_types=PRIVATE"
            - "-enable_iam_login"
            # Replace DB_PORT with the port the proxy should listen on
            # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433
            - "-instances=symbolic-datum-552:us-central1:relui-prod-01=tcp:5432"
          securityContext:
            # The default Cloud SQL proxy image runs as the
            # "nonroot" user and group (uid: 65532) by default.
            runAsNonRoot: true
          # Resource configuration depends on an application's requirements. You
          # should adjust the following values based on what your application
          # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
          resources:
            requests:
              # The proxy's memory use scales linearly with the number of active
              # connections. Fewer open connections will use less memory. Adjust
              # this value based on your application's requirements.
              memory: "2Gi"
              # The proxy's CPU use scales linearly with the amount of IO between
              # the database and the application. Adjust this value based on your
              # application's requirements.
              cpu: "1"
---
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: prod
  name: relui
  annotations:
    iam.gke.io/gcp-service-account: relui-prod@symbolic-datum-552.iam.gserviceaccount.com
---
apiVersion: v1
kind: Service
metadata:
  namespace: prod
  name: relui-internal
  annotations:
    cloud.google.com/backend-config: '{"default": "relui-iap-backend"}'
    cloud.google.com/neg: '{"ingress": false}'
    cloud.google.com/app-protocols: '{"https":"HTTP2"}'
spec:
  ports:
    - port: 444
      targetPort: 444
      name: https
  selector:
    app: relui
  type: NodePort
---
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
  namespace: prod
  name: relui-iap-backend
spec:
  iap:
    enabled: true
    oauthclientCredentials:
      secretName: iap-oauth
  healthCheck:
    timeoutSec: 10
    checkIntervalSec: 15
    type: HTTPS
    requestPath: /healthz