...

Text file src/cuelang.org/go/doc/tutorial/kubernetes/testdata/manual.out

Documentation: cuelang.org/go/doc/tutorial/kubernetes/testdata

     1deployment: {}
     2service: {}
     3configMap: {}
     4kubernetes: {
     5    services: {}
     6    deployments: {}
     7    statefulSets: {}
     8    daemonSets: {}
     9    configMaps: {}
    10}
    11deployment: {}
    12service: {}
    13configMap: {}
    14kubernetes: {
    15    services: {}
    16    deployments: {}
    17    statefulSets: {}
    18    daemonSets: {}
    19    configMaps: {}
    20}
    21deployment: {
    22    bartender: {
    23        name:     "bartender"
    24        kind:     "deployment"
    25        replicas: 1
    26        image:    "gcr.io/myproj/bartender:v0.1.34"
    27        expose: {
    28            port: {
    29                http: 7080
    30            }
    31        }
    32        port: {}
    33        arg: {}
    34        args: []
    35        env: {}
    36        label: {
    37            app:       "bartender"
    38            domain:    "prod"
    39            component: "frontend"
    40        }
    41        kubernetes: {
    42            spec: {
    43                template: {
    44                    metadata: {
    45                        annotations: {
    46                            "prometheus.io.scrape": "true"
    47                            "prometheus.io.port":   "7080"
    48                        }
    49                    }
    50                }
    51            }
    52        }
    53        envSpec: {}
    54        volume: {}
    55    }
    56}
    57service: {
    58    bartender: {
    59        name: "bartender"
    60        port: {
    61            http: {
    62                name:     "http"
    63                port:     7080
    64                protocol: "TCP"
    65            }
    66        }
    67        label: {
    68            app:       "bartender"
    69            domain:    "prod"
    70            component: "frontend"
    71        }
    72        kubernetes: {}
    73    }
    74}
    75configMap: {}
    76kubernetes: {
    77    services: {
    78        bartender: {
    79            apiVersion: "v1"
    80            kind:       "Service"
    81            metadata: {
    82                name: "bartender"
    83                labels: {
    84                    app:       "bartender"
    85                    domain:    "prod"
    86                    component: "frontend"
    87                }
    88            }
    89            spec: {
    90                selector: {
    91                    app:       "bartender"
    92                    domain:    "prod"
    93                    component: "frontend"
    94                }
    95                ports: [{
    96                    name:     "http"
    97                    port:     7080
    98                    protocol: "TCP"
    99                }]
   100            }
   101        }
   102    }
   103    deployments: {
   104        bartender: {
   105            apiVersion: "extensions/v1beta1"
   106            kind:       "Deployment"
   107            metadata: {
   108                name: "bartender"
   109                labels: {
   110                    component: "frontend"
   111                }
   112            }
   113            spec: {
   114                template: {
   115                    metadata: {
   116                        labels: {
   117                            app:       "bartender"
   118                            domain:    "prod"
   119                            component: "frontend"
   120                        }
   121                        annotations: {
   122                            "prometheus.io.scrape": "true"
   123                            "prometheus.io.port":   "7080"
   124                        }
   125                    }
   126                    spec: {
   127                        containers: [{
   128                            name:  "bartender"
   129                            image: "gcr.io/myproj/bartender:v0.1.34"
   130                            args: []
   131                            ports: [{
   132                                name:          "http"
   133                                containerPort: 7080
   134                            }]
   135                        }]
   136                    }
   137                }
   138                replicas: 1
   139            }
   140        }
   141    }
   142    statefulSets: {}
   143    daemonSets: {}
   144    configMaps: {}
   145}
   146deployment: {
   147    breaddispatcher: {
   148        name:     "breaddispatcher"
   149        kind:     "deployment"
   150        replicas: 1
   151        image:    "gcr.io/myproj/breaddispatcher:v0.3.24"
   152        expose: {
   153            port: {
   154                http: 7080
   155            }
   156        }
   157        port: {}
   158        arg: {
   159            etcd:           "etcd:2379"
   160            "event-server": "events:7788"
   161        }
   162        args: ["-etcd=etcd:2379", "-event-server=events:7788"]
   163        env: {}
   164        label: {
   165            app:       "breaddispatcher"
   166            domain:    "prod"
   167            component: "frontend"
   168        }
   169        kubernetes: {
   170            spec: {
   171                template: {
   172                    metadata: {
   173                        annotations: {
   174                            "prometheus.io.scrape": "true"
   175                            "prometheus.io.port":   "7080"
   176                        }
   177                    }
   178                }
   179            }
   180        }
   181        envSpec: {}
   182        volume: {}
   183    }
   184}
   185service: {
   186    breaddispatcher: {
   187        name: "breaddispatcher"
   188        port: {
   189            http: {
   190                name:     "http"
   191                port:     7080
   192                protocol: "TCP"
   193            }
   194        }
   195        label: {
   196            app:       "breaddispatcher"
   197            domain:    "prod"
   198            component: "frontend"
   199        }
   200        kubernetes: {}
   201    }
   202}
   203configMap: {}
   204kubernetes: {
   205    services: {
   206        breaddispatcher: {
   207            apiVersion: "v1"
   208            kind:       "Service"
   209            metadata: {
   210                name: "breaddispatcher"
   211                labels: {
   212                    app:       "breaddispatcher"
   213                    domain:    "prod"
   214                    component: "frontend"
   215                }
   216            }
   217            spec: {
   218                selector: {
   219                    app:       "breaddispatcher"
   220                    domain:    "prod"
   221                    component: "frontend"
   222                }
   223                ports: [{
   224                    name:     "http"
   225                    port:     7080
   226                    protocol: "TCP"
   227                }]
   228            }
   229        }
   230    }
   231    deployments: {
   232        breaddispatcher: {
   233            apiVersion: "extensions/v1beta1"
   234            kind:       "Deployment"
   235            metadata: {
   236                name: "breaddispatcher"
   237                labels: {
   238                    component: "frontend"
   239                }
   240            }
   241            spec: {
   242                template: {
   243                    metadata: {
   244                        labels: {
   245                            app:       "breaddispatcher"
   246                            domain:    "prod"
   247                            component: "frontend"
   248                        }
   249                        annotations: {
   250                            "prometheus.io.scrape": "true"
   251                            "prometheus.io.port":   "7080"
   252                        }
   253                    }
   254                    spec: {
   255                        containers: [{
   256                            name:  "breaddispatcher"
   257                            image: "gcr.io/myproj/breaddispatcher:v0.3.24"
   258                            args: ["-etcd=etcd:2379", "-event-server=events:7788"]
   259                            ports: [{
   260                                name:          "http"
   261                                containerPort: 7080
   262                            }]
   263                        }]
   264                    }
   265                }
   266                replicas: 1
   267            }
   268        }
   269    }
   270    statefulSets: {}
   271    daemonSets: {}
   272    configMaps: {}
   273}
   274deployment: {
   275    host: {
   276        name:     "host"
   277        kind:     "deployment"
   278        replicas: 2
   279        image:    "gcr.io/myproj/host:v0.1.10"
   280        expose: {
   281            port: {
   282                http: 7080
   283            }
   284        }
   285        port: {}
   286        arg: {}
   287        args: []
   288        env: {}
   289        label: {
   290            app:       "host"
   291            domain:    "prod"
   292            component: "frontend"
   293        }
   294        kubernetes: {
   295            spec: {
   296                template: {
   297                    metadata: {
   298                        annotations: {
   299                            "prometheus.io.scrape": "true"
   300                            "prometheus.io.port":   "7080"
   301                        }
   302                    }
   303                }
   304            }
   305        }
   306        envSpec: {}
   307        volume: {}
   308    }
   309}
   310service: {
   311    host: {
   312        name: "host"
   313        port: {
   314            http: {
   315                name:     "http"
   316                port:     7080
   317                protocol: "TCP"
   318            }
   319        }
   320        label: {
   321            app:       "host"
   322            domain:    "prod"
   323            component: "frontend"
   324        }
   325        kubernetes: {}
   326    }
   327}
   328configMap: {}
   329kubernetes: {
   330    services: {
   331        host: {
   332            apiVersion: "v1"
   333            kind:       "Service"
   334            metadata: {
   335                name: "host"
   336                labels: {
   337                    app:       "host"
   338                    domain:    "prod"
   339                    component: "frontend"
   340                }
   341            }
   342            spec: {
   343                selector: {
   344                    app:       "host"
   345                    domain:    "prod"
   346                    component: "frontend"
   347                }
   348                ports: [{
   349                    name:     "http"
   350                    port:     7080
   351                    protocol: "TCP"
   352                }]
   353            }
   354        }
   355    }
   356    deployments: {
   357        host: {
   358            apiVersion: "extensions/v1beta1"
   359            kind:       "Deployment"
   360            metadata: {
   361                name: "host"
   362                labels: {
   363                    component: "frontend"
   364                }
   365            }
   366            spec: {
   367                template: {
   368                    metadata: {
   369                        labels: {
   370                            app:       "host"
   371                            domain:    "prod"
   372                            component: "frontend"
   373                        }
   374                        annotations: {
   375                            "prometheus.io.scrape": "true"
   376                            "prometheus.io.port":   "7080"
   377                        }
   378                    }
   379                    spec: {
   380                        containers: [{
   381                            name:  "host"
   382                            image: "gcr.io/myproj/host:v0.1.10"
   383                            args: []
   384                            ports: [{
   385                                name:          "http"
   386                                containerPort: 7080
   387                            }]
   388                        }]
   389                    }
   390                }
   391                replicas: 2
   392            }
   393        }
   394    }
   395    statefulSets: {}
   396    daemonSets: {}
   397    configMaps: {}
   398}
   399deployment: {
   400    maitred: {
   401        name:     "maitred"
   402        kind:     "deployment"
   403        replicas: 1
   404        image:    "gcr.io/myproj/maitred:v0.0.4"
   405        expose: {
   406            port: {
   407                http: 7080
   408            }
   409        }
   410        port: {}
   411        arg: {}
   412        args: []
   413        env: {}
   414        label: {
   415            app:       "maitred"
   416            domain:    "prod"
   417            component: "frontend"
   418        }
   419        kubernetes: {
   420            spec: {
   421                template: {
   422                    metadata: {
   423                        annotations: {
   424                            "prometheus.io.scrape": "true"
   425                            "prometheus.io.port":   "7080"
   426                        }
   427                    }
   428                }
   429            }
   430        }
   431        envSpec: {}
   432        volume: {}
   433    }
   434}
   435service: {
   436    maitred: {
   437        name: "maitred"
   438        port: {
   439            http: {
   440                name:     "http"
   441                port:     7080
   442                protocol: "TCP"
   443            }
   444        }
   445        label: {
   446            app:       "maitred"
   447            domain:    "prod"
   448            component: "frontend"
   449        }
   450        kubernetes: {}
   451    }
   452}
   453configMap: {}
   454kubernetes: {
   455    services: {
   456        maitred: {
   457            apiVersion: "v1"
   458            kind:       "Service"
   459            metadata: {
   460                name: "maitred"
   461                labels: {
   462                    app:       "maitred"
   463                    domain:    "prod"
   464                    component: "frontend"
   465                }
   466            }
   467            spec: {
   468                selector: {
   469                    app:       "maitred"
   470                    domain:    "prod"
   471                    component: "frontend"
   472                }
   473                ports: [{
   474                    name:     "http"
   475                    port:     7080
   476                    protocol: "TCP"
   477                }]
   478            }
   479        }
   480    }
   481    deployments: {
   482        maitred: {
   483            apiVersion: "extensions/v1beta1"
   484            kind:       "Deployment"
   485            metadata: {
   486                name: "maitred"
   487                labels: {
   488                    component: "frontend"
   489                }
   490            }
   491            spec: {
   492                template: {
   493                    metadata: {
   494                        labels: {
   495                            app:       "maitred"
   496                            domain:    "prod"
   497                            component: "frontend"
   498                        }
   499                        annotations: {
   500                            "prometheus.io.scrape": "true"
   501                            "prometheus.io.port":   "7080"
   502                        }
   503                    }
   504                    spec: {
   505                        containers: [{
   506                            name:  "maitred"
   507                            image: "gcr.io/myproj/maitred:v0.0.4"
   508                            args: []
   509                            ports: [{
   510                                name:          "http"
   511                                containerPort: 7080
   512                            }]
   513                        }]
   514                    }
   515                }
   516                replicas: 1
   517            }
   518        }
   519    }
   520    statefulSets: {}
   521    daemonSets: {}
   522    configMaps: {}
   523}
   524deployment: {
   525    valeter: {
   526        name:     "valeter"
   527        kind:     "deployment"
   528        replicas: 1
   529        image:    "gcr.io/myproj/valeter:v0.0.4"
   530        arg: {
   531            http: ":8080"
   532            etcd: "etcd:2379"
   533        }
   534        expose: {
   535            port: {
   536                http: 8080
   537            }
   538        }
   539        port: {}
   540        args: ["-http=:8080", "-etcd=etcd:2379"]
   541        env: {}
   542        label: {
   543            app:       "valeter"
   544            domain:    "prod"
   545            component: "frontend"
   546        }
   547        kubernetes: {
   548            spec: {
   549                template: {
   550                    metadata: {
   551                        annotations: {
   552                            "prometheus.io.scrape": "true"
   553                            "prometheus.io.port":   "8080"
   554                        }
   555                    }
   556                }
   557            }
   558        }
   559        envSpec: {}
   560        volume: {}
   561    }
   562}
   563service: {
   564    valeter: {
   565        name: "valeter"
   566        port: {
   567            http: {
   568                name:     "http"
   569                port:     8080
   570                protocol: "TCP"
   571            }
   572        }
   573        label: {
   574            app:       "valeter"
   575            domain:    "prod"
   576            component: "frontend"
   577        }
   578        kubernetes: {}
   579    }
   580}
   581configMap: {}
   582kubernetes: {
   583    services: {
   584        valeter: {
   585            apiVersion: "v1"
   586            kind:       "Service"
   587            metadata: {
   588                name: "valeter"
   589                labels: {
   590                    app:       "valeter"
   591                    domain:    "prod"
   592                    component: "frontend"
   593                }
   594            }
   595            spec: {
   596                selector: {
   597                    app:       "valeter"
   598                    domain:    "prod"
   599                    component: "frontend"
   600                }
   601                ports: [{
   602                    name:     "http"
   603                    port:     8080
   604                    protocol: "TCP"
   605                }]
   606            }
   607        }
   608    }
   609    deployments: {
   610        valeter: {
   611            apiVersion: "extensions/v1beta1"
   612            kind:       "Deployment"
   613            metadata: {
   614                name: "valeter"
   615                labels: {
   616                    component: "frontend"
   617                }
   618            }
   619            spec: {
   620                template: {
   621                    metadata: {
   622                        labels: {
   623                            app:       "valeter"
   624                            domain:    "prod"
   625                            component: "frontend"
   626                        }
   627                        annotations: {
   628                            "prometheus.io.scrape": "true"
   629                            "prometheus.io.port":   "8080"
   630                        }
   631                    }
   632                    spec: {
   633                        containers: [{
   634                            name:  "valeter"
   635                            image: "gcr.io/myproj/valeter:v0.0.4"
   636                            args: ["-http=:8080", "-etcd=etcd:2379"]
   637                            ports: [{
   638                                name:          "http"
   639                                containerPort: 8080
   640                            }]
   641                        }]
   642                    }
   643                }
   644                replicas: 1
   645            }
   646        }
   647    }
   648    statefulSets: {}
   649    daemonSets: {}
   650    configMaps: {}
   651}
   652deployment: {
   653    waiter: {
   654        name:     "waiter"
   655        kind:     "deployment"
   656        image:    "gcr.io/myproj/waiter:v0.3.0"
   657        replicas: 5
   658        expose: {
   659            port: {
   660                http: 7080
   661            }
   662        }
   663        port: {}
   664        arg: {}
   665        args: []
   666        env: {}
   667        label: {
   668            app:       "waiter"
   669            domain:    "prod"
   670            component: "frontend"
   671        }
   672        kubernetes: {
   673            spec: {
   674                template: {
   675                    metadata: {
   676                        annotations: {
   677                            "prometheus.io.scrape": "true"
   678                            "prometheus.io.port":   "7080"
   679                        }
   680                    }
   681                }
   682            }
   683        }
   684        envSpec: {}
   685        volume: {}
   686    }
   687}
   688service: {
   689    waiter: {
   690        name: "waiter"
   691        port: {
   692            http: {
   693                name:     "http"
   694                port:     7080
   695                protocol: "TCP"
   696            }
   697        }
   698        label: {
   699            app:       "waiter"
   700            domain:    "prod"
   701            component: "frontend"
   702        }
   703        kubernetes: {}
   704    }
   705}
   706configMap: {}
   707kubernetes: {
   708    services: {
   709        waiter: {
   710            apiVersion: "v1"
   711            kind:       "Service"
   712            metadata: {
   713                name: "waiter"
   714                labels: {
   715                    app:       "waiter"
   716                    domain:    "prod"
   717                    component: "frontend"
   718                }
   719            }
   720            spec: {
   721                selector: {
   722                    app:       "waiter"
   723                    domain:    "prod"
   724                    component: "frontend"
   725                }
   726                ports: [{
   727                    name:     "http"
   728                    port:     7080
   729                    protocol: "TCP"
   730                }]
   731            }
   732        }
   733    }
   734    deployments: {
   735        waiter: {
   736            apiVersion: "extensions/v1beta1"
   737            kind:       "Deployment"
   738            metadata: {
   739                name: "waiter"
   740                labels: {
   741                    component: "frontend"
   742                }
   743            }
   744            spec: {
   745                template: {
   746                    metadata: {
   747                        labels: {
   748                            app:       "waiter"
   749                            domain:    "prod"
   750                            component: "frontend"
   751                        }
   752                        annotations: {
   753                            "prometheus.io.scrape": "true"
   754                            "prometheus.io.port":   "7080"
   755                        }
   756                    }
   757                    spec: {
   758                        containers: [{
   759                            name:  "waiter"
   760                            image: "gcr.io/myproj/waiter:v0.3.0"
   761                            args: []
   762                            ports: [{
   763                                name:          "http"
   764                                containerPort: 7080
   765                            }]
   766                        }]
   767                    }
   768                }
   769                replicas: 5
   770            }
   771        }
   772    }
   773    statefulSets: {}
   774    daemonSets: {}
   775    configMaps: {}
   776}
   777deployment: {
   778    waterdispatcher: {
   779        name:     "waterdispatcher"
   780        kind:     "deployment"
   781        replicas: 1
   782        image:    "gcr.io/myproj/waterdispatcher:v0.0.48"
   783        expose: {
   784            port: {
   785                http: 7080
   786            }
   787        }
   788        port: {}
   789        arg: {
   790            http: ":8080"
   791            etcd: "etcd:2379"
   792        }
   793        args: ["-http=:8080", "-etcd=etcd:2379"]
   794        env: {}
   795        label: {
   796            app:       "waterdispatcher"
   797            domain:    "prod"
   798            component: "frontend"
   799        }
   800        kubernetes: {
   801            spec: {
   802                template: {
   803                    metadata: {
   804                        annotations: {
   805                            "prometheus.io.scrape": "true"
   806                            "prometheus.io.port":   "7080"
   807                        }
   808                    }
   809                }
   810            }
   811        }
   812        envSpec: {}
   813        volume: {}
   814    }
   815}
   816service: {
   817    waterdispatcher: {
   818        name: "waterdispatcher"
   819        port: {
   820            http: {
   821                name:     "http"
   822                port:     7080
   823                protocol: "TCP"
   824            }
   825        }
   826        label: {
   827            app:       "waterdispatcher"
   828            domain:    "prod"
   829            component: "frontend"
   830        }
   831        kubernetes: {}
   832    }
   833}
   834configMap: {}
   835kubernetes: {
   836    services: {
   837        waterdispatcher: {
   838            apiVersion: "v1"
   839            kind:       "Service"
   840            metadata: {
   841                name: "waterdispatcher"
   842                labels: {
   843                    app:       "waterdispatcher"
   844                    domain:    "prod"
   845                    component: "frontend"
   846                }
   847            }
   848            spec: {
   849                selector: {
   850                    app:       "waterdispatcher"
   851                    domain:    "prod"
   852                    component: "frontend"
   853                }
   854                ports: [{
   855                    name:     "http"
   856                    port:     7080
   857                    protocol: "TCP"
   858                }]
   859            }
   860        }
   861    }
   862    deployments: {
   863        waterdispatcher: {
   864            apiVersion: "extensions/v1beta1"
   865            kind:       "Deployment"
   866            metadata: {
   867                name: "waterdispatcher"
   868                labels: {
   869                    component: "frontend"
   870                }
   871            }
   872            spec: {
   873                template: {
   874                    metadata: {
   875                        labels: {
   876                            app:       "waterdispatcher"
   877                            domain:    "prod"
   878                            component: "frontend"
   879                        }
   880                        annotations: {
   881                            "prometheus.io.scrape": "true"
   882                            "prometheus.io.port":   "7080"
   883                        }
   884                    }
   885                    spec: {
   886                        containers: [{
   887                            name:  "waterdispatcher"
   888                            image: "gcr.io/myproj/waterdispatcher:v0.0.48"
   889                            args: ["-http=:8080", "-etcd=etcd:2379"]
   890                            ports: [{
   891                                name:          "http"
   892                                containerPort: 7080
   893                            }]
   894                        }]
   895                    }
   896                }
   897                replicas: 1
   898            }
   899        }
   900    }
   901    statefulSets: {}
   902    daemonSets: {}
   903    configMaps: {}
   904}
   905deployment: {}
   906service: {}
   907configMap: {}
   908kubernetes: {
   909    services: {}
   910    deployments: {}
   911    statefulSets: {}
   912    daemonSets: {}
   913    configMaps: {}
   914}
   915deployment: {
   916    download: {
   917        name:     "download"
   918        kind:     "deployment"
   919        replicas: 1
   920        image:    "gcr.io/myproj/download:v0.0.2"
   921        expose: {
   922            port: {
   923                client: 7080
   924            }
   925        }
   926        port: {}
   927        arg: {}
   928        args: []
   929        env: {}
   930        label: {
   931            app:       "download"
   932            domain:    "prod"
   933            component: "infra"
   934        }
   935        kubernetes: {}
   936        envSpec: {}
   937        volume: {}
   938    }
   939}
   940service: {
   941    download: {
   942        name: "download"
   943        port: {
   944            client: {
   945                name:     "client"
   946                port:     7080
   947                protocol: "TCP"
   948            }
   949        }
   950        label: {
   951            app:       "download"
   952            domain:    "prod"
   953            component: "infra"
   954        }
   955        kubernetes: {}
   956    }
   957}
   958configMap: {}
   959kubernetes: {
   960    services: {
   961        download: {
   962            apiVersion: "v1"
   963            kind:       "Service"
   964            metadata: {
   965                name: "download"
   966                labels: {
   967                    app:       "download"
   968                    domain:    "prod"
   969                    component: "infra"
   970                }
   971            }
   972            spec: {
   973                selector: {
   974                    app:       "download"
   975                    domain:    "prod"
   976                    component: "infra"
   977                }
   978                ports: [{
   979                    name:     "client"
   980                    port:     7080
   981                    protocol: "TCP"
   982                }]
   983            }
   984        }
   985    }
   986    deployments: {
   987        download: {
   988            apiVersion: "extensions/v1beta1"
   989            kind:       "Deployment"
   990            metadata: {
   991                name: "download"
   992                labels: {
   993                    component: "infra"
   994                }
   995            }
   996            spec: {
   997                template: {
   998                    metadata: {
   999                        labels: {
  1000                            app:       "download"
  1001                            domain:    "prod"
  1002                            component: "infra"
  1003                        }
  1004                    }
  1005                    spec: {
  1006                        containers: [{
  1007                            name:  "download"
  1008                            image: "gcr.io/myproj/download:v0.0.2"
  1009                            args: []
  1010                            ports: [{
  1011                                name:          "client"
  1012                                containerPort: 7080
  1013                            }]
  1014                        }]
  1015                    }
  1016                }
  1017                replicas: 1
  1018            }
  1019        }
  1020    }
  1021    statefulSets: {}
  1022    daemonSets: {}
  1023    configMaps: {}
  1024}
  1025deployment: {
  1026    etcd: {
  1027        name:     "etcd"
  1028        kind:     "stateful"
  1029        replicas: 3
  1030        image:    "quay.io/coreos/etcd:v3.3.10"
  1031        kubernetes: {
  1032            spec: {
  1033                volumeClaimTemplates: [{
  1034                    metadata: {
  1035                        name: "etcd3"
  1036                        annotations: {
  1037                            "volume.alpha.kubernetes.io/storage-class": "default"
  1038                        }
  1039                    }
  1040                    spec: {
  1041                        accessModes: ["ReadWriteOnce"]
  1042                        resources: {
  1043                            requests: {
  1044                                storage: "10Gi"
  1045                            }
  1046                        }
  1047                    }
  1048                }]
  1049                serviceName: "etcd"
  1050                template: {
  1051                    spec: {
  1052                        containers: [{
  1053                            command: ["/usr/local/bin/etcd"]
  1054                            volumeMounts: [{
  1055                                name:      "etcd3"
  1056                                mountPath: "/data"
  1057                            }]
  1058                            livenessProbe: {
  1059                                httpGet: {
  1060                                    path: "/health"
  1061                                    port: "client"
  1062                                }
  1063                                initialDelaySeconds: 30
  1064                            }
  1065                        }]
  1066                        affinity: {
  1067                            podAntiAffinity: {
  1068                                requiredDuringSchedulingIgnoredDuringExecution: [{
  1069                                    labelSelector: {
  1070                                        matchExpressions: [{
  1071                                            key:      "app"
  1072                                            operator: "In"
  1073                                            values: ["etcd"]
  1074                                        }]
  1075                                    }
  1076                                    topologyKey: "kubernetes.io/hostname"
  1077                                }]
  1078                            }
  1079                        }
  1080                        terminationGracePeriodSeconds: 10
  1081                    }
  1082                    metadata: {
  1083                        annotations: {
  1084                            "prometheus.io.port":   "2379"
  1085                            "prometheus.io.scrape": "true"
  1086                        }
  1087                    }
  1088                }
  1089            }
  1090        }
  1091        arg: {
  1092            name:                          "$(NAME)"
  1093            "data-dir":                    "/data/etcd3"
  1094            "initial-advertise-peer-urls": "http://$(IP):2380"
  1095            "listen-peer-urls":            "http://$(IP):2380"
  1096            "listen-client-urls":          "http://$(IP):2379,http://127.0.0.1:2379"
  1097            "advertise-client-urls":       "http://$(IP):2379"
  1098            discovery:                     "https://discovery.etcd.io/xxxxxx"
  1099        }
  1100        env: {
  1101            ETCDCTL_API:                    "3"
  1102            ETCD_AUTO_COMPACTION_RETENTION: "4"
  1103        }
  1104        envSpec: {
  1105            NAME: {
  1106                valueFrom: {
  1107                    fieldRef: {
  1108                        fieldPath: "metadata.name"
  1109                    }
  1110                }
  1111            }
  1112            IP: {
  1113                valueFrom: {
  1114                    fieldRef: {
  1115                        fieldPath: "status.podIP"
  1116                    }
  1117                }
  1118            }
  1119            ETCDCTL_API: {
  1120                value: "3"
  1121            }
  1122            ETCD_AUTO_COMPACTION_RETENTION: {
  1123                value: "4"
  1124            }
  1125        }
  1126        expose: {
  1127            port: {
  1128                client: 2379
  1129                peer:   2380
  1130            }
  1131        }
  1132        port: {}
  1133        args: ["-name=$(NAME)", "-data-dir=/data/etcd3", "-initial-advertise-peer-urls=http://$(IP):2380", "-listen-peer-urls=http://$(IP):2380", "-listen-client-urls=http://$(IP):2379,http://127.0.0.1:2379", "-advertise-client-urls=http://$(IP):2379", "-discovery=https://discovery.etcd.io/xxxxxx"]
  1134        label: {
  1135            app:       "etcd"
  1136            domain:    "prod"
  1137            component: "infra"
  1138        }
  1139        volume: {}
  1140    }
  1141}
  1142service: {
  1143    etcd: {
  1144        name: "etcd"
  1145        port: {
  1146            client: {
  1147                name:     "client"
  1148                port:     2379
  1149                protocol: "TCP"
  1150            }
  1151            peer: {
  1152                name:     "peer"
  1153                port:     2380
  1154                protocol: "TCP"
  1155            }
  1156        }
  1157        kubernetes: {
  1158            spec: {
  1159                clusterIP: "None"
  1160            }
  1161        }
  1162        label: {
  1163            app:       "etcd"
  1164            domain:    "prod"
  1165            component: "infra"
  1166        }
  1167    }
  1168}
  1169configMap: {}
  1170kubernetes: {
  1171    services: {
  1172        etcd: {
  1173            apiVersion: "v1"
  1174            kind:       "Service"
  1175            spec: {
  1176                clusterIP: "None"
  1177                selector: {
  1178                    app:       "etcd"
  1179                    domain:    "prod"
  1180                    component: "infra"
  1181                }
  1182                ports: [{
  1183                    name:     "client"
  1184                    port:     2379
  1185                    protocol: "TCP"
  1186                }, {
  1187                    name:     "peer"
  1188                    port:     2380
  1189                    protocol: "TCP"
  1190                }]
  1191            }
  1192            metadata: {
  1193                name: "etcd"
  1194                labels: {
  1195                    app:       "etcd"
  1196                    domain:    "prod"
  1197                    component: "infra"
  1198                }
  1199            }
  1200        }
  1201    }
  1202    deployments: {}
  1203    statefulSets: {
  1204        etcd: {
  1205            apiVersion: "apps/v1beta1"
  1206            kind:       "StatefulSet"
  1207            metadata: {
  1208                name: "etcd"
  1209                labels: {
  1210                    component: "infra"
  1211                }
  1212            }
  1213            spec: {
  1214                volumeClaimTemplates: [{
  1215                    metadata: {
  1216                        name: "etcd3"
  1217                        annotations: {
  1218                            "volume.alpha.kubernetes.io/storage-class": "default"
  1219                        }
  1220                    }
  1221                    spec: {
  1222                        accessModes: ["ReadWriteOnce"]
  1223                        resources: {
  1224                            requests: {
  1225                                storage: "10Gi"
  1226                            }
  1227                        }
  1228                    }
  1229                }]
  1230                serviceName: "etcd"
  1231                replicas:    3
  1232                template: {
  1233                    metadata: {
  1234                        labels: {
  1235                            app:       "etcd"
  1236                            domain:    "prod"
  1237                            component: "infra"
  1238                        }
  1239                        annotations: {
  1240                            "prometheus.io.port":   "2379"
  1241                            "prometheus.io.scrape": "true"
  1242                        }
  1243                    }
  1244                    spec: {
  1245                        containers: [{
  1246                            name:  "etcd"
  1247                            image: "quay.io/coreos/etcd:v3.3.10"
  1248                            args: ["-name=$(NAME)", "-data-dir=/data/etcd3", "-initial-advertise-peer-urls=http://$(IP):2380", "-listen-peer-urls=http://$(IP):2380", "-listen-client-urls=http://$(IP):2379,http://127.0.0.1:2379", "-advertise-client-urls=http://$(IP):2379", "-discovery=https://discovery.etcd.io/xxxxxx"]
  1249                            env: [{
  1250                                name: "NAME"
  1251                                valueFrom: {
  1252                                    fieldRef: {
  1253                                        fieldPath: "metadata.name"
  1254                                    }
  1255                                }
  1256                            }, {
  1257                                name: "IP"
  1258                                valueFrom: {
  1259                                    fieldRef: {
  1260                                        fieldPath: "status.podIP"
  1261                                    }
  1262                                }
  1263                            }, {
  1264                                name:  "ETCDCTL_API"
  1265                                value: "3"
  1266                            }, {
  1267                                name:  "ETCD_AUTO_COMPACTION_RETENTION"
  1268                                value: "4"
  1269                            }]
  1270                            command: ["/usr/local/bin/etcd"]
  1271                            volumeMounts: [{
  1272                                name:      "etcd3"
  1273                                mountPath: "/data"
  1274                            }]
  1275                            ports: [{
  1276                                name:          "client"
  1277                                containerPort: 2379
  1278                            }, {
  1279                                name:          "peer"
  1280                                containerPort: 2380
  1281                            }]
  1282                            livenessProbe: {
  1283                                httpGet: {
  1284                                    path: "/health"
  1285                                    port: "client"
  1286                                }
  1287                                initialDelaySeconds: 30
  1288                            }
  1289                        }]
  1290                        affinity: {
  1291                            podAntiAffinity: {
  1292                                requiredDuringSchedulingIgnoredDuringExecution: [{
  1293                                    labelSelector: {
  1294                                        matchExpressions: [{
  1295                                            key:      "app"
  1296                                            operator: "In"
  1297                                            values: ["etcd"]
  1298                                        }]
  1299                                    }
  1300                                    topologyKey: "kubernetes.io/hostname"
  1301                                }]
  1302                            }
  1303                        }
  1304                        terminationGracePeriodSeconds: 10
  1305                    }
  1306                }
  1307            }
  1308        }
  1309    }
  1310    daemonSets: {}
  1311    configMaps: {}
  1312}
  1313deployment: {
  1314    events: {
  1315        name:     "events"
  1316        kind:     "deployment"
  1317        replicas: 2
  1318        image:    "gcr.io/myproj/events:v0.1.31"
  1319        arg: {
  1320            cert: "/etc/ssl/server.pem"
  1321            key:  "/etc/ssl/server.key"
  1322            grpc: ":7788"
  1323        }
  1324        port: {
  1325            http: 7080
  1326        }
  1327        expose: {
  1328            port: {
  1329                grpc: 7788
  1330            }
  1331        }
  1332        args: ["-cert=/etc/ssl/server.pem", "-key=/etc/ssl/server.key", "-grpc=:7788"]
  1333        env: {}
  1334        volume: {
  1335            "secret-volume": {
  1336                name:      "secret-volume"
  1337                mountPath: "/etc/ssl"
  1338                subPath:   null
  1339                readOnly:  false
  1340                spec: {
  1341                    secret: {
  1342                        secretName: "biz-secrets"
  1343                    }
  1344                }
  1345                kubernetes: {}
  1346            }
  1347        }
  1348        kubernetes: {
  1349            spec: {
  1350                template: {
  1351                    metadata: {
  1352                        annotations: {
  1353                            "prometheus.io.port":   "7080"
  1354                            "prometheus.io.scrape": "true"
  1355                        }
  1356                    }
  1357                    spec: {
  1358                        affinity: {
  1359                            podAntiAffinity: {
  1360                                requiredDuringSchedulingIgnoredDuringExecution: [{
  1361                                    labelSelector: {
  1362                                        matchExpressions: [{
  1363                                            key:      "app"
  1364                                            operator: "In"
  1365                                            values: ["events"]
  1366                                        }]
  1367                                    }
  1368                                    topologyKey: "kubernetes.io/hostname"
  1369                                }]
  1370                            }
  1371                        }
  1372                    }
  1373                }
  1374            }
  1375        }
  1376        label: {
  1377            app:       "events"
  1378            domain:    "prod"
  1379            component: "infra"
  1380        }
  1381        envSpec: {}
  1382    }
  1383}
  1384service: {
  1385    events: {
  1386        name: "events"
  1387        port: {
  1388            grpc: {
  1389                name:     "grpc"
  1390                port:     7788
  1391                protocol: "TCP"
  1392            }
  1393        }
  1394        label: {
  1395            app:       "events"
  1396            domain:    "prod"
  1397            component: "infra"
  1398        }
  1399        kubernetes: {}
  1400    }
  1401}
  1402configMap: {}
  1403kubernetes: {
  1404    services: {
  1405        events: {
  1406            apiVersion: "v1"
  1407            kind:       "Service"
  1408            metadata: {
  1409                name: "events"
  1410                labels: {
  1411                    app:       "events"
  1412                    domain:    "prod"
  1413                    component: "infra"
  1414                }
  1415            }
  1416            spec: {
  1417                selector: {
  1418                    app:       "events"
  1419                    domain:    "prod"
  1420                    component: "infra"
  1421                }
  1422                ports: [{
  1423                    name:     "grpc"
  1424                    port:     7788
  1425                    protocol: "TCP"
  1426                }]
  1427            }
  1428        }
  1429    }
  1430    deployments: {
  1431        events: {
  1432            apiVersion: "extensions/v1beta1"
  1433            kind:       "Deployment"
  1434            metadata: {
  1435                name: "events"
  1436                labels: {
  1437                    component: "infra"
  1438                }
  1439            }
  1440            spec: {
  1441                template: {
  1442                    metadata: {
  1443                        labels: {
  1444                            app:       "events"
  1445                            domain:    "prod"
  1446                            component: "infra"
  1447                        }
  1448                        annotations: {
  1449                            "prometheus.io.port":   "7080"
  1450                            "prometheus.io.scrape": "true"
  1451                        }
  1452                    }
  1453                    spec: {
  1454                        containers: [{
  1455                            name:  "events"
  1456                            image: "gcr.io/myproj/events:v0.1.31"
  1457                            args: ["-cert=/etc/ssl/server.pem", "-key=/etc/ssl/server.key", "-grpc=:7788"]
  1458                            volumeMounts: [{
  1459                                name:      "secret-volume"
  1460                                mountPath: "/etc/ssl"
  1461                            }]
  1462                            ports: [{
  1463                                name:          "grpc"
  1464                                containerPort: 7788
  1465                            }, {
  1466                                name:          "http"
  1467                                containerPort: 7080
  1468                            }]
  1469                        }]
  1470                        volumes: [{
  1471                            name: "secret-volume"
  1472                        }]
  1473                        affinity: {
  1474                            podAntiAffinity: {
  1475                                requiredDuringSchedulingIgnoredDuringExecution: [{
  1476                                    labelSelector: {
  1477                                        matchExpressions: [{
  1478                                            key:      "app"
  1479                                            operator: "In"
  1480                                            values: ["events"]
  1481                                        }]
  1482                                    }
  1483                                    topologyKey: "kubernetes.io/hostname"
  1484                                }]
  1485                            }
  1486                        }
  1487                    }
  1488                }
  1489                replicas: 2
  1490            }
  1491        }
  1492    }
  1493    statefulSets: {}
  1494    daemonSets: {}
  1495    configMaps: {}
  1496}
  1497deployment: {
  1498    tasks: {
  1499        name:     "tasks"
  1500        kind:     "deployment"
  1501        replicas: 1
  1502        image:    "gcr.io/myproj/tasks:v0.2.6"
  1503        port: {
  1504            http: 7080
  1505        }
  1506        expose: {
  1507            port: {
  1508                https: 7443
  1509            }
  1510        }
  1511        arg: {}
  1512        args: []
  1513        env: {}
  1514        volume: {
  1515            "secret-volume": {
  1516                name:      "secret-volume"
  1517                mountPath: "/etc/ssl"
  1518                subPath:   null
  1519                readOnly:  false
  1520                spec: {
  1521                    secret: {
  1522                        secretName: "star-example-com-secrets"
  1523                    }
  1524                }
  1525                kubernetes: {}
  1526            }
  1527        }
  1528        kubernetes: {
  1529            spec: {
  1530                template: {
  1531                    metadata: {
  1532                        annotations: {
  1533                            "prometheus.io.port":   "7080"
  1534                            "prometheus.io.scrape": "true"
  1535                        }
  1536                    }
  1537                }
  1538            }
  1539        }
  1540        label: {
  1541            app:       "tasks"
  1542            domain:    "prod"
  1543            component: "infra"
  1544        }
  1545        envSpec: {}
  1546    }
  1547}
  1548service: {
  1549    tasks: {
  1550        name: "tasks"
  1551        port: {
  1552            https: {
  1553                name:       "https"
  1554                port:       443
  1555                targetPort: 7443
  1556                protocol:   "TCP"
  1557            }
  1558        }
  1559        kubernetes: {
  1560            spec: {
  1561                type:           "LoadBalancer"
  1562                loadBalancerIP: "1.2.3.4"
  1563            }
  1564        }
  1565        label: {
  1566            app:       "tasks"
  1567            domain:    "prod"
  1568            component: "infra"
  1569        }
  1570    }
  1571}
  1572configMap: {}
  1573kubernetes: {
  1574    services: {
  1575        tasks: {
  1576            apiVersion: "v1"
  1577            kind:       "Service"
  1578            spec: {
  1579                type: "LoadBalancer"
  1580                selector: {
  1581                    app:       "tasks"
  1582                    domain:    "prod"
  1583                    component: "infra"
  1584                }
  1585                ports: [{
  1586                    name:       "https"
  1587                    port:       443
  1588                    targetPort: 7443
  1589                    protocol:   "TCP"
  1590                }]
  1591                loadBalancerIP: "1.2.3.4"
  1592            }
  1593            metadata: {
  1594                name: "tasks"
  1595                labels: {
  1596                    app:       "tasks"
  1597                    domain:    "prod"
  1598                    component: "infra"
  1599                }
  1600            }
  1601        }
  1602    }
  1603    deployments: {
  1604        tasks: {
  1605            apiVersion: "extensions/v1beta1"
  1606            kind:       "Deployment"
  1607            metadata: {
  1608                name: "tasks"
  1609                labels: {
  1610                    component: "infra"
  1611                }
  1612            }
  1613            spec: {
  1614                template: {
  1615                    metadata: {
  1616                        labels: {
  1617                            app:       "tasks"
  1618                            domain:    "prod"
  1619                            component: "infra"
  1620                        }
  1621                        annotations: {
  1622                            "prometheus.io.port":   "7080"
  1623                            "prometheus.io.scrape": "true"
  1624                        }
  1625                    }
  1626                    spec: {
  1627                        containers: [{
  1628                            name:  "tasks"
  1629                            image: "gcr.io/myproj/tasks:v0.2.6"
  1630                            args: []
  1631                            volumeMounts: [{
  1632                                name:      "secret-volume"
  1633                                mountPath: "/etc/ssl"
  1634                            }]
  1635                            ports: [{
  1636                                name:          "https"
  1637                                containerPort: 7443
  1638                            }, {
  1639                                name:          "http"
  1640                                containerPort: 7080
  1641                            }]
  1642                        }]
  1643                        volumes: [{
  1644                            name: "secret-volume"
  1645                        }]
  1646                    }
  1647                }
  1648                replicas: 1
  1649            }
  1650        }
  1651    }
  1652    statefulSets: {}
  1653    daemonSets: {}
  1654    configMaps: {}
  1655}
  1656deployment: {
  1657    updater: {
  1658        name:     "updater"
  1659        kind:     "deployment"
  1660        replicas: 1
  1661        image:    "gcr.io/myproj/updater:v0.1.0"
  1662        args: ["-key=/etc/certs/updater.pem"]
  1663        expose: {
  1664            port: {
  1665                http: 8080
  1666            }
  1667        }
  1668        port: {}
  1669        arg: {}
  1670        env: {}
  1671        volume: {
  1672            "secret-updater": {
  1673                name:      "secret-updater"
  1674                mountPath: "/etc/certs"
  1675                subPath:   null
  1676                readOnly:  false
  1677                spec: {
  1678                    secret: {
  1679                        secretName: "updater-secrets"
  1680                    }
  1681                }
  1682                kubernetes: {}
  1683            }
  1684        }
  1685        label: {
  1686            app:       "updater"
  1687            domain:    "prod"
  1688            component: "infra"
  1689        }
  1690        kubernetes: {}
  1691        envSpec: {}
  1692    }
  1693}
  1694service: {
  1695    updater: {
  1696        name: "updater"
  1697        port: {
  1698            http: {
  1699                name:     "http"
  1700                port:     8080
  1701                protocol: "TCP"
  1702            }
  1703        }
  1704        label: {
  1705            app:       "updater"
  1706            domain:    "prod"
  1707            component: "infra"
  1708        }
  1709        kubernetes: {}
  1710    }
  1711}
  1712configMap: {}
  1713kubernetes: {
  1714    services: {
  1715        updater: {
  1716            apiVersion: "v1"
  1717            kind:       "Service"
  1718            metadata: {
  1719                name: "updater"
  1720                labels: {
  1721                    app:       "updater"
  1722                    domain:    "prod"
  1723                    component: "infra"
  1724                }
  1725            }
  1726            spec: {
  1727                selector: {
  1728                    app:       "updater"
  1729                    domain:    "prod"
  1730                    component: "infra"
  1731                }
  1732                ports: [{
  1733                    name:     "http"
  1734                    port:     8080
  1735                    protocol: "TCP"
  1736                }]
  1737            }
  1738        }
  1739    }
  1740    deployments: {
  1741        updater: {
  1742            apiVersion: "extensions/v1beta1"
  1743            kind:       "Deployment"
  1744            metadata: {
  1745                name: "updater"
  1746                labels: {
  1747                    component: "infra"
  1748                }
  1749            }
  1750            spec: {
  1751                template: {
  1752                    metadata: {
  1753                        labels: {
  1754                            app:       "updater"
  1755                            domain:    "prod"
  1756                            component: "infra"
  1757                        }
  1758                    }
  1759                    spec: {
  1760                        containers: [{
  1761                            name:  "updater"
  1762                            image: "gcr.io/myproj/updater:v0.1.0"
  1763                            args: ["-key=/etc/certs/updater.pem"]
  1764                            volumeMounts: [{
  1765                                name:      "secret-updater"
  1766                                mountPath: "/etc/certs"
  1767                            }]
  1768                            ports: [{
  1769                                name:          "http"
  1770                                containerPort: 8080
  1771                            }]
  1772                        }]
  1773                        volumes: [{
  1774                            name: "secret-updater"
  1775                        }]
  1776                    }
  1777                }
  1778                replicas: 1
  1779            }
  1780        }
  1781    }
  1782    statefulSets: {}
  1783    daemonSets: {}
  1784    configMaps: {}
  1785}
  1786deployment: {
  1787    watcher: {
  1788        name:     "watcher"
  1789        kind:     "deployment"
  1790        replicas: 1
  1791        image:    "gcr.io/myproj/watcher:v0.1.0"
  1792        volume: {
  1793            "secret-volume": {
  1794                name:      "secret-volume"
  1795                mountPath: "/etc/ssl"
  1796                subPath:   null
  1797                readOnly:  false
  1798                spec: {
  1799                    secret: {
  1800                        secretName: "star-example-com-secrets"
  1801                    }
  1802                }
  1803                kubernetes: {}
  1804            }
  1805        }
  1806        port: {
  1807            http: 7080
  1808        }
  1809        expose: {
  1810            port: {
  1811                https: 7788
  1812            }
  1813        }
  1814        arg: {}
  1815        args: []
  1816        env: {}
  1817        label: {
  1818            app:       "watcher"
  1819            domain:    "prod"
  1820            component: "infra"
  1821        }
  1822        kubernetes: {}
  1823        envSpec: {}
  1824    }
  1825}
  1826service: {
  1827    watcher: {
  1828        name: "watcher"
  1829        port: {
  1830            https: {
  1831                name:     "https"
  1832                port:     7788
  1833                protocol: "TCP"
  1834            }
  1835        }
  1836        kubernetes: {
  1837            spec: {
  1838                type:           "LoadBalancer"
  1839                loadBalancerIP: "1.2.3.4"
  1840            }
  1841        }
  1842        ports: {
  1843            https: {
  1844                port:       7788
  1845                targetPort: 7788
  1846            }
  1847        }
  1848        label: {
  1849            app:       "watcher"
  1850            domain:    "prod"
  1851            component: "infra"
  1852        }
  1853    }
  1854}
  1855configMap: {}
  1856kubernetes: {
  1857    services: {
  1858        watcher: {
  1859            apiVersion: "v1"
  1860            kind:       "Service"
  1861            spec: {
  1862                type: "LoadBalancer"
  1863                selector: {
  1864                    app:       "watcher"
  1865                    domain:    "prod"
  1866                    component: "infra"
  1867                }
  1868                ports: [{
  1869                    name:     "https"
  1870                    port:     7788
  1871                    protocol: "TCP"
  1872                }]
  1873                loadBalancerIP: "1.2.3.4"
  1874            }
  1875            metadata: {
  1876                name: "watcher"
  1877                labels: {
  1878                    app:       "watcher"
  1879                    domain:    "prod"
  1880                    component: "infra"
  1881                }
  1882            }
  1883        }
  1884    }
  1885    deployments: {
  1886        watcher: {
  1887            apiVersion: "extensions/v1beta1"
  1888            kind:       "Deployment"
  1889            metadata: {
  1890                name: "watcher"
  1891                labels: {
  1892                    component: "infra"
  1893                }
  1894            }
  1895            spec: {
  1896                template: {
  1897                    metadata: {
  1898                        labels: {
  1899                            app:       "watcher"
  1900                            domain:    "prod"
  1901                            component: "infra"
  1902                        }
  1903                    }
  1904                    spec: {
  1905                        containers: [{
  1906                            name:  "watcher"
  1907                            image: "gcr.io/myproj/watcher:v0.1.0"
  1908                            args: []
  1909                            volumeMounts: [{
  1910                                name:      "secret-volume"
  1911                                mountPath: "/etc/ssl"
  1912                            }]
  1913                            ports: [{
  1914                                name:          "https"
  1915                                containerPort: 7788
  1916                            }, {
  1917                                name:          "http"
  1918                                containerPort: 7080
  1919                            }]
  1920                        }]
  1921                        volumes: [{
  1922                            name: "secret-volume"
  1923                        }]
  1924                    }
  1925                }
  1926                replicas: 1
  1927            }
  1928        }
  1929    }
  1930    statefulSets: {}
  1931    daemonSets: {}
  1932    configMaps: {}
  1933}
  1934deployment: {}
  1935service: {}
  1936configMap: {}
  1937kubernetes: {
  1938    services: {}
  1939    deployments: {}
  1940    statefulSets: {}
  1941    daemonSets: {}
  1942    configMaps: {}
  1943}
  1944deployment: {
  1945    caller: {
  1946        name:     "caller"
  1947        kind:     "deployment"
  1948        replicas: 3
  1949        image:    "gcr.io/myproj/caller:v0.20.14"
  1950        expose: {
  1951            port: {
  1952                client: 8080
  1953            }
  1954        }
  1955        port: {}
  1956        arg: {
  1957            env:              "prod"
  1958            logdir:           "/logs"
  1959            "event-server":   "events:7788"
  1960            key:              "/etc/certs/client.key"
  1961            cert:             "/etc/certs/client.pem"
  1962            ca:               "/etc/certs/servfx.ca"
  1963            "ssh-tunnel-key": "/sslcerts/tunnel-private.pem"
  1964        }
  1965        args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-key=/etc/certs/client.key", "-cert=/etc/certs/client.pem", "-ca=/etc/certs/servfx.ca", "-ssh-tunnel-key=/sslcerts/tunnel-private.pem"]
  1966        env: {}
  1967        volume: {
  1968            "caller-disk": {
  1969                name:      "ssd-caller"
  1970                mountPath: "/logs"
  1971                subPath:   null
  1972                readOnly:  false
  1973                spec: {
  1974                    gcePersistentDisk: {
  1975                        pdName: "ssd-caller"
  1976                        fsType: "ext4"
  1977                    }
  1978                }
  1979                kubernetes: {}
  1980            }
  1981            "secret-ssh-key": {
  1982                name:      "secret-ssh-key"
  1983                mountPath: "/sslcerts"
  1984                subPath:   null
  1985                readOnly:  true
  1986                spec: {
  1987                    secret: {
  1988                        secretName: "secrets"
  1989                    }
  1990                }
  1991                kubernetes: {}
  1992            }
  1993            "secret-caller": {
  1994                name:      "secret-caller"
  1995                mountPath: "/etc/certs"
  1996                subPath:   null
  1997                readOnly:  true
  1998                spec: {
  1999                    secret: {
  2000                        secretName: "caller-secrets"
  2001                    }
  2002                }
  2003                kubernetes: {}
  2004            }
  2005        }
  2006        label: {
  2007            app:       "caller"
  2008            domain:    "prod"
  2009            component: "kitchen"
  2010        }
  2011        kubernetes: {
  2012            spec: {
  2013                template: {
  2014                    metadata: {
  2015                        annotations: {
  2016                            "prometheus.io.scrape": "true"
  2017                        }
  2018                    }
  2019                    spec: {
  2020                        containers: [{
  2021                            livenessProbe: {
  2022                                httpGet: {
  2023                                    path: "/debug/health"
  2024                                    port: 8080
  2025                                }
  2026                                initialDelaySeconds: 40
  2027                                periodSeconds:       3
  2028                            }
  2029                        }]
  2030                    }
  2031                }
  2032            }
  2033        }
  2034        envSpec: {}
  2035    }
  2036}
  2037service: {
  2038    caller: {
  2039        name: "caller"
  2040        port: {
  2041            client: {
  2042                name:     "client"
  2043                port:     8080
  2044                protocol: "TCP"
  2045            }
  2046        }
  2047        label: {
  2048            app:       "caller"
  2049            domain:    "prod"
  2050            component: "kitchen"
  2051        }
  2052        kubernetes: {}
  2053    }
  2054}
  2055configMap: {}
  2056kubernetes: {
  2057    services: {
  2058        caller: {
  2059            apiVersion: "v1"
  2060            kind:       "Service"
  2061            metadata: {
  2062                name: "caller"
  2063                labels: {
  2064                    app:       "caller"
  2065                    domain:    "prod"
  2066                    component: "kitchen"
  2067                }
  2068            }
  2069            spec: {
  2070                selector: {
  2071                    app:       "caller"
  2072                    domain:    "prod"
  2073                    component: "kitchen"
  2074                }
  2075                ports: [{
  2076                    name:     "client"
  2077                    port:     8080
  2078                    protocol: "TCP"
  2079                }]
  2080            }
  2081        }
  2082    }
  2083    deployments: {
  2084        caller: {
  2085            apiVersion: "extensions/v1beta1"
  2086            kind:       "Deployment"
  2087            metadata: {
  2088                name: "caller"
  2089                labels: {
  2090                    component: "kitchen"
  2091                }
  2092            }
  2093            spec: {
  2094                template: {
  2095                    metadata: {
  2096                        labels: {
  2097                            app:       "caller"
  2098                            domain:    "prod"
  2099                            component: "kitchen"
  2100                        }
  2101                        annotations: {
  2102                            "prometheus.io.scrape": "true"
  2103                        }
  2104                    }
  2105                    spec: {
  2106                        containers: [{
  2107                            name:  "caller"
  2108                            image: "gcr.io/myproj/caller:v0.20.14"
  2109                            args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-key=/etc/certs/client.key", "-cert=/etc/certs/client.pem", "-ca=/etc/certs/servfx.ca", "-ssh-tunnel-key=/sslcerts/tunnel-private.pem"]
  2110                            volumeMounts: [{
  2111                                name:      "ssd-caller"
  2112                                mountPath: "/logs"
  2113                            }, {
  2114                                name:      "secret-ssh-key"
  2115                                readOnly:  true
  2116                                mountPath: "/sslcerts"
  2117                            }, {
  2118                                name:      "secret-caller"
  2119                                readOnly:  true
  2120                                mountPath: "/etc/certs"
  2121                            }]
  2122                            livenessProbe: {
  2123                                httpGet: {
  2124                                    path: "/debug/health"
  2125                                    port: 8080
  2126                                }
  2127                                initialDelaySeconds: 40
  2128                                periodSeconds:       3
  2129                            }
  2130                            ports: [{
  2131                                name:          "client"
  2132                                containerPort: 8080
  2133                            }]
  2134                        }]
  2135                        volumes: [{
  2136                            name: "ssd-caller"
  2137                        }, {
  2138                            name: "secret-ssh-key"
  2139                        }, {
  2140                            name: "secret-caller"
  2141                        }]
  2142                    }
  2143                }
  2144                replicas: 3
  2145            }
  2146        }
  2147    }
  2148    statefulSets: {}
  2149    daemonSets: {}
  2150    configMaps: {}
  2151}
  2152deployment: {
  2153    dishwasher: {
  2154        name:     "dishwasher"
  2155        kind:     "deployment"
  2156        replicas: 5
  2157        image:    "gcr.io/myproj/dishwasher:v0.2.13"
  2158        expose: {
  2159            port: {
  2160                client: 8080
  2161            }
  2162        }
  2163        port: {}
  2164        arg: {
  2165            env:              "prod"
  2166            logdir:           "/logs"
  2167            "event-server":   "events:7788"
  2168            "ssh-tunnel-key": "/etc/certs/tunnel-private.pem"
  2169        }
  2170        args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem"]
  2171        env: {}
  2172        volume: {
  2173            "secret-ssh-key": {
  2174                name:      "secret-ssh-key"
  2175                mountPath: "/sslcerts"
  2176                subPath:   null
  2177                readOnly:  true
  2178                spec: {
  2179                    secret: {
  2180                        secretName: "secrets"
  2181                    }
  2182                }
  2183                kubernetes: {}
  2184            }
  2185            "dishwasher-disk": {
  2186                name:      "dishwasher-disk"
  2187                mountPath: "/logs"
  2188                subPath:   null
  2189                readOnly:  false
  2190                spec: {
  2191                    gcePersistentDisk: {
  2192                        pdName: "dishwasher-disk"
  2193                        fsType: "ext4"
  2194                    }
  2195                }
  2196                kubernetes: {}
  2197            }
  2198            "secret-dishwasher": {
  2199                name:      "secret-dishwasher"
  2200                mountPath: "/etc/certs"
  2201                subPath:   null
  2202                readOnly:  true
  2203                spec: {
  2204                    secret: {
  2205                        secretName: "dishwasher-secrets"
  2206                    }
  2207                }
  2208                kubernetes: {}
  2209            }
  2210        }
  2211        label: {
  2212            app:       "dishwasher"
  2213            domain:    "prod"
  2214            component: "kitchen"
  2215        }
  2216        kubernetes: {
  2217            spec: {
  2218                template: {
  2219                    metadata: {
  2220                        annotations: {
  2221                            "prometheus.io.scrape": "true"
  2222                        }
  2223                    }
  2224                    spec: {
  2225                        containers: [{
  2226                            livenessProbe: {
  2227                                httpGet: {
  2228                                    path: "/debug/health"
  2229                                    port: 8080
  2230                                }
  2231                                initialDelaySeconds: 40
  2232                                periodSeconds:       3
  2233                            }
  2234                        }]
  2235                    }
  2236                }
  2237            }
  2238        }
  2239        envSpec: {}
  2240    }
  2241}
  2242service: {
  2243    dishwasher: {
  2244        name: "dishwasher"
  2245        port: {
  2246            client: {
  2247                name:     "client"
  2248                port:     8080
  2249                protocol: "TCP"
  2250            }
  2251        }
  2252        label: {
  2253            app:       "dishwasher"
  2254            domain:    "prod"
  2255            component: "kitchen"
  2256        }
  2257        kubernetes: {}
  2258    }
  2259}
  2260configMap: {}
  2261kubernetes: {
  2262    services: {
  2263        dishwasher: {
  2264            apiVersion: "v1"
  2265            kind:       "Service"
  2266            metadata: {
  2267                name: "dishwasher"
  2268                labels: {
  2269                    app:       "dishwasher"
  2270                    domain:    "prod"
  2271                    component: "kitchen"
  2272                }
  2273            }
  2274            spec: {
  2275                selector: {
  2276                    app:       "dishwasher"
  2277                    domain:    "prod"
  2278                    component: "kitchen"
  2279                }
  2280                ports: [{
  2281                    name:     "client"
  2282                    port:     8080
  2283                    protocol: "TCP"
  2284                }]
  2285            }
  2286        }
  2287    }
  2288    deployments: {
  2289        dishwasher: {
  2290            apiVersion: "extensions/v1beta1"
  2291            kind:       "Deployment"
  2292            metadata: {
  2293                name: "dishwasher"
  2294                labels: {
  2295                    component: "kitchen"
  2296                }
  2297            }
  2298            spec: {
  2299                template: {
  2300                    metadata: {
  2301                        labels: {
  2302                            app:       "dishwasher"
  2303                            domain:    "prod"
  2304                            component: "kitchen"
  2305                        }
  2306                        annotations: {
  2307                            "prometheus.io.scrape": "true"
  2308                        }
  2309                    }
  2310                    spec: {
  2311                        containers: [{
  2312                            name:  "dishwasher"
  2313                            image: "gcr.io/myproj/dishwasher:v0.2.13"
  2314                            args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem"]
  2315                            volumeMounts: [{
  2316                                name:      "secret-ssh-key"
  2317                                readOnly:  true
  2318                                mountPath: "/sslcerts"
  2319                            }, {
  2320                                name:      "dishwasher-disk"
  2321                                mountPath: "/logs"
  2322                            }, {
  2323                                name:      "secret-dishwasher"
  2324                                readOnly:  true
  2325                                mountPath: "/etc/certs"
  2326                            }]
  2327                            livenessProbe: {
  2328                                httpGet: {
  2329                                    path: "/debug/health"
  2330                                    port: 8080
  2331                                }
  2332                                initialDelaySeconds: 40
  2333                                periodSeconds:       3
  2334                            }
  2335                            ports: [{
  2336                                name:          "client"
  2337                                containerPort: 8080
  2338                            }]
  2339                        }]
  2340                        volumes: [{
  2341                            name: "secret-ssh-key"
  2342                        }, {
  2343                            name: "dishwasher-disk"
  2344                        }, {
  2345                            name: "secret-dishwasher"
  2346                        }]
  2347                    }
  2348                }
  2349                replicas: 5
  2350            }
  2351        }
  2352    }
  2353    statefulSets: {}
  2354    daemonSets: {}
  2355    configMaps: {}
  2356}
  2357deployment: {
  2358    expiditer: {
  2359        name:     "expiditer"
  2360        kind:     "deployment"
  2361        replicas: 1
  2362        image:    "gcr.io/myproj/expiditer:v0.5.34"
  2363        expose: {
  2364            port: {
  2365                client: 8080
  2366            }
  2367        }
  2368        port: {}
  2369        arg: {
  2370            env:              "prod"
  2371            logdir:           "/logs"
  2372            "event-server":   "events:7788"
  2373            "ssh-tunnel-key": "/etc/certs/tunnel-private.pem"
  2374        }
  2375        args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem"]
  2376        env: {}
  2377        volume: {
  2378            "expiditer-disk": {
  2379                name:      "expiditer-disk"
  2380                mountPath: "/logs"
  2381                subPath:   null
  2382                readOnly:  false
  2383                spec: {
  2384                    gcePersistentDisk: {
  2385                        pdName: "expiditer-disk"
  2386                        fsType: "ext4"
  2387                    }
  2388                }
  2389                kubernetes: {}
  2390            }
  2391            "secret-expiditer": {
  2392                name:      "secret-expiditer"
  2393                mountPath: "/etc/certs"
  2394                subPath:   null
  2395                readOnly:  true
  2396                spec: {
  2397                    secret: {
  2398                        secretName: "expiditer-secrets"
  2399                    }
  2400                }
  2401                kubernetes: {}
  2402            }
  2403        }
  2404        label: {
  2405            app:       "expiditer"
  2406            domain:    "prod"
  2407            component: "kitchen"
  2408        }
  2409        kubernetes: {
  2410            spec: {
  2411                template: {
  2412                    metadata: {
  2413                        annotations: {
  2414                            "prometheus.io.scrape": "true"
  2415                        }
  2416                    }
  2417                    spec: {
  2418                        containers: [{
  2419                            livenessProbe: {
  2420                                httpGet: {
  2421                                    path: "/debug/health"
  2422                                    port: 8080
  2423                                }
  2424                                initialDelaySeconds: 40
  2425                                periodSeconds:       3
  2426                            }
  2427                        }]
  2428                    }
  2429                }
  2430            }
  2431        }
  2432        envSpec: {}
  2433    }
  2434}
  2435service: {
  2436    expiditer: {
  2437        name: "expiditer"
  2438        port: {
  2439            client: {
  2440                name:     "client"
  2441                port:     8080
  2442                protocol: "TCP"
  2443            }
  2444        }
  2445        label: {
  2446            app:       "expiditer"
  2447            domain:    "prod"
  2448            component: "kitchen"
  2449        }
  2450        kubernetes: {}
  2451    }
  2452}
  2453configMap: {}
  2454kubernetes: {
  2455    services: {
  2456        expiditer: {
  2457            apiVersion: "v1"
  2458            kind:       "Service"
  2459            metadata: {
  2460                name: "expiditer"
  2461                labels: {
  2462                    app:       "expiditer"
  2463                    domain:    "prod"
  2464                    component: "kitchen"
  2465                }
  2466            }
  2467            spec: {
  2468                selector: {
  2469                    app:       "expiditer"
  2470                    domain:    "prod"
  2471                    component: "kitchen"
  2472                }
  2473                ports: [{
  2474                    name:     "client"
  2475                    port:     8080
  2476                    protocol: "TCP"
  2477                }]
  2478            }
  2479        }
  2480    }
  2481    deployments: {
  2482        expiditer: {
  2483            apiVersion: "extensions/v1beta1"
  2484            kind:       "Deployment"
  2485            metadata: {
  2486                name: "expiditer"
  2487                labels: {
  2488                    component: "kitchen"
  2489                }
  2490            }
  2491            spec: {
  2492                template: {
  2493                    metadata: {
  2494                        labels: {
  2495                            app:       "expiditer"
  2496                            domain:    "prod"
  2497                            component: "kitchen"
  2498                        }
  2499                        annotations: {
  2500                            "prometheus.io.scrape": "true"
  2501                        }
  2502                    }
  2503                    spec: {
  2504                        containers: [{
  2505                            name:  "expiditer"
  2506                            image: "gcr.io/myproj/expiditer:v0.5.34"
  2507                            args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem"]
  2508                            volumeMounts: [{
  2509                                name:      "expiditer-disk"
  2510                                mountPath: "/logs"
  2511                            }, {
  2512                                name:      "secret-expiditer"
  2513                                readOnly:  true
  2514                                mountPath: "/etc/certs"
  2515                            }]
  2516                            livenessProbe: {
  2517                                httpGet: {
  2518                                    path: "/debug/health"
  2519                                    port: 8080
  2520                                }
  2521                                initialDelaySeconds: 40
  2522                                periodSeconds:       3
  2523                            }
  2524                            ports: [{
  2525                                name:          "client"
  2526                                containerPort: 8080
  2527                            }]
  2528                        }]
  2529                        volumes: [{
  2530                            name: "expiditer-disk"
  2531                        }, {
  2532                            name: "secret-expiditer"
  2533                        }]
  2534                    }
  2535                }
  2536                replicas: 1
  2537            }
  2538        }
  2539    }
  2540    statefulSets: {}
  2541    daemonSets: {}
  2542    configMaps: {}
  2543}
  2544deployment: {
  2545    headchef: {
  2546        name:     "headchef"
  2547        kind:     "deployment"
  2548        replicas: 1
  2549        image:    "gcr.io/myproj/headchef:v0.2.16"
  2550        expose: {
  2551            port: {
  2552                client: 8080
  2553            }
  2554        }
  2555        port: {}
  2556        arg: {
  2557            env:            "prod"
  2558            logdir:         "/logs"
  2559            "event-server": "events:7788"
  2560        }
  2561        args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788"]
  2562        env: {}
  2563        volume: {
  2564            "secret-headchef": {
  2565                name:      "secret-headchef"
  2566                mountPath: "/sslcerts"
  2567                subPath:   null
  2568                readOnly:  true
  2569                spec: {
  2570                    secret: {
  2571                        secretName: "headchef-secrets"
  2572                    }
  2573                }
  2574                kubernetes: {}
  2575            }
  2576            "headchef-disk": {
  2577                name:      "headchef-disk"
  2578                mountPath: "/logs"
  2579                subPath:   null
  2580                readOnly:  false
  2581                spec: {
  2582                    gcePersistentDisk: {
  2583                        pdName: "headchef-disk"
  2584                        fsType: "ext4"
  2585                    }
  2586                }
  2587                kubernetes: {}
  2588            }
  2589        }
  2590        label: {
  2591            app:       "headchef"
  2592            domain:    "prod"
  2593            component: "kitchen"
  2594        }
  2595        kubernetes: {
  2596            spec: {
  2597                template: {
  2598                    metadata: {
  2599                        annotations: {
  2600                            "prometheus.io.scrape": "true"
  2601                        }
  2602                    }
  2603                    spec: {
  2604                        containers: [{
  2605                            livenessProbe: {
  2606                                httpGet: {
  2607                                    path: "/debug/health"
  2608                                    port: 8080
  2609                                }
  2610                                initialDelaySeconds: 40
  2611                                periodSeconds:       3
  2612                            }
  2613                        }]
  2614                    }
  2615                }
  2616            }
  2617        }
  2618        envSpec: {}
  2619    }
  2620}
  2621service: {
  2622    headchef: {
  2623        name: "headchef"
  2624        port: {
  2625            client: {
  2626                name:     "client"
  2627                port:     8080
  2628                protocol: "TCP"
  2629            }
  2630        }
  2631        label: {
  2632            app:       "headchef"
  2633            domain:    "prod"
  2634            component: "kitchen"
  2635        }
  2636        kubernetes: {}
  2637    }
  2638}
  2639configMap: {}
  2640kubernetes: {
  2641    services: {
  2642        headchef: {
  2643            apiVersion: "v1"
  2644            kind:       "Service"
  2645            metadata: {
  2646                name: "headchef"
  2647                labels: {
  2648                    app:       "headchef"
  2649                    domain:    "prod"
  2650                    component: "kitchen"
  2651                }
  2652            }
  2653            spec: {
  2654                selector: {
  2655                    app:       "headchef"
  2656                    domain:    "prod"
  2657                    component: "kitchen"
  2658                }
  2659                ports: [{
  2660                    name:     "client"
  2661                    port:     8080
  2662                    protocol: "TCP"
  2663                }]
  2664            }
  2665        }
  2666    }
  2667    deployments: {
  2668        headchef: {
  2669            apiVersion: "extensions/v1beta1"
  2670            kind:       "Deployment"
  2671            metadata: {
  2672                name: "headchef"
  2673                labels: {
  2674                    component: "kitchen"
  2675                }
  2676            }
  2677            spec: {
  2678                template: {
  2679                    metadata: {
  2680                        labels: {
  2681                            app:       "headchef"
  2682                            domain:    "prod"
  2683                            component: "kitchen"
  2684                        }
  2685                        annotations: {
  2686                            "prometheus.io.scrape": "true"
  2687                        }
  2688                    }
  2689                    spec: {
  2690                        containers: [{
  2691                            name:  "headchef"
  2692                            image: "gcr.io/myproj/headchef:v0.2.16"
  2693                            args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788"]
  2694                            volumeMounts: [{
  2695                                name:      "secret-headchef"
  2696                                readOnly:  true
  2697                                mountPath: "/sslcerts"
  2698                            }, {
  2699                                name:      "headchef-disk"
  2700                                mountPath: "/logs"
  2701                            }]
  2702                            livenessProbe: {
  2703                                httpGet: {
  2704                                    path: "/debug/health"
  2705                                    port: 8080
  2706                                }
  2707                                initialDelaySeconds: 40
  2708                                periodSeconds:       3
  2709                            }
  2710                            ports: [{
  2711                                name:          "client"
  2712                                containerPort: 8080
  2713                            }]
  2714                        }]
  2715                        volumes: [{
  2716                            name: "secret-headchef"
  2717                        }, {
  2718                            name: "headchef-disk"
  2719                        }]
  2720                    }
  2721                }
  2722                replicas: 1
  2723            }
  2724        }
  2725    }
  2726    statefulSets: {}
  2727    daemonSets: {}
  2728    configMaps: {}
  2729}
  2730deployment: {
  2731    linecook: {
  2732        name:     "linecook"
  2733        kind:     "deployment"
  2734        replicas: 1
  2735        image:    "gcr.io/myproj/linecook:v0.1.42"
  2736        expose: {
  2737            port: {
  2738                client: 8080
  2739            }
  2740        }
  2741        port: {}
  2742        arg: {
  2743            env:                 "prod"
  2744            logdir:              "/logs"
  2745            "event-server":      "events:7788"
  2746            name:                "linecook"
  2747            etcd:                "etcd:2379"
  2748            "reconnect-delay":   "1h"
  2749            "-recovery-overlap": "100000"
  2750        }
  2751        args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-name=linecook", "-etcd=etcd:2379", "-reconnect-delay=1h", "--recovery-overlap=100000"]
  2752        env: {}
  2753        volume: {
  2754            "secret-linecook": {
  2755                name:      "secret-kitchen"
  2756                mountPath: "/etc/certs"
  2757                subPath:   null
  2758                readOnly:  true
  2759                spec: {
  2760                    secret: {
  2761                        secretName: "linecook-secrets"
  2762                    }
  2763                }
  2764                kubernetes: {}
  2765            }
  2766            "linecook-disk": {
  2767                name:      "linecook-disk"
  2768                mountPath: "/logs"
  2769                subPath:   null
  2770                readOnly:  false
  2771                spec: {
  2772                    gcePersistentDisk: {
  2773                        pdName: "linecook-disk"
  2774                        fsType: "ext4"
  2775                    }
  2776                }
  2777                kubernetes: {}
  2778            }
  2779        }
  2780        label: {
  2781            app:       "linecook"
  2782            domain:    "prod"
  2783            component: "kitchen"
  2784        }
  2785        kubernetes: {
  2786            spec: {
  2787                template: {
  2788                    metadata: {
  2789                        annotations: {
  2790                            "prometheus.io.scrape": "true"
  2791                        }
  2792                    }
  2793                    spec: {
  2794                        containers: [{
  2795                            livenessProbe: {
  2796                                httpGet: {
  2797                                    path: "/debug/health"
  2798                                    port: 8080
  2799                                }
  2800                                initialDelaySeconds: 40
  2801                                periodSeconds:       3
  2802                            }
  2803                        }]
  2804                    }
  2805                }
  2806            }
  2807        }
  2808        envSpec: {}
  2809    }
  2810}
  2811service: {
  2812    linecook: {
  2813        name: "linecook"
  2814        port: {
  2815            client: {
  2816                name:     "client"
  2817                port:     8080
  2818                protocol: "TCP"
  2819            }
  2820        }
  2821        label: {
  2822            app:       "linecook"
  2823            domain:    "prod"
  2824            component: "kitchen"
  2825        }
  2826        kubernetes: {}
  2827    }
  2828}
  2829configMap: {}
  2830kubernetes: {
  2831    services: {
  2832        linecook: {
  2833            apiVersion: "v1"
  2834            kind:       "Service"
  2835            metadata: {
  2836                name: "linecook"
  2837                labels: {
  2838                    app:       "linecook"
  2839                    domain:    "prod"
  2840                    component: "kitchen"
  2841                }
  2842            }
  2843            spec: {
  2844                selector: {
  2845                    app:       "linecook"
  2846                    domain:    "prod"
  2847                    component: "kitchen"
  2848                }
  2849                ports: [{
  2850                    name:     "client"
  2851                    port:     8080
  2852                    protocol: "TCP"
  2853                }]
  2854            }
  2855        }
  2856    }
  2857    deployments: {
  2858        linecook: {
  2859            apiVersion: "extensions/v1beta1"
  2860            kind:       "Deployment"
  2861            metadata: {
  2862                name: "linecook"
  2863                labels: {
  2864                    component: "kitchen"
  2865                }
  2866            }
  2867            spec: {
  2868                template: {
  2869                    metadata: {
  2870                        labels: {
  2871                            app:       "linecook"
  2872                            domain:    "prod"
  2873                            component: "kitchen"
  2874                        }
  2875                        annotations: {
  2876                            "prometheus.io.scrape": "true"
  2877                        }
  2878                    }
  2879                    spec: {
  2880                        containers: [{
  2881                            name:  "linecook"
  2882                            image: "gcr.io/myproj/linecook:v0.1.42"
  2883                            args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-name=linecook", "-etcd=etcd:2379", "-reconnect-delay=1h", "--recovery-overlap=100000"]
  2884                            volumeMounts: [{
  2885                                name:      "secret-kitchen"
  2886                                readOnly:  true
  2887                                mountPath: "/etc/certs"
  2888                            }, {
  2889                                name:      "linecook-disk"
  2890                                mountPath: "/logs"
  2891                            }]
  2892                            livenessProbe: {
  2893                                httpGet: {
  2894                                    path: "/debug/health"
  2895                                    port: 8080
  2896                                }
  2897                                initialDelaySeconds: 40
  2898                                periodSeconds:       3
  2899                            }
  2900                            ports: [{
  2901                                name:          "client"
  2902                                containerPort: 8080
  2903                            }]
  2904                        }]
  2905                        volumes: [{
  2906                            name: "secret-kitchen"
  2907                        }, {
  2908                            name: "linecook-disk"
  2909                        }]
  2910                    }
  2911                }
  2912                replicas: 1
  2913            }
  2914        }
  2915    }
  2916    statefulSets: {}
  2917    daemonSets: {}
  2918    configMaps: {}
  2919}
  2920deployment: {
  2921    pastrychef: {
  2922        name:     "pastrychef"
  2923        kind:     "deployment"
  2924        replicas: 1
  2925        image:    "gcr.io/myproj/pastrychef:v0.1.15"
  2926        expose: {
  2927            port: {
  2928                client: 8080
  2929            }
  2930        }
  2931        port: {}
  2932        arg: {
  2933            env:                "prod"
  2934            logdir:             "/logs"
  2935            "event-server":     "events:7788"
  2936            "ssh-tunnel-key":   "/etc/certs/tunnel-private.pem"
  2937            "reconnect-delay":  "1m"
  2938            etcd:               "etcd:2379"
  2939            "recovery-overlap": "10000"
  2940        }
  2941        args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-reconnect-delay=1m", "-etcd=etcd:2379", "-recovery-overlap=10000"]
  2942        env: {}
  2943        volume: {
  2944            "secret-pastrychef": {
  2945                name:      "secret-ssh-key"
  2946                mountPath: "/etc/certs"
  2947                subPath:   null
  2948                readOnly:  true
  2949                spec: {
  2950                    secret: {
  2951                        secretName: "secrets"
  2952                    }
  2953                }
  2954                kubernetes: {}
  2955            }
  2956            "pastrychef-disk": {
  2957                name:      "pastrychef-disk"
  2958                mountPath: "/logs"
  2959                subPath:   null
  2960                readOnly:  false
  2961                spec: {
  2962                    gcePersistentDisk: {
  2963                        pdName: "pastrychef-disk"
  2964                        fsType: "ext4"
  2965                    }
  2966                }
  2967                kubernetes: {}
  2968            }
  2969        }
  2970        label: {
  2971            app:       "pastrychef"
  2972            domain:    "prod"
  2973            component: "kitchen"
  2974        }
  2975        kubernetes: {
  2976            spec: {
  2977                template: {
  2978                    metadata: {
  2979                        annotations: {
  2980                            "prometheus.io.scrape": "true"
  2981                        }
  2982                    }
  2983                    spec: {
  2984                        containers: [{
  2985                            livenessProbe: {
  2986                                httpGet: {
  2987                                    path: "/debug/health"
  2988                                    port: 8080
  2989                                }
  2990                                initialDelaySeconds: 40
  2991                                periodSeconds:       3
  2992                            }
  2993                        }]
  2994                    }
  2995                }
  2996            }
  2997        }
  2998        envSpec: {}
  2999    }
  3000}
  3001service: {
  3002    pastrychef: {
  3003        name: "pastrychef"
  3004        port: {
  3005            client: {
  3006                name:     "client"
  3007                port:     8080
  3008                protocol: "TCP"
  3009            }
  3010        }
  3011        label: {
  3012            app:       "pastrychef"
  3013            domain:    "prod"
  3014            component: "kitchen"
  3015        }
  3016        kubernetes: {}
  3017    }
  3018}
  3019configMap: {}
  3020kubernetes: {
  3021    services: {
  3022        pastrychef: {
  3023            apiVersion: "v1"
  3024            kind:       "Service"
  3025            metadata: {
  3026                name: "pastrychef"
  3027                labels: {
  3028                    app:       "pastrychef"
  3029                    domain:    "prod"
  3030                    component: "kitchen"
  3031                }
  3032            }
  3033            spec: {
  3034                selector: {
  3035                    app:       "pastrychef"
  3036                    domain:    "prod"
  3037                    component: "kitchen"
  3038                }
  3039                ports: [{
  3040                    name:     "client"
  3041                    port:     8080
  3042                    protocol: "TCP"
  3043                }]
  3044            }
  3045        }
  3046    }
  3047    deployments: {
  3048        pastrychef: {
  3049            apiVersion: "extensions/v1beta1"
  3050            kind:       "Deployment"
  3051            metadata: {
  3052                name: "pastrychef"
  3053                labels: {
  3054                    component: "kitchen"
  3055                }
  3056            }
  3057            spec: {
  3058                template: {
  3059                    metadata: {
  3060                        labels: {
  3061                            app:       "pastrychef"
  3062                            domain:    "prod"
  3063                            component: "kitchen"
  3064                        }
  3065                        annotations: {
  3066                            "prometheus.io.scrape": "true"
  3067                        }
  3068                    }
  3069                    spec: {
  3070                        containers: [{
  3071                            name:  "pastrychef"
  3072                            image: "gcr.io/myproj/pastrychef:v0.1.15"
  3073                            args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-reconnect-delay=1m", "-etcd=etcd:2379", "-recovery-overlap=10000"]
  3074                            volumeMounts: [{
  3075                                name:      "secret-ssh-key"
  3076                                readOnly:  true
  3077                                mountPath: "/etc/certs"
  3078                            }, {
  3079                                name:      "pastrychef-disk"
  3080                                mountPath: "/logs"
  3081                            }]
  3082                            livenessProbe: {
  3083                                httpGet: {
  3084                                    path: "/debug/health"
  3085                                    port: 8080
  3086                                }
  3087                                initialDelaySeconds: 40
  3088                                periodSeconds:       3
  3089                            }
  3090                            ports: [{
  3091                                name:          "client"
  3092                                containerPort: 8080
  3093                            }]
  3094                        }]
  3095                        volumes: [{
  3096                            name: "secret-ssh-key"
  3097                        }, {
  3098                            name: "pastrychef-disk"
  3099                        }]
  3100                    }
  3101                }
  3102                replicas: 1
  3103            }
  3104        }
  3105    }
  3106    statefulSets: {}
  3107    daemonSets: {}
  3108    configMaps: {}
  3109}
  3110deployment: {
  3111    souschef: {
  3112        name:     "souschef"
  3113        kind:     "deployment"
  3114        replicas: 1
  3115        image:    "gcr.io/myproj/souschef:v0.5.3"
  3116        expose: {
  3117            port: {
  3118                client: 8080
  3119            }
  3120        }
  3121        port: {}
  3122        arg: {}
  3123        args: []
  3124        env: {}
  3125        label: {
  3126            app:       "souschef"
  3127            domain:    "prod"
  3128            component: "kitchen"
  3129        }
  3130        kubernetes: {
  3131            spec: {
  3132                template: {
  3133                    metadata: {
  3134                        annotations: {
  3135                            "prometheus.io.scrape": "true"
  3136                        }
  3137                    }
  3138                    spec: {
  3139                        containers: [{
  3140                            livenessProbe: {
  3141                                httpGet: {
  3142                                    path: "/debug/health"
  3143                                    port: 8080
  3144                                }
  3145                                initialDelaySeconds: 40
  3146                                periodSeconds:       3
  3147                            }
  3148                        }]
  3149                    }
  3150                }
  3151            }
  3152        }
  3153        envSpec: {}
  3154        volume: {}
  3155    }
  3156}
  3157service: {
  3158    souschef: {
  3159        name: "souschef"
  3160        port: {
  3161            client: {
  3162                name:     "client"
  3163                port:     8080
  3164                protocol: "TCP"
  3165            }
  3166        }
  3167        label: {
  3168            app:       "souschef"
  3169            domain:    "prod"
  3170            component: "kitchen"
  3171        }
  3172        kubernetes: {}
  3173    }
  3174}
  3175configMap: {}
  3176kubernetes: {
  3177    services: {
  3178        souschef: {
  3179            apiVersion: "v1"
  3180            kind:       "Service"
  3181            metadata: {
  3182                name: "souschef"
  3183                labels: {
  3184                    app:       "souschef"
  3185                    domain:    "prod"
  3186                    component: "kitchen"
  3187                }
  3188            }
  3189            spec: {
  3190                selector: {
  3191                    app:       "souschef"
  3192                    domain:    "prod"
  3193                    component: "kitchen"
  3194                }
  3195                ports: [{
  3196                    name:     "client"
  3197                    port:     8080
  3198                    protocol: "TCP"
  3199                }]
  3200            }
  3201        }
  3202    }
  3203    deployments: {
  3204        souschef: {
  3205            apiVersion: "extensions/v1beta1"
  3206            kind:       "Deployment"
  3207            metadata: {
  3208                name: "souschef"
  3209                labels: {
  3210                    component: "kitchen"
  3211                }
  3212            }
  3213            spec: {
  3214                template: {
  3215                    metadata: {
  3216                        labels: {
  3217                            app:       "souschef"
  3218                            domain:    "prod"
  3219                            component: "kitchen"
  3220                        }
  3221                        annotations: {
  3222                            "prometheus.io.scrape": "true"
  3223                        }
  3224                    }
  3225                    spec: {
  3226                        containers: [{
  3227                            name:  "souschef"
  3228                            image: "gcr.io/myproj/souschef:v0.5.3"
  3229                            args: []
  3230                            livenessProbe: {
  3231                                httpGet: {
  3232                                    path: "/debug/health"
  3233                                    port: 8080
  3234                                }
  3235                                initialDelaySeconds: 40
  3236                                periodSeconds:       3
  3237                            }
  3238                            ports: [{
  3239                                name:          "client"
  3240                                containerPort: 8080
  3241                            }]
  3242                        }]
  3243                    }
  3244                }
  3245                replicas: 1
  3246            }
  3247        }
  3248    }
  3249    statefulSets: {}
  3250    daemonSets: {}
  3251    configMaps: {}
  3252}
  3253deployment: {}
  3254service: {}
  3255configMap: {}
  3256kubernetes: {
  3257    services: {}
  3258    deployments: {}
  3259    statefulSets: {}
  3260    daemonSets: {}
  3261    configMaps: {}
  3262}
  3263deployment: {
  3264    alertmanager: {
  3265        name:     "alertmanager"
  3266        kind:     "deployment"
  3267        replicas: 1
  3268        kubernetes: {
  3269            spec: {
  3270                selector: {
  3271                    matchLabels: {
  3272                        app: "alertmanager"
  3273                    }
  3274                }
  3275            }
  3276        }
  3277        image: "prom/alertmanager:v0.15.2"
  3278        args: ["--config.file=/etc/alertmanager/alerts.yaml", "--storage.path=/alertmanager", "--web.external-url=https://alertmanager.example.com"]
  3279        expose: {
  3280            port: {
  3281                alertmanager: 9093
  3282            }
  3283        }
  3284        port: {}
  3285        arg: {}
  3286        env: {}
  3287        volume: {
  3288            "config-volume": {
  3289                name:      "config-volume"
  3290                mountPath: "/etc/alertmanager"
  3291                subPath:   null
  3292                readOnly:  false
  3293                spec: {
  3294                    configMap: {
  3295                        name: "alertmanager"
  3296                    }
  3297                }
  3298                kubernetes: {}
  3299            }
  3300            alertmanager: {
  3301                name:      "alertmanager"
  3302                mountPath: "/alertmanager"
  3303                subPath:   null
  3304                readOnly:  false
  3305                spec: {
  3306                    emptyDir: {}
  3307                }
  3308                kubernetes: {}
  3309            }
  3310        }
  3311        label: {
  3312            app:       "alertmanager"
  3313            domain:    "prod"
  3314            component: "mon"
  3315        }
  3316        envSpec: {}
  3317    }
  3318}
  3319service: {
  3320    alertmanager: {
  3321        name: "alertmanager"
  3322        label: {
  3323            name:      "alertmanager"
  3324            app:       "alertmanager"
  3325            domain:    "prod"
  3326            component: "mon"
  3327        }
  3328        port: {
  3329            alertmanager: {
  3330                name:     "main"
  3331                port:     9093
  3332                protocol: "TCP"
  3333            }
  3334        }
  3335        kubernetes: {
  3336            metadata: {
  3337                annotations: {
  3338                    "prometheus.io/scrape": "true"
  3339                    "prometheus.io/path":   "/metrics"
  3340                }
  3341            }
  3342        }
  3343    }
  3344}
  3345configMap: {
  3346    alertmanager: {
  3347        "alerts.yaml": """
  3348            receivers:
  3349              - name: pager
  3350                slack_configs:
  3351                  - channel: '#cloudmon'
  3352                    text: |-
  3353                      {{ range .Alerts }}{{ .Annotations.description }}
  3354                      {{ end }}
  3355                    send_resolved: true
  3356            route:
  3357              receiver: pager
  3358              group_by:
  3359                - alertname
  3360                - cluster
  3361
  3362            """
  3363    }
  3364}
  3365kubernetes: {
  3366    services: {
  3367        alertmanager: {
  3368            apiVersion: "v1"
  3369            kind:       "Service"
  3370            metadata: {
  3371                name: "alertmanager"
  3372                labels: {
  3373                    name:      "alertmanager"
  3374                    app:       "alertmanager"
  3375                    domain:    "prod"
  3376                    component: "mon"
  3377                }
  3378                annotations: {
  3379                    "prometheus.io/scrape": "true"
  3380                    "prometheus.io/path":   "/metrics"
  3381                }
  3382            }
  3383            spec: {
  3384                selector: {
  3385                    name:      "alertmanager"
  3386                    app:       "alertmanager"
  3387                    domain:    "prod"
  3388                    component: "mon"
  3389                }
  3390                ports: [{
  3391                    name:     "main"
  3392                    port:     9093
  3393                    protocol: "TCP"
  3394                }]
  3395            }
  3396        }
  3397    }
  3398    deployments: {
  3399        alertmanager: {
  3400            apiVersion: "extensions/v1beta1"
  3401            kind:       "Deployment"
  3402            metadata: {
  3403                name: "alertmanager"
  3404                labels: {
  3405                    component: "mon"
  3406                }
  3407            }
  3408            spec: {
  3409                template: {
  3410                    metadata: {
  3411                        labels: {
  3412                            app:       "alertmanager"
  3413                            domain:    "prod"
  3414                            component: "mon"
  3415                        }
  3416                    }
  3417                    spec: {
  3418                        containers: [{
  3419                            name:  "alertmanager"
  3420                            image: "prom/alertmanager:v0.15.2"
  3421                            args: ["--config.file=/etc/alertmanager/alerts.yaml", "--storage.path=/alertmanager", "--web.external-url=https://alertmanager.example.com"]
  3422                            volumeMounts: [{
  3423                                name:      "config-volume"
  3424                                mountPath: "/etc/alertmanager"
  3425                            }, {
  3426                                name:      "alertmanager"
  3427                                mountPath: "/alertmanager"
  3428                            }]
  3429                            ports: [{
  3430                                name:          "alertmanager"
  3431                                containerPort: 9093
  3432                            }]
  3433                        }]
  3434                        volumes: [{
  3435                            name: "config-volume"
  3436                        }, {
  3437                            name: "alertmanager"
  3438                        }]
  3439                    }
  3440                }
  3441                selector: {
  3442                    matchLabels: {
  3443                        app: "alertmanager"
  3444                    }
  3445                }
  3446                replicas: 1
  3447            }
  3448        }
  3449    }
  3450    statefulSets: {}
  3451    daemonSets: {}
  3452    configMaps: {
  3453        alertmanager: {
  3454            apiVersion: "v1"
  3455            kind:       "ConfigMap"
  3456            metadata: {
  3457                name: "alertmanager"
  3458                labels: {
  3459                    component: "mon"
  3460                }
  3461            }
  3462            data: {
  3463                "alerts.yaml": """
  3464                    receivers:
  3465                      - name: pager
  3466                        slack_configs:
  3467                          - channel: '#cloudmon'
  3468                            text: |-
  3469                              {{ range .Alerts }}{{ .Annotations.description }}
  3470                              {{ end }}
  3471                            send_resolved: true
  3472                    route:
  3473                      receiver: pager
  3474                      group_by:
  3475                        - alertname
  3476                        - cluster
  3477
  3478                    """
  3479            }
  3480        }
  3481    }
  3482}
  3483deployment: {
  3484    grafana: {
  3485        name:     "grafana"
  3486        kind:     "deployment"
  3487        replicas: 1
  3488        image:    "grafana/grafana:4.5.2"
  3489        expose: {
  3490            port: {
  3491                grafana: 3000
  3492            }
  3493        }
  3494        port: {
  3495            web: 8080
  3496        }
  3497        arg: {}
  3498        args: []
  3499        volume: {
  3500            "grafana-volume": {
  3501                name:      "grafana-volume"
  3502                mountPath: "/var/lib/grafana"
  3503                subPath:   null
  3504                readOnly:  false
  3505                spec: {
  3506                    gcePersistentDisk: {
  3507                        pdName: "grafana-volume"
  3508                        fsType: "ext4"
  3509                    }
  3510                }
  3511                kubernetes: {}
  3512            }
  3513        }
  3514        env: {
  3515            GF_AUTH_BASIC_ENABLED:      "false"
  3516            GF_AUTH_ANONYMOUS_ENABLED:  "true"
  3517            GF_AUTH_ANONYMOUS_ORG_ROLE: "admin"
  3518        }
  3519        kubernetes: {
  3520            spec: {
  3521                template: {
  3522                    spec: {
  3523                        containers: [{
  3524                            resources: {
  3525                                limits: {
  3526                                    cpu:    "100m"
  3527                                    memory: "100Mi"
  3528                                }
  3529                                requests: {
  3530                                    cpu:    "100m"
  3531                                    memory: "100Mi"
  3532                                }
  3533                            }
  3534                        }]
  3535                    }
  3536                }
  3537            }
  3538        }
  3539        label: {
  3540            app:       "grafana"
  3541            domain:    "prod"
  3542            component: "mon"
  3543        }
  3544        envSpec: {
  3545            GF_AUTH_BASIC_ENABLED: {
  3546                value: "false"
  3547            }
  3548            GF_AUTH_ANONYMOUS_ENABLED: {
  3549                value: "true"
  3550            }
  3551            GF_AUTH_ANONYMOUS_ORG_ROLE: {
  3552                value: "admin"
  3553            }
  3554        }
  3555    }
  3556}
  3557service: {
  3558    grafana: {
  3559        name: "grafana"
  3560        port: {
  3561            grafana: {
  3562                name:     "grafana"
  3563                port:     3000
  3564                protocol: "TCP"
  3565            }
  3566        }
  3567        label: {
  3568            app:       "grafana"
  3569            domain:    "prod"
  3570            component: "mon"
  3571        }
  3572        kubernetes: {}
  3573    }
  3574}
  3575configMap: {}
  3576kubernetes: {
  3577    services: {
  3578        grafana: {
  3579            apiVersion: "v1"
  3580            kind:       "Service"
  3581            metadata: {
  3582                name: "grafana"
  3583                labels: {
  3584                    app:       "grafana"
  3585                    domain:    "prod"
  3586                    component: "mon"
  3587                }
  3588            }
  3589            spec: {
  3590                selector: {
  3591                    app:       "grafana"
  3592                    domain:    "prod"
  3593                    component: "mon"
  3594                }
  3595                ports: [{
  3596                    name:     "grafana"
  3597                    port:     3000
  3598                    protocol: "TCP"
  3599                }]
  3600            }
  3601        }
  3602    }
  3603    deployments: {
  3604        grafana: {
  3605            apiVersion: "extensions/v1beta1"
  3606            kind:       "Deployment"
  3607            metadata: {
  3608                name: "grafana"
  3609                labels: {
  3610                    component: "mon"
  3611                }
  3612            }
  3613            spec: {
  3614                template: {
  3615                    metadata: {
  3616                        labels: {
  3617                            app:       "grafana"
  3618                            domain:    "prod"
  3619                            component: "mon"
  3620                        }
  3621                    }
  3622                    spec: {
  3623                        containers: [{
  3624                            name:  "grafana"
  3625                            image: "grafana/grafana:4.5.2"
  3626                            args: []
  3627                            env: [{
  3628                                name:  "GF_AUTH_BASIC_ENABLED"
  3629                                value: "false"
  3630                            }, {
  3631                                name:  "GF_AUTH_ANONYMOUS_ENABLED"
  3632                                value: "true"
  3633                            }, {
  3634                                name:  "GF_AUTH_ANONYMOUS_ORG_ROLE"
  3635                                value: "admin"
  3636                            }]
  3637                            volumeMounts: [{
  3638                                name:      "grafana-volume"
  3639                                mountPath: "/var/lib/grafana"
  3640                            }]
  3641                            ports: [{
  3642                                name:          "grafana"
  3643                                containerPort: 3000
  3644                            }, {
  3645                                name:          "web"
  3646                                containerPort: 8080
  3647                            }]
  3648                            resources: {
  3649                                limits: {
  3650                                    cpu:    "100m"
  3651                                    memory: "100Mi"
  3652                                }
  3653                                requests: {
  3654                                    cpu:    "100m"
  3655                                    memory: "100Mi"
  3656                                }
  3657                            }
  3658                        }]
  3659                        volumes: [{
  3660                            name: "grafana-volume"
  3661                        }]
  3662                    }
  3663                }
  3664                replicas: 1
  3665            }
  3666        }
  3667    }
  3668    statefulSets: {}
  3669    daemonSets: {}
  3670    configMaps: {}
  3671}
  3672deployment: {
  3673    "node-exporter": {
  3674        name:     "node-exporter"
  3675        kind:     "daemon"
  3676        replicas: 1
  3677        image:    "quay.io/prometheus/node-exporter:v0.16.0"
  3678        expose: {
  3679            port: {
  3680                scrape: 9100
  3681            }
  3682        }
  3683        port: {}
  3684        arg: {}
  3685        args: ["--path.procfs=/host/proc", "--path.sysfs=/host/sys"]
  3686        env: {}
  3687        volume: {
  3688            proc: {
  3689                name:      "proc"
  3690                mountPath: "/host/proc"
  3691                subPath:   null
  3692                readOnly:  true
  3693                spec: {
  3694                    hostPath: {
  3695                        path: "/proc"
  3696                    }
  3697                }
  3698                kubernetes: {}
  3699            }
  3700            sys: {
  3701                name:      "sys"
  3702                mountPath: "/host/sys"
  3703                subPath:   null
  3704                readOnly:  true
  3705                spec: {
  3706                    hostPath: {
  3707                        path: "/sys"
  3708                    }
  3709                }
  3710                kubernetes: {}
  3711            }
  3712        }
  3713        kubernetes: {
  3714            spec: {
  3715                template: {
  3716                    spec: {
  3717                        hostNetwork: true
  3718                        hostPID:     true
  3719                        containers: [{
  3720                            ports: [{
  3721                                hostPort: 9100
  3722                            }]
  3723                            resources: {
  3724                                requests: {
  3725                                    memory: "30Mi"
  3726                                    cpu:    "100m"
  3727                                }
  3728                                limits: {
  3729                                    memory: "50Mi"
  3730                                    cpu:    "200m"
  3731                                }
  3732                            }
  3733                        }]
  3734                    }
  3735                }
  3736            }
  3737        }
  3738        label: {
  3739            app:       "node-exporter"
  3740            domain:    "prod"
  3741            component: "mon"
  3742        }
  3743        envSpec: {}
  3744    }
  3745}
  3746service: {
  3747    "node-exporter": {
  3748        name: "node-exporter"
  3749        port: {
  3750            scrape: {
  3751                name:     "metrics"
  3752                port:     9100
  3753                protocol: "TCP"
  3754            }
  3755        }
  3756        kubernetes: {
  3757            metadata: {
  3758                annotations: {
  3759                    "prometheus.io/scrape": "true"
  3760                }
  3761            }
  3762            spec: {
  3763                type:      "ClusterIP"
  3764                clusterIP: "None"
  3765            }
  3766        }
  3767        label: {
  3768            app:       "node-exporter"
  3769            domain:    "prod"
  3770            component: "mon"
  3771        }
  3772    }
  3773}
  3774configMap: {}
  3775kubernetes: {
  3776    services: {
  3777        "node-exporter": {
  3778            apiVersion: "v1"
  3779            kind:       "Service"
  3780            metadata: {
  3781                annotations: {
  3782                    "prometheus.io/scrape": "true"
  3783                }
  3784                name: "node-exporter"
  3785                labels: {
  3786                    app:       "node-exporter"
  3787                    domain:    "prod"
  3788                    component: "mon"
  3789                }
  3790            }
  3791            spec: {
  3792                type:      "ClusterIP"
  3793                clusterIP: "None"
  3794                selector: {
  3795                    app:       "node-exporter"
  3796                    domain:    "prod"
  3797                    component: "mon"
  3798                }
  3799                ports: [{
  3800                    name:     "metrics"
  3801                    port:     9100
  3802                    protocol: "TCP"
  3803                }]
  3804            }
  3805        }
  3806    }
  3807    deployments: {}
  3808    statefulSets: {}
  3809    daemonSets: {
  3810        "node-exporter": {
  3811            apiVersion: "extensions/v1beta1"
  3812            metadata: {
  3813                name: "node-exporter"
  3814                labels: {
  3815                    component: "mon"
  3816                }
  3817            }
  3818            spec: {
  3819                template: {
  3820                    metadata: {
  3821                        labels: {
  3822                            app:       "node-exporter"
  3823                            domain:    "prod"
  3824                            component: "mon"
  3825                        }
  3826                    }
  3827                    spec: {
  3828                        volumes: [{
  3829                            name: "proc"
  3830                        }, {
  3831                            name: "sys"
  3832                        }]
  3833                        hostNetwork: true
  3834                        hostPID:     true
  3835                        containers: [{
  3836                            name:  "node-exporter"
  3837                            image: "quay.io/prometheus/node-exporter:v0.16.0"
  3838                            args: ["--path.procfs=/host/proc", "--path.sysfs=/host/sys"]
  3839                            volumeMounts: [{
  3840                                name:      "proc"
  3841                                readOnly:  true
  3842                                mountPath: "/host/proc"
  3843                            }, {
  3844                                name:      "sys"
  3845                                readOnly:  true
  3846                                mountPath: "/host/sys"
  3847                            }]
  3848                            ports: [{
  3849                                name:          "scrape"
  3850                                hostPort:      9100
  3851                                containerPort: 9100
  3852                            }]
  3853                            resources: {
  3854                                requests: {
  3855                                    memory: "30Mi"
  3856                                    cpu:    "100m"
  3857                                }
  3858                                limits: {
  3859                                    memory: "50Mi"
  3860                                    cpu:    "200m"
  3861                                }
  3862                            }
  3863                        }]
  3864                    }
  3865                }
  3866            }
  3867            kind: "DaemonSet"
  3868        }
  3869    }
  3870    configMaps: {}
  3871}
  3872deployment: {
  3873    prometheus: {
  3874        name:     "prometheus"
  3875        kind:     "deployment"
  3876        replicas: 1
  3877        image:    "prom/prometheus:v2.4.3"
  3878        args: ["--config.file=/etc/prometheus/prometheus.yml", "--web.external-url=https://prometheus.example.com"]
  3879        expose: {
  3880            port: {
  3881                web: 9090
  3882            }
  3883        }
  3884        port: {}
  3885        arg: {}
  3886        env: {}
  3887        volume: {
  3888            "config-volume": {
  3889                name:      "config-volume"
  3890                mountPath: "/etc/prometheus"
  3891                subPath:   null
  3892                readOnly:  false
  3893                spec: {
  3894                    configMap: {
  3895                        name: "prometheus"
  3896                    }
  3897                }
  3898                kubernetes: {}
  3899            }
  3900        }
  3901        kubernetes: {
  3902            spec: {
  3903                selector: {
  3904                    matchLabels: {
  3905                        app: "prometheus"
  3906                    }
  3907                }
  3908                strategy: {
  3909                    type: "RollingUpdate"
  3910                    rollingUpdate: {
  3911                        maxSurge:       0
  3912                        maxUnavailable: 1
  3913                    }
  3914                }
  3915                template: {
  3916                    metadata: {
  3917                        annotations: {
  3918                            "prometheus.io.scrape": "true"
  3919                        }
  3920                    }
  3921                }
  3922            }
  3923        }
  3924        label: {
  3925            app:       "prometheus"
  3926            domain:    "prod"
  3927            component: "mon"
  3928        }
  3929        envSpec: {}
  3930    }
  3931}
  3932service: {
  3933    prometheus: {
  3934        name: "prometheus"
  3935        label: {
  3936            name:      "prometheus"
  3937            app:       "prometheus"
  3938            domain:    "prod"
  3939            component: "mon"
  3940        }
  3941        port: {
  3942            web: {
  3943                name:     "main"
  3944                port:     9090
  3945                nodePort: 30900
  3946                protocol: "TCP"
  3947            }
  3948        }
  3949        kubernetes: {
  3950            metadata: {
  3951                annotations: {
  3952                    "prometheus.io/scrape": "true"
  3953                }
  3954            }
  3955            spec: {
  3956                type: "NodePort"
  3957            }
  3958        }
  3959    }
  3960}
  3961configMap: {
  3962    prometheus: {
  3963        "alert.rules": """
  3964            groups:
  3965              - name: rules.yaml
  3966                rules:
  3967                  - alert: InstanceDown
  3968                    expr: up == 0
  3969                    for: 30s
  3970                    labels:
  3971                      severity: page
  3972                    annotations:
  3973                      description: '{{$labels.app}} of job {{ $labels.job }} has been down for more than 30 seconds.'
  3974                      summary: Instance {{$labels.app}} down
  3975                  - alert: InsufficientPeers
  3976                    expr: count(up{job="etcd"} == 0) > (count(up{job="etcd"}) / 2 - 1)
  3977                    for: 3m
  3978                    labels:
  3979                      severity: page
  3980                    annotations:
  3981                      description: If one more etcd peer goes down the cluster will be unavailable
  3982                      summary: etcd cluster small
  3983                  - alert: EtcdNoMaster
  3984                    expr: sum(etcd_server_has_leader{app="etcd"}) == 0
  3985                    for: 1s
  3986                    labels:
  3987                      severity: page
  3988                    annotations:
  3989                      summary: No ETCD master elected.
  3990                  - alert: PodRestart
  3991                    expr: (max_over_time(pod_container_status_restarts_total[5m]) - min_over_time(pod_container_status_restarts_total[5m])) > 2
  3992                    for: 1m
  3993                    labels:
  3994                      severity: page
  3995                    annotations:
  3996                      description: '{{$labels.app}} {{ $labels.container }} resturted {{ $value }} times in 5m.'
  3997                      summary: Pod for {{$labels.container}} restarts too often
  3998
  3999            """
  4000        "prometheus.yml": """
  4001            global:
  4002              scrape_interval: 15s
  4003            rule_files:
  4004              - /etc/prometheus/alert.rules
  4005            alerting:
  4006              alertmanagers:
  4007                - scheme: http
  4008                  static_configs:
  4009                    - targets:
  4010                        - alertmanager:9093
  4011            scrape_configs:
  4012              - job_name: kubernetes-apiservers
  4013                kubernetes_sd_configs:
  4014                  - role: endpoints
  4015                scheme: https
  4016                tls_config:
  4017                  ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
  4018                bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  4019                relabel_configs:
  4020                  - source_labels:
  4021                      - __meta_kubernetes_namespace
  4022                      - __meta_kubernetes_service_name
  4023                      - __meta_kubernetes_endpoint_port_name
  4024                    action: keep
  4025                    regex: default;kubernetes;https
  4026              - job_name: kubernetes-nodes
  4027                scheme: https
  4028                tls_config:
  4029                  ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
  4030                bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  4031                kubernetes_sd_configs:
  4032                  - role: node
  4033                relabel_configs:
  4034                  - action: labelmap
  4035                    regex: __meta_kubernetes_node_label_(.+)
  4036                  - target_label: __address__
  4037                    replacement: kubernetes.default.svc:443
  4038                  - source_labels:
  4039                      - __meta_kubernetes_node_name
  4040                    regex: (.+)
  4041                    target_label: __metrics_path__
  4042                    replacement: /api/v1/nodes/${1}/proxy/metrics
  4043              - job_name: kubernetes-cadvisor
  4044                scheme: https
  4045                tls_config:
  4046                  ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
  4047                bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  4048                kubernetes_sd_configs:
  4049                  - role: node
  4050                relabel_configs:
  4051                  - action: labelmap
  4052                    regex: __meta_kubernetes_node_label_(.+)
  4053                  - target_label: __address__
  4054                    replacement: kubernetes.default.svc:443
  4055                  - source_labels:
  4056                      - __meta_kubernetes_node_name
  4057                    regex: (.+)
  4058                    target_label: __metrics_path__
  4059                    replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
  4060              - job_name: kubernetes-service-endpoints
  4061                kubernetes_sd_configs:
  4062                  - role: endpoints
  4063                relabel_configs:
  4064                  - source_labels:
  4065                      - __meta_kubernetes_service_annotation_prometheus_io_scrape
  4066                    action: keep
  4067                    regex: true
  4068                  - source_labels:
  4069                      - __meta_kubernetes_service_annotation_prometheus_io_scheme
  4070                    action: replace
  4071                    target_label: __scheme__
  4072                    regex: (https?)
  4073                  - source_labels:
  4074                      - __meta_kubernetes_service_annotation_prometheus_io_path
  4075                    action: replace
  4076                    target_label: __metrics_path__
  4077                    regex: (.+)
  4078                  - source_labels:
  4079                      - __address__
  4080                      - __meta_kubernetes_service_annotation_prometheus_io_port
  4081                    action: replace
  4082                    target_label: __address__
  4083                    regex: ([^:]+)(?::\\d+)?;(\\d+)
  4084                    replacement: $1:$2
  4085                  - action: labelmap
  4086                    regex: __meta_kubernetes_service_label_(.+)
  4087                  - source_labels:
  4088                      - __meta_kubernetes_namespace
  4089                    action: replace
  4090                    target_label: kubernetes_namespace
  4091                  - source_labels:
  4092                      - __meta_kubernetes_service_name
  4093                    action: replace
  4094                    target_label: kubernetes_name
  4095              - job_name: kubernetes-services
  4096                metrics_path: /probe
  4097                params:
  4098                  module:
  4099                    - http_2xx
  4100                kubernetes_sd_configs:
  4101                  - role: service
  4102                relabel_configs:
  4103                  - source_labels:
  4104                      - __meta_kubernetes_service_annotation_prometheus_io_probe
  4105                    action: keep
  4106                    regex: true
  4107                  - source_labels:
  4108                      - __address__
  4109                    target_label: __param_target
  4110                  - target_label: __address__
  4111                    replacement: blackbox-exporter.example.com:9115
  4112                  - source_labels:
  4113                      - __param_target
  4114                    target_label: app
  4115                  - action: labelmap
  4116                    regex: __meta_kubernetes_service_label_(.+)
  4117                  - source_labels:
  4118                      - __meta_kubernetes_namespace
  4119                    target_label: kubernetes_namespace
  4120                  - source_labels:
  4121                      - __meta_kubernetes_service_name
  4122                    target_label: kubernetes_name
  4123              - job_name: kubernetes-ingresses
  4124                metrics_path: /probe
  4125                params:
  4126                  module:
  4127                    - http_2xx
  4128                kubernetes_sd_configs:
  4129                  - role: ingress
  4130                relabel_configs:
  4131                  - source_labels:
  4132                      - __meta_kubernetes_ingress_annotation_prometheus_io_probe
  4133                    action: keep
  4134                    regex: true
  4135                  - source_labels:
  4136                      - __meta_kubernetes_ingress_scheme
  4137                      - __address__
  4138                      - __meta_kubernetes_ingress_path
  4139                    regex: (.+);(.+);(.+)
  4140                    replacement: ${1}://${2}${3}
  4141                    target_label: __param_target
  4142                  - target_label: __address__
  4143                    replacement: blackbox-exporter.example.com:9115
  4144                  - source_labels:
  4145                      - __param_target
  4146                    target_label: app
  4147                  - action: labelmap
  4148                    regex: __meta_kubernetes_ingress_label_(.+)
  4149                  - source_labels:
  4150                      - __meta_kubernetes_namespace
  4151                    target_label: kubernetes_namespace
  4152                  - source_labels:
  4153                      - __meta_kubernetes_ingress_name
  4154                    target_label: kubernetes_name
  4155              - job_name: kubernetes-pods
  4156                kubernetes_sd_configs:
  4157                  - role: pod
  4158                relabel_configs:
  4159                  - source_labels:
  4160                      - __meta_kubernetes_pod_annotation_prometheus_io_scrape
  4161                    action: keep
  4162                    regex: true
  4163                  - source_labels:
  4164                      - __meta_kubernetes_pod_annotation_prometheus_io_path
  4165                    action: replace
  4166                    target_label: __metrics_path__
  4167                    regex: (.+)
  4168                  - source_labels:
  4169                      - __address__
  4170                      - __meta_kubernetes_pod_annotation_prometheus_io_port
  4171                    action: replace
  4172                    regex: ([^:]+)(?::\\d+)?;(\\d+)
  4173                    replacement: $1:$2
  4174                    target_label: __address__
  4175                  - action: labelmap
  4176                    regex: __meta_kubernetes_pod_label_(.+)
  4177                  - source_labels:
  4178                      - __meta_kubernetes_namespace
  4179                    action: replace
  4180                    target_label: kubernetes_namespace
  4181                  - source_labels:
  4182                      - __meta_kubernetes_pod_name
  4183                    action: replace
  4184                    target_label: kubernetes_pod_name
  4185
  4186            """
  4187    }
  4188}
  4189kubernetes: {
  4190    services: {
  4191        prometheus: {
  4192            apiVersion: "v1"
  4193            kind:       "Service"
  4194            metadata: {
  4195                annotations: {
  4196                    "prometheus.io/scrape": "true"
  4197                }
  4198                name: "prometheus"
  4199                labels: {
  4200                    name:      "prometheus"
  4201                    app:       "prometheus"
  4202                    domain:    "prod"
  4203                    component: "mon"
  4204                }
  4205            }
  4206            spec: {
  4207                type: "NodePort"
  4208                selector: {
  4209                    name:      "prometheus"
  4210                    app:       "prometheus"
  4211                    domain:    "prod"
  4212                    component: "mon"
  4213                }
  4214                ports: [{
  4215                    name:     "main"
  4216                    port:     9090
  4217                    nodePort: 30900
  4218                    protocol: "TCP"
  4219                }]
  4220            }
  4221        }
  4222    }
  4223    deployments: {
  4224        prometheus: {
  4225            apiVersion: "extensions/v1beta1"
  4226            kind:       "Deployment"
  4227            metadata: {
  4228                name: "prometheus"
  4229                labels: {
  4230                    component: "mon"
  4231                }
  4232            }
  4233            spec: {
  4234                template: {
  4235                    metadata: {
  4236                        labels: {
  4237                            app:       "prometheus"
  4238                            domain:    "prod"
  4239                            component: "mon"
  4240                        }
  4241                        annotations: {
  4242                            "prometheus.io.scrape": "true"
  4243                        }
  4244                    }
  4245                    spec: {
  4246                        containers: [{
  4247                            name:  "prometheus"
  4248                            image: "prom/prometheus:v2.4.3"
  4249                            args: ["--config.file=/etc/prometheus/prometheus.yml", "--web.external-url=https://prometheus.example.com"]
  4250                            volumeMounts: [{
  4251                                name:      "config-volume"
  4252                                mountPath: "/etc/prometheus"
  4253                            }]
  4254                            ports: [{
  4255                                name:          "web"
  4256                                containerPort: 9090
  4257                            }]
  4258                        }]
  4259                        volumes: [{
  4260                            name: "config-volume"
  4261                        }]
  4262                    }
  4263                }
  4264                selector: {
  4265                    matchLabels: {
  4266                        app: "prometheus"
  4267                    }
  4268                }
  4269                strategy: {
  4270                    type: "RollingUpdate"
  4271                    rollingUpdate: {
  4272                        maxSurge:       0
  4273                        maxUnavailable: 1
  4274                    }
  4275                }
  4276                replicas: 1
  4277            }
  4278        }
  4279    }
  4280    statefulSets: {}
  4281    daemonSets: {}
  4282    configMaps: {
  4283        prometheus: {
  4284            apiVersion: "v1"
  4285            kind:       "ConfigMap"
  4286            metadata: {
  4287                name: "prometheus"
  4288                labels: {
  4289                    component: "mon"
  4290                }
  4291            }
  4292            data: {
  4293                "alert.rules": """
  4294                    groups:
  4295                      - name: rules.yaml
  4296                        rules:
  4297                          - alert: InstanceDown
  4298                            expr: up == 0
  4299                            for: 30s
  4300                            labels:
  4301                              severity: page
  4302                            annotations:
  4303                              description: '{{$labels.app}} of job {{ $labels.job }} has been down for more than 30 seconds.'
  4304                              summary: Instance {{$labels.app}} down
  4305                          - alert: InsufficientPeers
  4306                            expr: count(up{job="etcd"} == 0) > (count(up{job="etcd"}) / 2 - 1)
  4307                            for: 3m
  4308                            labels:
  4309                              severity: page
  4310                            annotations:
  4311                              description: If one more etcd peer goes down the cluster will be unavailable
  4312                              summary: etcd cluster small
  4313                          - alert: EtcdNoMaster
  4314                            expr: sum(etcd_server_has_leader{app="etcd"}) == 0
  4315                            for: 1s
  4316                            labels:
  4317                              severity: page
  4318                            annotations:
  4319                              summary: No ETCD master elected.
  4320                          - alert: PodRestart
  4321                            expr: (max_over_time(pod_container_status_restarts_total[5m]) - min_over_time(pod_container_status_restarts_total[5m])) > 2
  4322                            for: 1m
  4323                            labels:
  4324                              severity: page
  4325                            annotations:
  4326                              description: '{{$labels.app}} {{ $labels.container }} resturted {{ $value }} times in 5m.'
  4327                              summary: Pod for {{$labels.container}} restarts too often
  4328
  4329                    """
  4330                "prometheus.yml": """
  4331                    global:
  4332                      scrape_interval: 15s
  4333                    rule_files:
  4334                      - /etc/prometheus/alert.rules
  4335                    alerting:
  4336                      alertmanagers:
  4337                        - scheme: http
  4338                          static_configs:
  4339                            - targets:
  4340                                - alertmanager:9093
  4341                    scrape_configs:
  4342                      - job_name: kubernetes-apiservers
  4343                        kubernetes_sd_configs:
  4344                          - role: endpoints
  4345                        scheme: https
  4346                        tls_config:
  4347                          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
  4348                        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  4349                        relabel_configs:
  4350                          - source_labels:
  4351                              - __meta_kubernetes_namespace
  4352                              - __meta_kubernetes_service_name
  4353                              - __meta_kubernetes_endpoint_port_name
  4354                            action: keep
  4355                            regex: default;kubernetes;https
  4356                      - job_name: kubernetes-nodes
  4357                        scheme: https
  4358                        tls_config:
  4359                          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
  4360                        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  4361                        kubernetes_sd_configs:
  4362                          - role: node
  4363                        relabel_configs:
  4364                          - action: labelmap
  4365                            regex: __meta_kubernetes_node_label_(.+)
  4366                          - target_label: __address__
  4367                            replacement: kubernetes.default.svc:443
  4368                          - source_labels:
  4369                              - __meta_kubernetes_node_name
  4370                            regex: (.+)
  4371                            target_label: __metrics_path__
  4372                            replacement: /api/v1/nodes/${1}/proxy/metrics
  4373                      - job_name: kubernetes-cadvisor
  4374                        scheme: https
  4375                        tls_config:
  4376                          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
  4377                        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  4378                        kubernetes_sd_configs:
  4379                          - role: node
  4380                        relabel_configs:
  4381                          - action: labelmap
  4382                            regex: __meta_kubernetes_node_label_(.+)
  4383                          - target_label: __address__
  4384                            replacement: kubernetes.default.svc:443
  4385                          - source_labels:
  4386                              - __meta_kubernetes_node_name
  4387                            regex: (.+)
  4388                            target_label: __metrics_path__
  4389                            replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
  4390                      - job_name: kubernetes-service-endpoints
  4391                        kubernetes_sd_configs:
  4392                          - role: endpoints
  4393                        relabel_configs:
  4394                          - source_labels:
  4395                              - __meta_kubernetes_service_annotation_prometheus_io_scrape
  4396                            action: keep
  4397                            regex: true
  4398                          - source_labels:
  4399                              - __meta_kubernetes_service_annotation_prometheus_io_scheme
  4400                            action: replace
  4401                            target_label: __scheme__
  4402                            regex: (https?)
  4403                          - source_labels:
  4404                              - __meta_kubernetes_service_annotation_prometheus_io_path
  4405                            action: replace
  4406                            target_label: __metrics_path__
  4407                            regex: (.+)
  4408                          - source_labels:
  4409                              - __address__
  4410                              - __meta_kubernetes_service_annotation_prometheus_io_port
  4411                            action: replace
  4412                            target_label: __address__
  4413                            regex: ([^:]+)(?::\\d+)?;(\\d+)
  4414                            replacement: $1:$2
  4415                          - action: labelmap
  4416                            regex: __meta_kubernetes_service_label_(.+)
  4417                          - source_labels:
  4418                              - __meta_kubernetes_namespace
  4419                            action: replace
  4420                            target_label: kubernetes_namespace
  4421                          - source_labels:
  4422                              - __meta_kubernetes_service_name
  4423                            action: replace
  4424                            target_label: kubernetes_name
  4425                      - job_name: kubernetes-services
  4426                        metrics_path: /probe
  4427                        params:
  4428                          module:
  4429                            - http_2xx
  4430                        kubernetes_sd_configs:
  4431                          - role: service
  4432                        relabel_configs:
  4433                          - source_labels:
  4434                              - __meta_kubernetes_service_annotation_prometheus_io_probe
  4435                            action: keep
  4436                            regex: true
  4437                          - source_labels:
  4438                              - __address__
  4439                            target_label: __param_target
  4440                          - target_label: __address__
  4441                            replacement: blackbox-exporter.example.com:9115
  4442                          - source_labels:
  4443                              - __param_target
  4444                            target_label: app
  4445                          - action: labelmap
  4446                            regex: __meta_kubernetes_service_label_(.+)
  4447                          - source_labels:
  4448                              - __meta_kubernetes_namespace
  4449                            target_label: kubernetes_namespace
  4450                          - source_labels:
  4451                              - __meta_kubernetes_service_name
  4452                            target_label: kubernetes_name
  4453                      - job_name: kubernetes-ingresses
  4454                        metrics_path: /probe
  4455                        params:
  4456                          module:
  4457                            - http_2xx
  4458                        kubernetes_sd_configs:
  4459                          - role: ingress
  4460                        relabel_configs:
  4461                          - source_labels:
  4462                              - __meta_kubernetes_ingress_annotation_prometheus_io_probe
  4463                            action: keep
  4464                            regex: true
  4465                          - source_labels:
  4466                              - __meta_kubernetes_ingress_scheme
  4467                              - __address__
  4468                              - __meta_kubernetes_ingress_path
  4469                            regex: (.+);(.+);(.+)
  4470                            replacement: ${1}://${2}${3}
  4471                            target_label: __param_target
  4472                          - target_label: __address__
  4473                            replacement: blackbox-exporter.example.com:9115
  4474                          - source_labels:
  4475                              - __param_target
  4476                            target_label: app
  4477                          - action: labelmap
  4478                            regex: __meta_kubernetes_ingress_label_(.+)
  4479                          - source_labels:
  4480                              - __meta_kubernetes_namespace
  4481                            target_label: kubernetes_namespace
  4482                          - source_labels:
  4483                              - __meta_kubernetes_ingress_name
  4484                            target_label: kubernetes_name
  4485                      - job_name: kubernetes-pods
  4486                        kubernetes_sd_configs:
  4487                          - role: pod
  4488                        relabel_configs:
  4489                          - source_labels:
  4490                              - __meta_kubernetes_pod_annotation_prometheus_io_scrape
  4491                            action: keep
  4492                            regex: true
  4493                          - source_labels:
  4494                              - __meta_kubernetes_pod_annotation_prometheus_io_path
  4495                            action: replace
  4496                            target_label: __metrics_path__
  4497                            regex: (.+)
  4498                          - source_labels:
  4499                              - __address__
  4500                              - __meta_kubernetes_pod_annotation_prometheus_io_port
  4501                            action: replace
  4502                            regex: ([^:]+)(?::\\d+)?;(\\d+)
  4503                            replacement: $1:$2
  4504                            target_label: __address__
  4505                          - action: labelmap
  4506                            regex: __meta_kubernetes_pod_label_(.+)
  4507                          - source_labels:
  4508                              - __meta_kubernetes_namespace
  4509                            action: replace
  4510                            target_label: kubernetes_namespace
  4511                          - source_labels:
  4512                              - __meta_kubernetes_pod_name
  4513                            action: replace
  4514                            target_label: kubernetes_pod_name
  4515
  4516                    """
  4517            }
  4518        }
  4519    }
  4520}
  4521deployment: {}
  4522service: {}
  4523configMap: {}
  4524kubernetes: {
  4525    services: {}
  4526    deployments: {}
  4527    statefulSets: {}
  4528    daemonSets: {}
  4529    configMaps: {}
  4530}
  4531deployment: {
  4532    authproxy: {
  4533        name:     "authproxy"
  4534        kind:     "deployment"
  4535        replicas: 1
  4536        image:    "skippy/oauth2_proxy:2.0.1"
  4537        args: ["--config=/etc/authproxy/authproxy.cfg"]
  4538        expose: {
  4539            port: {
  4540                client: 4180
  4541            }
  4542        }
  4543        port: {}
  4544        arg: {}
  4545        env: {}
  4546        volume: {
  4547            "config-volume": {
  4548                name:      "config-volume"
  4549                mountPath: "/etc/authproxy"
  4550                subPath:   null
  4551                readOnly:  false
  4552                spec: {
  4553                    configMap: {
  4554                        name: "authproxy"
  4555                    }
  4556                }
  4557                kubernetes: {}
  4558            }
  4559        }
  4560        label: {
  4561            app:       "authproxy"
  4562            domain:    "prod"
  4563            component: "proxy"
  4564        }
  4565        kubernetes: {}
  4566        envSpec: {}
  4567    }
  4568}
  4569service: {
  4570    authproxy: {
  4571        name: "authproxy"
  4572        port: {
  4573            client: {
  4574                name:     "client"
  4575                port:     4180
  4576                protocol: "TCP"
  4577            }
  4578        }
  4579        label: {
  4580            app:       "authproxy"
  4581            domain:    "prod"
  4582            component: "proxy"
  4583        }
  4584        kubernetes: {}
  4585    }
  4586}
  4587configMap: {
  4588    authproxy: {
  4589        "authproxy.cfg": """
  4590            # Google Auth Proxy Config File
  4591            ## https://github.com/bitly/google_auth_proxy
  4592
  4593            ## <addr>:<port> to listen on for HTTP clients
  4594            http_address = "0.0.0.0:4180"
  4595
  4596            ## the OAuth Redirect URL.
  4597            redirect_url = "https://auth.example.com/oauth2/callback"
  4598
  4599            ## the http url(s) of the upstream endpoint. If multiple, routing is based on path
  4600            upstreams = [
  4601                # frontend
  4602                "http://frontend-waiter:7080/dpr/",
  4603                "http://frontend-maitred:7080/ui/",
  4604                "http://frontend-maitred:7080/ui",
  4605                "http://frontend-maitred:7080/report/",
  4606                "http://frontend-maitred:7080/report",
  4607                "http://frontend-maitred:7080/static/",
  4608                # kitchen
  4609                "http://kitchen-chef:8080/visit",
  4610                # infrastructure
  4611                "http://download:7080/file/",
  4612                "http://download:7080/archive",
  4613                "http://tasks:7080/tasks",
  4614                "http://tasks:7080/tasks/",
  4615            ]
  4616
  4617            ## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
  4618            pass_basic_auth = true
  4619            request_logging = true
  4620
  4621            ## Google Apps Domains to allow authentication for
  4622            google_apps_domains = [
  4623                "mod.test",
  4624            ]
  4625
  4626            email_domains = [
  4627                "mod.test",
  4628            ]
  4629
  4630            ## The Google OAuth Client ID, Secret
  4631            client_id = "---"
  4632            client_secret = "---"
  4633
  4634            ## Cookie Settings
  4635            ## Secret - the seed string for secure cookies
  4636            ## Domain - optional cookie domain to force cookies to (ie: .yourcompany.com)
  4637            ## Expire - expire timeframe for cookie
  4638            cookie_secret = "won't tell you"
  4639            cookie_domain = ".example.com"
  4640            cookie_https_only = true
  4641            """
  4642    }
  4643}
  4644kubernetes: {
  4645    services: {
  4646        authproxy: {
  4647            apiVersion: "v1"
  4648            kind:       "Service"
  4649            metadata: {
  4650                name: "authproxy"
  4651                labels: {
  4652                    app:       "authproxy"
  4653                    domain:    "prod"
  4654                    component: "proxy"
  4655                }
  4656            }
  4657            spec: {
  4658                selector: {
  4659                    app:       "authproxy"
  4660                    domain:    "prod"
  4661                    component: "proxy"
  4662                }
  4663                ports: [{
  4664                    name:     "client"
  4665                    port:     4180
  4666                    protocol: "TCP"
  4667                }]
  4668            }
  4669        }
  4670    }
  4671    deployments: {
  4672        authproxy: {
  4673            apiVersion: "extensions/v1beta1"
  4674            kind:       "Deployment"
  4675            metadata: {
  4676                name: "authproxy"
  4677                labels: {
  4678                    component: "proxy"
  4679                }
  4680            }
  4681            spec: {
  4682                template: {
  4683                    metadata: {
  4684                        labels: {
  4685                            app:       "authproxy"
  4686                            domain:    "prod"
  4687                            component: "proxy"
  4688                        }
  4689                    }
  4690                    spec: {
  4691                        containers: [{
  4692                            name:  "authproxy"
  4693                            image: "skippy/oauth2_proxy:2.0.1"
  4694                            args: ["--config=/etc/authproxy/authproxy.cfg"]
  4695                            volumeMounts: [{
  4696                                name:      "config-volume"
  4697                                mountPath: "/etc/authproxy"
  4698                            }]
  4699                            ports: [{
  4700                                name:          "client"
  4701                                containerPort: 4180
  4702                            }]
  4703                        }]
  4704                        volumes: [{
  4705                            name: "config-volume"
  4706                        }]
  4707                    }
  4708                }
  4709                replicas: 1
  4710            }
  4711        }
  4712    }
  4713    statefulSets: {}
  4714    daemonSets: {}
  4715    configMaps: {
  4716        authproxy: {
  4717            apiVersion: "v1"
  4718            kind:       "ConfigMap"
  4719            metadata: {
  4720                name: "authproxy"
  4721                labels: {
  4722                    component: "proxy"
  4723                }
  4724            }
  4725            data: {
  4726                "authproxy.cfg": """
  4727                    # Google Auth Proxy Config File
  4728                    ## https://github.com/bitly/google_auth_proxy
  4729
  4730                    ## <addr>:<port> to listen on for HTTP clients
  4731                    http_address = "0.0.0.0:4180"
  4732
  4733                    ## the OAuth Redirect URL.
  4734                    redirect_url = "https://auth.example.com/oauth2/callback"
  4735
  4736                    ## the http url(s) of the upstream endpoint. If multiple, routing is based on path
  4737                    upstreams = [
  4738                        # frontend
  4739                        "http://frontend-waiter:7080/dpr/",
  4740                        "http://frontend-maitred:7080/ui/",
  4741                        "http://frontend-maitred:7080/ui",
  4742                        "http://frontend-maitred:7080/report/",
  4743                        "http://frontend-maitred:7080/report",
  4744                        "http://frontend-maitred:7080/static/",
  4745                        # kitchen
  4746                        "http://kitchen-chef:8080/visit",
  4747                        # infrastructure
  4748                        "http://download:7080/file/",
  4749                        "http://download:7080/archive",
  4750                        "http://tasks:7080/tasks",
  4751                        "http://tasks:7080/tasks/",
  4752                    ]
  4753
  4754                    ## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
  4755                    pass_basic_auth = true
  4756                    request_logging = true
  4757
  4758                    ## Google Apps Domains to allow authentication for
  4759                    google_apps_domains = [
  4760                        "mod.test",
  4761                    ]
  4762
  4763                    email_domains = [
  4764                        "mod.test",
  4765                    ]
  4766
  4767                    ## The Google OAuth Client ID, Secret
  4768                    client_id = "---"
  4769                    client_secret = "---"
  4770
  4771                    ## Cookie Settings
  4772                    ## Secret - the seed string for secure cookies
  4773                    ## Domain - optional cookie domain to force cookies to (ie: .yourcompany.com)
  4774                    ## Expire - expire timeframe for cookie
  4775                    cookie_secret = "won't tell you"
  4776                    cookie_domain = ".example.com"
  4777                    cookie_https_only = true
  4778                    """
  4779            }
  4780        }
  4781    }
  4782}
  4783deployment: {
  4784    goget: {
  4785        name:     "goget"
  4786        kind:     "deployment"
  4787        replicas: 1
  4788        image:    "gcr.io/myproj/goget:v0.5.1"
  4789        expose: {
  4790            port: {
  4791                https: 7443
  4792            }
  4793        }
  4794        port: {}
  4795        arg: {}
  4796        args: []
  4797        env: {}
  4798        volume: {
  4799            "secret-volume": {
  4800                name:      "secret-volume"
  4801                mountPath: "/etc/ssl"
  4802                subPath:   null
  4803                readOnly:  false
  4804                spec: {
  4805                    secret: {
  4806                        secretName: "goget-secrets"
  4807                    }
  4808                }
  4809                kubernetes: {}
  4810            }
  4811        }
  4812        label: {
  4813            app:       "goget"
  4814            domain:    "prod"
  4815            component: "proxy"
  4816        }
  4817        kubernetes: {}
  4818        envSpec: {}
  4819    }
  4820}
  4821service: {
  4822    goget: {
  4823        name: "goget"
  4824        port: {
  4825            http: {
  4826                name:     "http"
  4827                port:     443
  4828                protocol: "TCP"
  4829            }
  4830            https: {
  4831                name:     "https"
  4832                port:     7443
  4833                protocol: "TCP"
  4834            }
  4835        }
  4836        kubernetes: {
  4837            spec: {
  4838                type:           "LoadBalancer"
  4839                loadBalancerIP: "1.3.5.7"
  4840            }
  4841        }
  4842        label: {
  4843            app:       "goget"
  4844            domain:    "prod"
  4845            component: "proxy"
  4846        }
  4847    }
  4848}
  4849configMap: {}
  4850kubernetes: {
  4851    services: {
  4852        goget: {
  4853            apiVersion: "v1"
  4854            kind:       "Service"
  4855            spec: {
  4856                type: "LoadBalancer"
  4857                selector: {
  4858                    app:       "goget"
  4859                    domain:    "prod"
  4860                    component: "proxy"
  4861                }
  4862                ports: [{
  4863                    name:     "http"
  4864                    port:     443
  4865                    protocol: "TCP"
  4866                }, {
  4867                    name:     "https"
  4868                    port:     7443
  4869                    protocol: "TCP"
  4870                }]
  4871                loadBalancerIP: "1.3.5.7"
  4872            }
  4873            metadata: {
  4874                name: "goget"
  4875                labels: {
  4876                    app:       "goget"
  4877                    domain:    "prod"
  4878                    component: "proxy"
  4879                }
  4880            }
  4881        }
  4882    }
  4883    deployments: {
  4884        goget: {
  4885            apiVersion: "extensions/v1beta1"
  4886            kind:       "Deployment"
  4887            metadata: {
  4888                name: "goget"
  4889                labels: {
  4890                    component: "proxy"
  4891                }
  4892            }
  4893            spec: {
  4894                template: {
  4895                    metadata: {
  4896                        labels: {
  4897                            app:       "goget"
  4898                            domain:    "prod"
  4899                            component: "proxy"
  4900                        }
  4901                    }
  4902                    spec: {
  4903                        containers: [{
  4904                            name:  "goget"
  4905                            image: "gcr.io/myproj/goget:v0.5.1"
  4906                            args: []
  4907                            volumeMounts: [{
  4908                                name:      "secret-volume"
  4909                                mountPath: "/etc/ssl"
  4910                            }]
  4911                            ports: [{
  4912                                name:          "https"
  4913                                containerPort: 7443
  4914                            }]
  4915                        }]
  4916                        volumes: [{
  4917                            name: "secret-volume"
  4918                        }]
  4919                    }
  4920                }
  4921                replicas: 1
  4922            }
  4923        }
  4924    }
  4925    statefulSets: {}
  4926    daemonSets: {}
  4927    configMaps: {}
  4928}
  4929deployment: {
  4930    nginx: {
  4931        name:     "nginx"
  4932        kind:     "deployment"
  4933        replicas: 1
  4934        image:    "nginx:1.11.10-alpine"
  4935        expose: {
  4936            port: {
  4937                http:  80
  4938                https: 443
  4939            }
  4940        }
  4941        port: {}
  4942        arg: {}
  4943        args: []
  4944        env: {}
  4945        volume: {
  4946            "secret-volume": {
  4947                name:      "secret-volume"
  4948                mountPath: "/etc/ssl"
  4949                subPath:   null
  4950                readOnly:  false
  4951                spec: {
  4952                    secret: {
  4953                        secretName: "proxy-secrets"
  4954                    }
  4955                }
  4956                kubernetes: {}
  4957            }
  4958            "config-volume": {
  4959                name:      "config-volume"
  4960                mountPath: "/etc/nginx/nginx.conf"
  4961                subPath:   "nginx.conf"
  4962                readOnly:  false
  4963                spec: {
  4964                    configMap: {
  4965                        name: "nginx"
  4966                    }
  4967                }
  4968                kubernetes: {}
  4969            }
  4970        }
  4971        label: {
  4972            app:       "nginx"
  4973            domain:    "prod"
  4974            component: "proxy"
  4975        }
  4976        kubernetes: {}
  4977        envSpec: {}
  4978    }
  4979}
  4980service: {
  4981    nginx: {
  4982        name: "nginx"
  4983        port: {
  4984            http: {
  4985                name:     "http"
  4986                port:     80
  4987                protocol: "TCP"
  4988            }
  4989            https: {
  4990                name:     "https"
  4991                port:     443
  4992                protocol: "TCP"
  4993            }
  4994        }
  4995        kubernetes: {
  4996            spec: {
  4997                type:           "LoadBalancer"
  4998                loadBalancerIP: "1.3.4.5"
  4999            }
  5000        }
  5001        label: {
  5002            app:       "nginx"
  5003            domain:    "prod"
  5004            component: "proxy"
  5005        }
  5006    }
  5007}
  5008configMap: {
  5009    nginx: {
  5010        "nginx.conf": """
  5011            events {
  5012                worker_connections 768;
  5013            }
  5014            http {
  5015                sendfile on;
  5016                tcp_nopush on;
  5017                tcp_nodelay on;
  5018                # needs to be high for some download jobs.
  5019                keepalive_timeout 400;
  5020                # proxy_connect_timeout  300;
  5021                proxy_send_timeout       300;
  5022                proxy_read_timeout       300;
  5023                send_timeout             300;
  5024
  5025                types_hash_max_size 2048;
  5026
  5027                include /etc/nginx/mime.types;
  5028                default_type application/octet-stream;
  5029
  5030                access_log /dev/stdout;
  5031                error_log  /dev/stdout;
  5032
  5033                # Disable POST body size constraints. We often deal with large
  5034                # files. Especially docker containers may be large.
  5035                client_max_body_size 0;
  5036
  5037                upstream goget {
  5038                    server localhost:7070;
  5039                }
  5040
  5041                # Redirect incoming Google Cloud Storage notifications:
  5042               server {
  5043                    listen 443 ssl;
  5044                    server_name notify.example.com notify2.example.com;
  5045
  5046                    ssl_certificate /etc/ssl/server.crt;
  5047                    ssl_certificate_key /etc/ssl/server.key;
  5048
  5049                    # Security enhancements to deal with poodles and the like.
  5050                    # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  5051                    # ssl_ciphers 'AES256+EECDH:AES256+EDH';
  5052                    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  5053
  5054                    # We don't like poodles.
  5055                    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  5056                    ssl_session_cache shared:SSL:10m;
  5057
  5058                    # Enable Forward secrecy.
  5059                    ssl_dhparam /etc/ssl/dhparam.pem;
  5060                    ssl_prefer_server_ciphers on;
  5061
  5062                    # Enable HTST.
  5063                    add_header Strict-Transport-Security max-age=1209600;
  5064
  5065                    # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
  5066                    chunked_transfer_encoding on;
  5067
  5068                    location / {
  5069                        proxy_pass http://tasks:7080;
  5070                        proxy_connect_timeout 1;
  5071                    }
  5072                }
  5073
  5074                server {
  5075                    listen 80;
  5076                    listen 443 ssl;
  5077                    server_name x.example.com example.io;
  5078
  5079                    location ~ "(/[^/]+)(/.*)?" {
  5080                        set $myhost $host;
  5081                        if ($arg_go-get = "1") {
  5082                            set $myhost "goget";
  5083                        }
  5084                        proxy_pass http://$myhost$1;
  5085                        proxy_set_header Host $host;
  5086                        proxy_set_header X-Real-IP $remote_addr;
  5087                        proxy_set_header X-Scheme $scheme;
  5088                        proxy_connect_timeout 1;
  5089                    }
  5090
  5091                    location / {
  5092                        set $myhost $host;
  5093                        if ($arg_go-get = "1") {
  5094                            set $myhost "goget";
  5095                        }
  5096                        proxy_pass http://$myhost;
  5097                        proxy_set_header Host $host;
  5098                        proxy_set_header X-Real-IP $remote_addr;
  5099                        proxy_set_header X-Scheme $scheme;
  5100                        proxy_connect_timeout 1;
  5101                    }
  5102                }
  5103
  5104                server {
  5105                    listen 80;
  5106                    server_name www.example.com w.example.com;
  5107
  5108                    resolver 8.8.8.8;
  5109
  5110                    location / {
  5111                        proxy_set_header X-Forwarded-Host $host;
  5112                        proxy_set_header X-Forwarded-Server $host;
  5113                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  5114                        proxy_set_header X-Real-IP $remote_addr;
  5115
  5116                        proxy_pass http://$host.default.example.appspot.com/$request_uri;
  5117                        proxy_redirect http://$host.default.example.appspot.com/ /;
  5118                    }
  5119                }
  5120
  5121                # Kubernetes URI space. Maps URIs paths to specific servers using the
  5122                # proxy.
  5123                server {
  5124                    listen 80;
  5125                    listen 443 ssl;
  5126                    server_name proxy.example.com;
  5127
  5128                    ssl_certificate /etc/ssl/server.crt;
  5129                    ssl_certificate_key /etc/ssl/server.key;
  5130
  5131                    # Security enhancements to deal with poodles and the like.
  5132                    # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  5133                    # ssl_ciphers 'AES256+EECDH:AES256+EDH';
  5134                    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  5135
  5136                    # We don't like poodles.
  5137                    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  5138                    ssl_session_cache shared:SSL:10m;
  5139
  5140                    # Enable Forward secrecy.
  5141                    ssl_dhparam /etc/ssl/dhparam.pem;
  5142                    ssl_prefer_server_ciphers on;
  5143
  5144                    # Enable HTST.
  5145                    add_header Strict-Transport-Security max-age=1209600;
  5146
  5147                    if ($ssl_protocol = "") {
  5148                        rewrite ^   https://$host$request_uri? permanent;
  5149                    }
  5150
  5151                    # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
  5152                    chunked_transfer_encoding on;
  5153
  5154                    location / {
  5155                        proxy_pass http://kubeproxy:4180;
  5156                        proxy_set_header Host $host;
  5157                        proxy_set_header X-Real-IP $remote_addr;
  5158                        proxy_set_header X-Scheme $scheme;
  5159                        proxy_connect_timeout 1;
  5160                    }
  5161                }
  5162
  5163                server {
  5164                    # We could add the following line and the connection would still be SSL,
  5165                    # but it doesn't appear to be necessary. Seems saver this way.
  5166                    listen 80;
  5167                    listen 443 default ssl;
  5168                    server_name ~^(?<sub>.*)\\.example\\.com$;
  5169
  5170                    ssl_certificate /etc/ssl/server.crt;
  5171                    ssl_certificate_key /etc/ssl/server.key;
  5172
  5173                    # Security enhancements to deal with poodles and the like.
  5174                    # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  5175                    # ssl_ciphers 'AES256+EECDH:AES256+EDH';
  5176                    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  5177
  5178                    # We don't like poodles.
  5179                    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  5180                    ssl_session_cache shared:SSL:10m;
  5181
  5182                    # Enable Forward secrecy.
  5183                    ssl_dhparam /etc/ssl/dhparam.pem;
  5184                    ssl_prefer_server_ciphers on;
  5185
  5186                    # Enable HTST.
  5187                    add_header Strict-Transport-Security max-age=1209600;
  5188
  5189                    if ($ssl_protocol = "") {
  5190                        rewrite ^   https://$host$request_uri? permanent;
  5191                    }
  5192
  5193                    # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
  5194                    chunked_transfer_encoding on;
  5195
  5196                    location / {
  5197                        proxy_pass http://authproxy:4180;
  5198                        proxy_set_header Host $host;
  5199                        proxy_set_header X-Real-IP $remote_addr;
  5200                        proxy_set_header X-Scheme $scheme;
  5201                        proxy_connect_timeout 1;
  5202                    }
  5203                }
  5204            }
  5205            """
  5206    }
  5207}
  5208kubernetes: {
  5209    services: {
  5210        nginx: {
  5211            apiVersion: "v1"
  5212            kind:       "Service"
  5213            spec: {
  5214                type: "LoadBalancer"
  5215                selector: {
  5216                    app:       "nginx"
  5217                    domain:    "prod"
  5218                    component: "proxy"
  5219                }
  5220                ports: [{
  5221                    name:     "http"
  5222                    port:     80
  5223                    protocol: "TCP"
  5224                }, {
  5225                    name:     "https"
  5226                    port:     443
  5227                    protocol: "TCP"
  5228                }]
  5229                loadBalancerIP: "1.3.4.5"
  5230            }
  5231            metadata: {
  5232                name: "nginx"
  5233                labels: {
  5234                    app:       "nginx"
  5235                    domain:    "prod"
  5236                    component: "proxy"
  5237                }
  5238            }
  5239        }
  5240    }
  5241    deployments: {
  5242        nginx: {
  5243            apiVersion: "extensions/v1beta1"
  5244            kind:       "Deployment"
  5245            metadata: {
  5246                name: "nginx"
  5247                labels: {
  5248                    component: "proxy"
  5249                }
  5250            }
  5251            spec: {
  5252                template: {
  5253                    metadata: {
  5254                        labels: {
  5255                            app:       "nginx"
  5256                            domain:    "prod"
  5257                            component: "proxy"
  5258                        }
  5259                    }
  5260                    spec: {
  5261                        containers: [{
  5262                            name:  "nginx"
  5263                            image: "nginx:1.11.10-alpine"
  5264                            args: []
  5265                            volumeMounts: [{
  5266                                name:      "secret-volume"
  5267                                mountPath: "/etc/ssl"
  5268                            }, {
  5269                                name:      "config-volume"
  5270                                subPath:   "nginx.conf"
  5271                                mountPath: "/etc/nginx/nginx.conf"
  5272                            }]
  5273                            ports: [{
  5274                                name:          "http"
  5275                                containerPort: 80
  5276                            }, {
  5277                                name:          "https"
  5278                                containerPort: 443
  5279                            }]
  5280                        }]
  5281                        volumes: [{
  5282                            name: "secret-volume"
  5283                        }, {
  5284                            name: "config-volume"
  5285                        }]
  5286                    }
  5287                }
  5288                replicas: 1
  5289            }
  5290        }
  5291    }
  5292    statefulSets: {}
  5293    daemonSets: {}
  5294    configMaps: {
  5295        nginx: {
  5296            apiVersion: "v1"
  5297            kind:       "ConfigMap"
  5298            metadata: {
  5299                name: "nginx"
  5300                labels: {
  5301                    component: "proxy"
  5302                }
  5303            }
  5304            data: {
  5305                "nginx.conf": """
  5306                    events {
  5307                        worker_connections 768;
  5308                    }
  5309                    http {
  5310                        sendfile on;
  5311                        tcp_nopush on;
  5312                        tcp_nodelay on;
  5313                        # needs to be high for some download jobs.
  5314                        keepalive_timeout 400;
  5315                        # proxy_connect_timeout  300;
  5316                        proxy_send_timeout       300;
  5317                        proxy_read_timeout       300;
  5318                        send_timeout             300;
  5319
  5320                        types_hash_max_size 2048;
  5321
  5322                        include /etc/nginx/mime.types;
  5323                        default_type application/octet-stream;
  5324
  5325                        access_log /dev/stdout;
  5326                        error_log  /dev/stdout;
  5327
  5328                        # Disable POST body size constraints. We often deal with large
  5329                        # files. Especially docker containers may be large.
  5330                        client_max_body_size 0;
  5331
  5332                        upstream goget {
  5333                            server localhost:7070;
  5334                        }
  5335
  5336                        # Redirect incoming Google Cloud Storage notifications:
  5337                       server {
  5338                            listen 443 ssl;
  5339                            server_name notify.example.com notify2.example.com;
  5340
  5341                            ssl_certificate /etc/ssl/server.crt;
  5342                            ssl_certificate_key /etc/ssl/server.key;
  5343
  5344                            # Security enhancements to deal with poodles and the like.
  5345                            # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  5346                            # ssl_ciphers 'AES256+EECDH:AES256+EDH';
  5347                            ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  5348
  5349                            # We don't like poodles.
  5350                            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  5351                            ssl_session_cache shared:SSL:10m;
  5352
  5353                            # Enable Forward secrecy.
  5354                            ssl_dhparam /etc/ssl/dhparam.pem;
  5355                            ssl_prefer_server_ciphers on;
  5356
  5357                            # Enable HTST.
  5358                            add_header Strict-Transport-Security max-age=1209600;
  5359
  5360                            # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
  5361                            chunked_transfer_encoding on;
  5362
  5363                            location / {
  5364                                proxy_pass http://tasks:7080;
  5365                                proxy_connect_timeout 1;
  5366                            }
  5367                        }
  5368
  5369                        server {
  5370                            listen 80;
  5371                            listen 443 ssl;
  5372                            server_name x.example.com example.io;
  5373
  5374                            location ~ "(/[^/]+)(/.*)?" {
  5375                                set $myhost $host;
  5376                                if ($arg_go-get = "1") {
  5377                                    set $myhost "goget";
  5378                                }
  5379                                proxy_pass http://$myhost$1;
  5380                                proxy_set_header Host $host;
  5381                                proxy_set_header X-Real-IP $remote_addr;
  5382                                proxy_set_header X-Scheme $scheme;
  5383                                proxy_connect_timeout 1;
  5384                            }
  5385
  5386                            location / {
  5387                                set $myhost $host;
  5388                                if ($arg_go-get = "1") {
  5389                                    set $myhost "goget";
  5390                                }
  5391                                proxy_pass http://$myhost;
  5392                                proxy_set_header Host $host;
  5393                                proxy_set_header X-Real-IP $remote_addr;
  5394                                proxy_set_header X-Scheme $scheme;
  5395                                proxy_connect_timeout 1;
  5396                            }
  5397                        }
  5398
  5399                        server {
  5400                            listen 80;
  5401                            server_name www.example.com w.example.com;
  5402
  5403                            resolver 8.8.8.8;
  5404
  5405                            location / {
  5406                                proxy_set_header X-Forwarded-Host $host;
  5407                                proxy_set_header X-Forwarded-Server $host;
  5408                                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  5409                                proxy_set_header X-Real-IP $remote_addr;
  5410
  5411                                proxy_pass http://$host.default.example.appspot.com/$request_uri;
  5412                                proxy_redirect http://$host.default.example.appspot.com/ /;
  5413                            }
  5414                        }
  5415
  5416                        # Kubernetes URI space. Maps URIs paths to specific servers using the
  5417                        # proxy.
  5418                        server {
  5419                            listen 80;
  5420                            listen 443 ssl;
  5421                            server_name proxy.example.com;
  5422
  5423                            ssl_certificate /etc/ssl/server.crt;
  5424                            ssl_certificate_key /etc/ssl/server.key;
  5425
  5426                            # Security enhancements to deal with poodles and the like.
  5427                            # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  5428                            # ssl_ciphers 'AES256+EECDH:AES256+EDH';
  5429                            ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  5430
  5431                            # We don't like poodles.
  5432                            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  5433                            ssl_session_cache shared:SSL:10m;
  5434
  5435                            # Enable Forward secrecy.
  5436                            ssl_dhparam /etc/ssl/dhparam.pem;
  5437                            ssl_prefer_server_ciphers on;
  5438
  5439                            # Enable HTST.
  5440                            add_header Strict-Transport-Security max-age=1209600;
  5441
  5442                            if ($ssl_protocol = "") {
  5443                                rewrite ^   https://$host$request_uri? permanent;
  5444                            }
  5445
  5446                            # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
  5447                            chunked_transfer_encoding on;
  5448
  5449                            location / {
  5450                                proxy_pass http://kubeproxy:4180;
  5451                                proxy_set_header Host $host;
  5452                                proxy_set_header X-Real-IP $remote_addr;
  5453                                proxy_set_header X-Scheme $scheme;
  5454                                proxy_connect_timeout 1;
  5455                            }
  5456                        }
  5457
  5458                        server {
  5459                            # We could add the following line and the connection would still be SSL,
  5460                            # but it doesn't appear to be necessary. Seems saver this way.
  5461                            listen 80;
  5462                            listen 443 default ssl;
  5463                            server_name ~^(?<sub>.*)\\.example\\.com$;
  5464
  5465                            ssl_certificate /etc/ssl/server.crt;
  5466                            ssl_certificate_key /etc/ssl/server.key;
  5467
  5468                            # Security enhancements to deal with poodles and the like.
  5469                            # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  5470                            # ssl_ciphers 'AES256+EECDH:AES256+EDH';
  5471                            ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  5472
  5473                            # We don't like poodles.
  5474                            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  5475                            ssl_session_cache shared:SSL:10m;
  5476
  5477                            # Enable Forward secrecy.
  5478                            ssl_dhparam /etc/ssl/dhparam.pem;
  5479                            ssl_prefer_server_ciphers on;
  5480
  5481                            # Enable HTST.
  5482                            add_header Strict-Transport-Security max-age=1209600;
  5483
  5484                            if ($ssl_protocol = "") {
  5485                                rewrite ^   https://$host$request_uri? permanent;
  5486                            }
  5487
  5488                            # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
  5489                            chunked_transfer_encoding on;
  5490
  5491                            location / {
  5492                                proxy_pass http://authproxy:4180;
  5493                                proxy_set_header Host $host;
  5494                                proxy_set_header X-Real-IP $remote_addr;
  5495                                proxy_set_header X-Scheme $scheme;
  5496                                proxy_connect_timeout 1;
  5497                            }
  5498                        }
  5499                    }
  5500                    """
  5501            }
  5502        }
  5503    }
  5504}

View as plain text