1deployment: {}
2service: {}
3configMap: {}
4kubernetes: {
5 services: {}
6 deployments: {}
7 statefulSets: {}
8 daemonSets: {}
9 configMaps: {}
10}
11deployment: {}
12service: {}
13configMap: {}
14kubernetes: {
15 services: {}
16 deployments: {}
17 statefulSets: {}
18 daemonSets: {}
19 configMaps: {}
20}
21deployment: {
22 bartender: {
23 name: "bartender"
24 kind: "deployment"
25 replicas: 1
26 image: "gcr.io/myproj/bartender:v0.1.34"
27 expose: {
28 port: {
29 http: 7080
30 }
31 }
32 port: {}
33 arg: {}
34 args: []
35 env: {}
36 label: {
37 app: "bartender"
38 domain: "prod"
39 component: "frontend"
40 }
41 kubernetes: {
42 spec: {
43 template: {
44 metadata: {
45 annotations: {
46 "prometheus.io.scrape": "true"
47 "prometheus.io.port": "7080"
48 }
49 }
50 }
51 }
52 }
53 envSpec: {}
54 volume: {}
55 }
56}
57service: {
58 bartender: {
59 name: "bartender"
60 port: {
61 http: {
62 name: "http"
63 port: 7080
64 protocol: "TCP"
65 }
66 }
67 label: {
68 app: "bartender"
69 domain: "prod"
70 component: "frontend"
71 }
72 kubernetes: {}
73 }
74}
75configMap: {}
76kubernetes: {
77 services: {
78 bartender: {
79 apiVersion: "v1"
80 kind: "Service"
81 metadata: {
82 name: "bartender"
83 labels: {
84 app: "bartender"
85 domain: "prod"
86 component: "frontend"
87 }
88 }
89 spec: {
90 selector: {
91 app: "bartender"
92 domain: "prod"
93 component: "frontend"
94 }
95 ports: [{
96 name: "http"
97 port: 7080
98 protocol: "TCP"
99 }]
100 }
101 }
102 }
103 deployments: {
104 bartender: {
105 apiVersion: "extensions/v1beta1"
106 kind: "Deployment"
107 metadata: {
108 name: "bartender"
109 labels: {
110 component: "frontend"
111 }
112 }
113 spec: {
114 template: {
115 metadata: {
116 labels: {
117 app: "bartender"
118 domain: "prod"
119 component: "frontend"
120 }
121 annotations: {
122 "prometheus.io.scrape": "true"
123 "prometheus.io.port": "7080"
124 }
125 }
126 spec: {
127 containers: [{
128 name: "bartender"
129 image: "gcr.io/myproj/bartender:v0.1.34"
130 args: []
131 ports: [{
132 name: "http"
133 containerPort: 7080
134 }]
135 }]
136 }
137 }
138 replicas: 1
139 }
140 }
141 }
142 statefulSets: {}
143 daemonSets: {}
144 configMaps: {}
145}
146deployment: {
147 breaddispatcher: {
148 name: "breaddispatcher"
149 kind: "deployment"
150 replicas: 1
151 image: "gcr.io/myproj/breaddispatcher:v0.3.24"
152 expose: {
153 port: {
154 http: 7080
155 }
156 }
157 port: {}
158 arg: {
159 etcd: "etcd:2379"
160 "event-server": "events:7788"
161 }
162 args: ["-etcd=etcd:2379", "-event-server=events:7788"]
163 env: {}
164 label: {
165 app: "breaddispatcher"
166 domain: "prod"
167 component: "frontend"
168 }
169 kubernetes: {
170 spec: {
171 template: {
172 metadata: {
173 annotations: {
174 "prometheus.io.scrape": "true"
175 "prometheus.io.port": "7080"
176 }
177 }
178 }
179 }
180 }
181 envSpec: {}
182 volume: {}
183 }
184}
185service: {
186 breaddispatcher: {
187 name: "breaddispatcher"
188 port: {
189 http: {
190 name: "http"
191 port: 7080
192 protocol: "TCP"
193 }
194 }
195 label: {
196 app: "breaddispatcher"
197 domain: "prod"
198 component: "frontend"
199 }
200 kubernetes: {}
201 }
202}
203configMap: {}
204kubernetes: {
205 services: {
206 breaddispatcher: {
207 apiVersion: "v1"
208 kind: "Service"
209 metadata: {
210 name: "breaddispatcher"
211 labels: {
212 app: "breaddispatcher"
213 domain: "prod"
214 component: "frontend"
215 }
216 }
217 spec: {
218 selector: {
219 app: "breaddispatcher"
220 domain: "prod"
221 component: "frontend"
222 }
223 ports: [{
224 name: "http"
225 port: 7080
226 protocol: "TCP"
227 }]
228 }
229 }
230 }
231 deployments: {
232 breaddispatcher: {
233 apiVersion: "extensions/v1beta1"
234 kind: "Deployment"
235 metadata: {
236 name: "breaddispatcher"
237 labels: {
238 component: "frontend"
239 }
240 }
241 spec: {
242 template: {
243 metadata: {
244 labels: {
245 app: "breaddispatcher"
246 domain: "prod"
247 component: "frontend"
248 }
249 annotations: {
250 "prometheus.io.scrape": "true"
251 "prometheus.io.port": "7080"
252 }
253 }
254 spec: {
255 containers: [{
256 name: "breaddispatcher"
257 image: "gcr.io/myproj/breaddispatcher:v0.3.24"
258 args: ["-etcd=etcd:2379", "-event-server=events:7788"]
259 ports: [{
260 name: "http"
261 containerPort: 7080
262 }]
263 }]
264 }
265 }
266 replicas: 1
267 }
268 }
269 }
270 statefulSets: {}
271 daemonSets: {}
272 configMaps: {}
273}
274deployment: {
275 host: {
276 name: "host"
277 kind: "deployment"
278 replicas: 2
279 image: "gcr.io/myproj/host:v0.1.10"
280 expose: {
281 port: {
282 http: 7080
283 }
284 }
285 port: {}
286 arg: {}
287 args: []
288 env: {}
289 label: {
290 app: "host"
291 domain: "prod"
292 component: "frontend"
293 }
294 kubernetes: {
295 spec: {
296 template: {
297 metadata: {
298 annotations: {
299 "prometheus.io.scrape": "true"
300 "prometheus.io.port": "7080"
301 }
302 }
303 }
304 }
305 }
306 envSpec: {}
307 volume: {}
308 }
309}
310service: {
311 host: {
312 name: "host"
313 port: {
314 http: {
315 name: "http"
316 port: 7080
317 protocol: "TCP"
318 }
319 }
320 label: {
321 app: "host"
322 domain: "prod"
323 component: "frontend"
324 }
325 kubernetes: {}
326 }
327}
328configMap: {}
329kubernetes: {
330 services: {
331 host: {
332 apiVersion: "v1"
333 kind: "Service"
334 metadata: {
335 name: "host"
336 labels: {
337 app: "host"
338 domain: "prod"
339 component: "frontend"
340 }
341 }
342 spec: {
343 selector: {
344 app: "host"
345 domain: "prod"
346 component: "frontend"
347 }
348 ports: [{
349 name: "http"
350 port: 7080
351 protocol: "TCP"
352 }]
353 }
354 }
355 }
356 deployments: {
357 host: {
358 apiVersion: "extensions/v1beta1"
359 kind: "Deployment"
360 metadata: {
361 name: "host"
362 labels: {
363 component: "frontend"
364 }
365 }
366 spec: {
367 template: {
368 metadata: {
369 labels: {
370 app: "host"
371 domain: "prod"
372 component: "frontend"
373 }
374 annotations: {
375 "prometheus.io.scrape": "true"
376 "prometheus.io.port": "7080"
377 }
378 }
379 spec: {
380 containers: [{
381 name: "host"
382 image: "gcr.io/myproj/host:v0.1.10"
383 args: []
384 ports: [{
385 name: "http"
386 containerPort: 7080
387 }]
388 }]
389 }
390 }
391 replicas: 2
392 }
393 }
394 }
395 statefulSets: {}
396 daemonSets: {}
397 configMaps: {}
398}
399deployment: {
400 maitred: {
401 name: "maitred"
402 kind: "deployment"
403 replicas: 1
404 image: "gcr.io/myproj/maitred:v0.0.4"
405 expose: {
406 port: {
407 http: 7080
408 }
409 }
410 port: {}
411 arg: {}
412 args: []
413 env: {}
414 label: {
415 app: "maitred"
416 domain: "prod"
417 component: "frontend"
418 }
419 kubernetes: {
420 spec: {
421 template: {
422 metadata: {
423 annotations: {
424 "prometheus.io.scrape": "true"
425 "prometheus.io.port": "7080"
426 }
427 }
428 }
429 }
430 }
431 envSpec: {}
432 volume: {}
433 }
434}
435service: {
436 maitred: {
437 name: "maitred"
438 port: {
439 http: {
440 name: "http"
441 port: 7080
442 protocol: "TCP"
443 }
444 }
445 label: {
446 app: "maitred"
447 domain: "prod"
448 component: "frontend"
449 }
450 kubernetes: {}
451 }
452}
453configMap: {}
454kubernetes: {
455 services: {
456 maitred: {
457 apiVersion: "v1"
458 kind: "Service"
459 metadata: {
460 name: "maitred"
461 labels: {
462 app: "maitred"
463 domain: "prod"
464 component: "frontend"
465 }
466 }
467 spec: {
468 selector: {
469 app: "maitred"
470 domain: "prod"
471 component: "frontend"
472 }
473 ports: [{
474 name: "http"
475 port: 7080
476 protocol: "TCP"
477 }]
478 }
479 }
480 }
481 deployments: {
482 maitred: {
483 apiVersion: "extensions/v1beta1"
484 kind: "Deployment"
485 metadata: {
486 name: "maitred"
487 labels: {
488 component: "frontend"
489 }
490 }
491 spec: {
492 template: {
493 metadata: {
494 labels: {
495 app: "maitred"
496 domain: "prod"
497 component: "frontend"
498 }
499 annotations: {
500 "prometheus.io.scrape": "true"
501 "prometheus.io.port": "7080"
502 }
503 }
504 spec: {
505 containers: [{
506 name: "maitred"
507 image: "gcr.io/myproj/maitred:v0.0.4"
508 args: []
509 ports: [{
510 name: "http"
511 containerPort: 7080
512 }]
513 }]
514 }
515 }
516 replicas: 1
517 }
518 }
519 }
520 statefulSets: {}
521 daemonSets: {}
522 configMaps: {}
523}
524deployment: {
525 valeter: {
526 name: "valeter"
527 kind: "deployment"
528 replicas: 1
529 image: "gcr.io/myproj/valeter:v0.0.4"
530 arg: {
531 http: ":8080"
532 etcd: "etcd:2379"
533 }
534 expose: {
535 port: {
536 http: 8080
537 }
538 }
539 port: {}
540 args: ["-http=:8080", "-etcd=etcd:2379"]
541 env: {}
542 label: {
543 app: "valeter"
544 domain: "prod"
545 component: "frontend"
546 }
547 kubernetes: {
548 spec: {
549 template: {
550 metadata: {
551 annotations: {
552 "prometheus.io.scrape": "true"
553 "prometheus.io.port": "8080"
554 }
555 }
556 }
557 }
558 }
559 envSpec: {}
560 volume: {}
561 }
562}
563service: {
564 valeter: {
565 name: "valeter"
566 port: {
567 http: {
568 name: "http"
569 port: 8080
570 protocol: "TCP"
571 }
572 }
573 label: {
574 app: "valeter"
575 domain: "prod"
576 component: "frontend"
577 }
578 kubernetes: {}
579 }
580}
581configMap: {}
582kubernetes: {
583 services: {
584 valeter: {
585 apiVersion: "v1"
586 kind: "Service"
587 metadata: {
588 name: "valeter"
589 labels: {
590 app: "valeter"
591 domain: "prod"
592 component: "frontend"
593 }
594 }
595 spec: {
596 selector: {
597 app: "valeter"
598 domain: "prod"
599 component: "frontend"
600 }
601 ports: [{
602 name: "http"
603 port: 8080
604 protocol: "TCP"
605 }]
606 }
607 }
608 }
609 deployments: {
610 valeter: {
611 apiVersion: "extensions/v1beta1"
612 kind: "Deployment"
613 metadata: {
614 name: "valeter"
615 labels: {
616 component: "frontend"
617 }
618 }
619 spec: {
620 template: {
621 metadata: {
622 labels: {
623 app: "valeter"
624 domain: "prod"
625 component: "frontend"
626 }
627 annotations: {
628 "prometheus.io.scrape": "true"
629 "prometheus.io.port": "8080"
630 }
631 }
632 spec: {
633 containers: [{
634 name: "valeter"
635 image: "gcr.io/myproj/valeter:v0.0.4"
636 args: ["-http=:8080", "-etcd=etcd:2379"]
637 ports: [{
638 name: "http"
639 containerPort: 8080
640 }]
641 }]
642 }
643 }
644 replicas: 1
645 }
646 }
647 }
648 statefulSets: {}
649 daemonSets: {}
650 configMaps: {}
651}
652deployment: {
653 waiter: {
654 name: "waiter"
655 kind: "deployment"
656 image: "gcr.io/myproj/waiter:v0.3.0"
657 replicas: 5
658 expose: {
659 port: {
660 http: 7080
661 }
662 }
663 port: {}
664 arg: {}
665 args: []
666 env: {}
667 label: {
668 app: "waiter"
669 domain: "prod"
670 component: "frontend"
671 }
672 kubernetes: {
673 spec: {
674 template: {
675 metadata: {
676 annotations: {
677 "prometheus.io.scrape": "true"
678 "prometheus.io.port": "7080"
679 }
680 }
681 }
682 }
683 }
684 envSpec: {}
685 volume: {}
686 }
687}
688service: {
689 waiter: {
690 name: "waiter"
691 port: {
692 http: {
693 name: "http"
694 port: 7080
695 protocol: "TCP"
696 }
697 }
698 label: {
699 app: "waiter"
700 domain: "prod"
701 component: "frontend"
702 }
703 kubernetes: {}
704 }
705}
706configMap: {}
707kubernetes: {
708 services: {
709 waiter: {
710 apiVersion: "v1"
711 kind: "Service"
712 metadata: {
713 name: "waiter"
714 labels: {
715 app: "waiter"
716 domain: "prod"
717 component: "frontend"
718 }
719 }
720 spec: {
721 selector: {
722 app: "waiter"
723 domain: "prod"
724 component: "frontend"
725 }
726 ports: [{
727 name: "http"
728 port: 7080
729 protocol: "TCP"
730 }]
731 }
732 }
733 }
734 deployments: {
735 waiter: {
736 apiVersion: "extensions/v1beta1"
737 kind: "Deployment"
738 metadata: {
739 name: "waiter"
740 labels: {
741 component: "frontend"
742 }
743 }
744 spec: {
745 template: {
746 metadata: {
747 labels: {
748 app: "waiter"
749 domain: "prod"
750 component: "frontend"
751 }
752 annotations: {
753 "prometheus.io.scrape": "true"
754 "prometheus.io.port": "7080"
755 }
756 }
757 spec: {
758 containers: [{
759 name: "waiter"
760 image: "gcr.io/myproj/waiter:v0.3.0"
761 args: []
762 ports: [{
763 name: "http"
764 containerPort: 7080
765 }]
766 }]
767 }
768 }
769 replicas: 5
770 }
771 }
772 }
773 statefulSets: {}
774 daemonSets: {}
775 configMaps: {}
776}
777deployment: {
778 waterdispatcher: {
779 name: "waterdispatcher"
780 kind: "deployment"
781 replicas: 1
782 image: "gcr.io/myproj/waterdispatcher:v0.0.48"
783 expose: {
784 port: {
785 http: 7080
786 }
787 }
788 port: {}
789 arg: {
790 http: ":8080"
791 etcd: "etcd:2379"
792 }
793 args: ["-http=:8080", "-etcd=etcd:2379"]
794 env: {}
795 label: {
796 app: "waterdispatcher"
797 domain: "prod"
798 component: "frontend"
799 }
800 kubernetes: {
801 spec: {
802 template: {
803 metadata: {
804 annotations: {
805 "prometheus.io.scrape": "true"
806 "prometheus.io.port": "7080"
807 }
808 }
809 }
810 }
811 }
812 envSpec: {}
813 volume: {}
814 }
815}
816service: {
817 waterdispatcher: {
818 name: "waterdispatcher"
819 port: {
820 http: {
821 name: "http"
822 port: 7080
823 protocol: "TCP"
824 }
825 }
826 label: {
827 app: "waterdispatcher"
828 domain: "prod"
829 component: "frontend"
830 }
831 kubernetes: {}
832 }
833}
834configMap: {}
835kubernetes: {
836 services: {
837 waterdispatcher: {
838 apiVersion: "v1"
839 kind: "Service"
840 metadata: {
841 name: "waterdispatcher"
842 labels: {
843 app: "waterdispatcher"
844 domain: "prod"
845 component: "frontend"
846 }
847 }
848 spec: {
849 selector: {
850 app: "waterdispatcher"
851 domain: "prod"
852 component: "frontend"
853 }
854 ports: [{
855 name: "http"
856 port: 7080
857 protocol: "TCP"
858 }]
859 }
860 }
861 }
862 deployments: {
863 waterdispatcher: {
864 apiVersion: "extensions/v1beta1"
865 kind: "Deployment"
866 metadata: {
867 name: "waterdispatcher"
868 labels: {
869 component: "frontend"
870 }
871 }
872 spec: {
873 template: {
874 metadata: {
875 labels: {
876 app: "waterdispatcher"
877 domain: "prod"
878 component: "frontend"
879 }
880 annotations: {
881 "prometheus.io.scrape": "true"
882 "prometheus.io.port": "7080"
883 }
884 }
885 spec: {
886 containers: [{
887 name: "waterdispatcher"
888 image: "gcr.io/myproj/waterdispatcher:v0.0.48"
889 args: ["-http=:8080", "-etcd=etcd:2379"]
890 ports: [{
891 name: "http"
892 containerPort: 7080
893 }]
894 }]
895 }
896 }
897 replicas: 1
898 }
899 }
900 }
901 statefulSets: {}
902 daemonSets: {}
903 configMaps: {}
904}
905deployment: {}
906service: {}
907configMap: {}
908kubernetes: {
909 services: {}
910 deployments: {}
911 statefulSets: {}
912 daemonSets: {}
913 configMaps: {}
914}
915deployment: {
916 download: {
917 name: "download"
918 kind: "deployment"
919 replicas: 1
920 image: "gcr.io/myproj/download:v0.0.2"
921 expose: {
922 port: {
923 client: 7080
924 }
925 }
926 port: {}
927 arg: {}
928 args: []
929 env: {}
930 label: {
931 app: "download"
932 domain: "prod"
933 component: "infra"
934 }
935 kubernetes: {}
936 envSpec: {}
937 volume: {}
938 }
939}
940service: {
941 download: {
942 name: "download"
943 port: {
944 client: {
945 name: "client"
946 port: 7080
947 protocol: "TCP"
948 }
949 }
950 label: {
951 app: "download"
952 domain: "prod"
953 component: "infra"
954 }
955 kubernetes: {}
956 }
957}
958configMap: {}
959kubernetes: {
960 services: {
961 download: {
962 apiVersion: "v1"
963 kind: "Service"
964 metadata: {
965 name: "download"
966 labels: {
967 app: "download"
968 domain: "prod"
969 component: "infra"
970 }
971 }
972 spec: {
973 selector: {
974 app: "download"
975 domain: "prod"
976 component: "infra"
977 }
978 ports: [{
979 name: "client"
980 port: 7080
981 protocol: "TCP"
982 }]
983 }
984 }
985 }
986 deployments: {
987 download: {
988 apiVersion: "extensions/v1beta1"
989 kind: "Deployment"
990 metadata: {
991 name: "download"
992 labels: {
993 component: "infra"
994 }
995 }
996 spec: {
997 template: {
998 metadata: {
999 labels: {
1000 app: "download"
1001 domain: "prod"
1002 component: "infra"
1003 }
1004 }
1005 spec: {
1006 containers: [{
1007 name: "download"
1008 image: "gcr.io/myproj/download:v0.0.2"
1009 args: []
1010 ports: [{
1011 name: "client"
1012 containerPort: 7080
1013 }]
1014 }]
1015 }
1016 }
1017 replicas: 1
1018 }
1019 }
1020 }
1021 statefulSets: {}
1022 daemonSets: {}
1023 configMaps: {}
1024}
1025deployment: {
1026 etcd: {
1027 name: "etcd"
1028 kind: "stateful"
1029 replicas: 3
1030 image: "quay.io/coreos/etcd:v3.3.10"
1031 kubernetes: {
1032 spec: {
1033 volumeClaimTemplates: [{
1034 metadata: {
1035 name: "etcd3"
1036 annotations: {
1037 "volume.alpha.kubernetes.io/storage-class": "default"
1038 }
1039 }
1040 spec: {
1041 accessModes: ["ReadWriteOnce"]
1042 resources: {
1043 requests: {
1044 storage: "10Gi"
1045 }
1046 }
1047 }
1048 }]
1049 serviceName: "etcd"
1050 template: {
1051 spec: {
1052 containers: [{
1053 command: ["/usr/local/bin/etcd"]
1054 volumeMounts: [{
1055 name: "etcd3"
1056 mountPath: "/data"
1057 }]
1058 livenessProbe: {
1059 httpGet: {
1060 path: "/health"
1061 port: "client"
1062 }
1063 initialDelaySeconds: 30
1064 }
1065 }]
1066 affinity: {
1067 podAntiAffinity: {
1068 requiredDuringSchedulingIgnoredDuringExecution: [{
1069 labelSelector: {
1070 matchExpressions: [{
1071 key: "app"
1072 operator: "In"
1073 values: ["etcd"]
1074 }]
1075 }
1076 topologyKey: "kubernetes.io/hostname"
1077 }]
1078 }
1079 }
1080 terminationGracePeriodSeconds: 10
1081 }
1082 metadata: {
1083 annotations: {
1084 "prometheus.io.port": "2379"
1085 "prometheus.io.scrape": "true"
1086 }
1087 }
1088 }
1089 }
1090 }
1091 arg: {
1092 name: "$(NAME)"
1093 "data-dir": "/data/etcd3"
1094 "initial-advertise-peer-urls": "http://$(IP):2380"
1095 "listen-peer-urls": "http://$(IP):2380"
1096 "listen-client-urls": "http://$(IP):2379,http://127.0.0.1:2379"
1097 "advertise-client-urls": "http://$(IP):2379"
1098 discovery: "https://discovery.etcd.io/xxxxxx"
1099 }
1100 env: {
1101 ETCDCTL_API: "3"
1102 ETCD_AUTO_COMPACTION_RETENTION: "4"
1103 }
1104 envSpec: {
1105 NAME: {
1106 valueFrom: {
1107 fieldRef: {
1108 fieldPath: "metadata.name"
1109 }
1110 }
1111 }
1112 IP: {
1113 valueFrom: {
1114 fieldRef: {
1115 fieldPath: "status.podIP"
1116 }
1117 }
1118 }
1119 ETCDCTL_API: {
1120 value: "3"
1121 }
1122 ETCD_AUTO_COMPACTION_RETENTION: {
1123 value: "4"
1124 }
1125 }
1126 expose: {
1127 port: {
1128 client: 2379
1129 peer: 2380
1130 }
1131 }
1132 port: {}
1133 args: ["-name=$(NAME)", "-data-dir=/data/etcd3", "-initial-advertise-peer-urls=http://$(IP):2380", "-listen-peer-urls=http://$(IP):2380", "-listen-client-urls=http://$(IP):2379,http://127.0.0.1:2379", "-advertise-client-urls=http://$(IP):2379", "-discovery=https://discovery.etcd.io/xxxxxx"]
1134 label: {
1135 app: "etcd"
1136 domain: "prod"
1137 component: "infra"
1138 }
1139 volume: {}
1140 }
1141}
1142service: {
1143 etcd: {
1144 name: "etcd"
1145 port: {
1146 client: {
1147 name: "client"
1148 port: 2379
1149 protocol: "TCP"
1150 }
1151 peer: {
1152 name: "peer"
1153 port: 2380
1154 protocol: "TCP"
1155 }
1156 }
1157 kubernetes: {
1158 spec: {
1159 clusterIP: "None"
1160 }
1161 }
1162 label: {
1163 app: "etcd"
1164 domain: "prod"
1165 component: "infra"
1166 }
1167 }
1168}
1169configMap: {}
1170kubernetes: {
1171 services: {
1172 etcd: {
1173 apiVersion: "v1"
1174 kind: "Service"
1175 spec: {
1176 clusterIP: "None"
1177 selector: {
1178 app: "etcd"
1179 domain: "prod"
1180 component: "infra"
1181 }
1182 ports: [{
1183 name: "client"
1184 port: 2379
1185 protocol: "TCP"
1186 }, {
1187 name: "peer"
1188 port: 2380
1189 protocol: "TCP"
1190 }]
1191 }
1192 metadata: {
1193 name: "etcd"
1194 labels: {
1195 app: "etcd"
1196 domain: "prod"
1197 component: "infra"
1198 }
1199 }
1200 }
1201 }
1202 deployments: {}
1203 statefulSets: {
1204 etcd: {
1205 apiVersion: "apps/v1beta1"
1206 kind: "StatefulSet"
1207 metadata: {
1208 name: "etcd"
1209 labels: {
1210 component: "infra"
1211 }
1212 }
1213 spec: {
1214 volumeClaimTemplates: [{
1215 metadata: {
1216 name: "etcd3"
1217 annotations: {
1218 "volume.alpha.kubernetes.io/storage-class": "default"
1219 }
1220 }
1221 spec: {
1222 accessModes: ["ReadWriteOnce"]
1223 resources: {
1224 requests: {
1225 storage: "10Gi"
1226 }
1227 }
1228 }
1229 }]
1230 serviceName: "etcd"
1231 replicas: 3
1232 template: {
1233 metadata: {
1234 labels: {
1235 app: "etcd"
1236 domain: "prod"
1237 component: "infra"
1238 }
1239 annotations: {
1240 "prometheus.io.port": "2379"
1241 "prometheus.io.scrape": "true"
1242 }
1243 }
1244 spec: {
1245 containers: [{
1246 name: "etcd"
1247 image: "quay.io/coreos/etcd:v3.3.10"
1248 args: ["-name=$(NAME)", "-data-dir=/data/etcd3", "-initial-advertise-peer-urls=http://$(IP):2380", "-listen-peer-urls=http://$(IP):2380", "-listen-client-urls=http://$(IP):2379,http://127.0.0.1:2379", "-advertise-client-urls=http://$(IP):2379", "-discovery=https://discovery.etcd.io/xxxxxx"]
1249 env: [{
1250 name: "NAME"
1251 valueFrom: {
1252 fieldRef: {
1253 fieldPath: "metadata.name"
1254 }
1255 }
1256 }, {
1257 name: "IP"
1258 valueFrom: {
1259 fieldRef: {
1260 fieldPath: "status.podIP"
1261 }
1262 }
1263 }, {
1264 name: "ETCDCTL_API"
1265 value: "3"
1266 }, {
1267 name: "ETCD_AUTO_COMPACTION_RETENTION"
1268 value: "4"
1269 }]
1270 command: ["/usr/local/bin/etcd"]
1271 volumeMounts: [{
1272 name: "etcd3"
1273 mountPath: "/data"
1274 }]
1275 ports: [{
1276 name: "client"
1277 containerPort: 2379
1278 }, {
1279 name: "peer"
1280 containerPort: 2380
1281 }]
1282 livenessProbe: {
1283 httpGet: {
1284 path: "/health"
1285 port: "client"
1286 }
1287 initialDelaySeconds: 30
1288 }
1289 }]
1290 affinity: {
1291 podAntiAffinity: {
1292 requiredDuringSchedulingIgnoredDuringExecution: [{
1293 labelSelector: {
1294 matchExpressions: [{
1295 key: "app"
1296 operator: "In"
1297 values: ["etcd"]
1298 }]
1299 }
1300 topologyKey: "kubernetes.io/hostname"
1301 }]
1302 }
1303 }
1304 terminationGracePeriodSeconds: 10
1305 }
1306 }
1307 }
1308 }
1309 }
1310 daemonSets: {}
1311 configMaps: {}
1312}
1313deployment: {
1314 events: {
1315 name: "events"
1316 kind: "deployment"
1317 replicas: 2
1318 image: "gcr.io/myproj/events:v0.1.31"
1319 arg: {
1320 cert: "/etc/ssl/server.pem"
1321 key: "/etc/ssl/server.key"
1322 grpc: ":7788"
1323 }
1324 port: {
1325 http: 7080
1326 }
1327 expose: {
1328 port: {
1329 grpc: 7788
1330 }
1331 }
1332 args: ["-cert=/etc/ssl/server.pem", "-key=/etc/ssl/server.key", "-grpc=:7788"]
1333 env: {}
1334 volume: {
1335 "secret-volume": {
1336 name: "secret-volume"
1337 mountPath: "/etc/ssl"
1338 subPath: null
1339 readOnly: false
1340 spec: {
1341 secret: {
1342 secretName: "biz-secrets"
1343 }
1344 }
1345 kubernetes: {}
1346 }
1347 }
1348 kubernetes: {
1349 spec: {
1350 template: {
1351 metadata: {
1352 annotations: {
1353 "prometheus.io.port": "7080"
1354 "prometheus.io.scrape": "true"
1355 }
1356 }
1357 spec: {
1358 affinity: {
1359 podAntiAffinity: {
1360 requiredDuringSchedulingIgnoredDuringExecution: [{
1361 labelSelector: {
1362 matchExpressions: [{
1363 key: "app"
1364 operator: "In"
1365 values: ["events"]
1366 }]
1367 }
1368 topologyKey: "kubernetes.io/hostname"
1369 }]
1370 }
1371 }
1372 }
1373 }
1374 }
1375 }
1376 label: {
1377 app: "events"
1378 domain: "prod"
1379 component: "infra"
1380 }
1381 envSpec: {}
1382 }
1383}
1384service: {
1385 events: {
1386 name: "events"
1387 port: {
1388 grpc: {
1389 name: "grpc"
1390 port: 7788
1391 protocol: "TCP"
1392 }
1393 }
1394 label: {
1395 app: "events"
1396 domain: "prod"
1397 component: "infra"
1398 }
1399 kubernetes: {}
1400 }
1401}
1402configMap: {}
1403kubernetes: {
1404 services: {
1405 events: {
1406 apiVersion: "v1"
1407 kind: "Service"
1408 metadata: {
1409 name: "events"
1410 labels: {
1411 app: "events"
1412 domain: "prod"
1413 component: "infra"
1414 }
1415 }
1416 spec: {
1417 selector: {
1418 app: "events"
1419 domain: "prod"
1420 component: "infra"
1421 }
1422 ports: [{
1423 name: "grpc"
1424 port: 7788
1425 protocol: "TCP"
1426 }]
1427 }
1428 }
1429 }
1430 deployments: {
1431 events: {
1432 apiVersion: "extensions/v1beta1"
1433 kind: "Deployment"
1434 metadata: {
1435 name: "events"
1436 labels: {
1437 component: "infra"
1438 }
1439 }
1440 spec: {
1441 template: {
1442 metadata: {
1443 labels: {
1444 app: "events"
1445 domain: "prod"
1446 component: "infra"
1447 }
1448 annotations: {
1449 "prometheus.io.port": "7080"
1450 "prometheus.io.scrape": "true"
1451 }
1452 }
1453 spec: {
1454 containers: [{
1455 name: "events"
1456 image: "gcr.io/myproj/events:v0.1.31"
1457 args: ["-cert=/etc/ssl/server.pem", "-key=/etc/ssl/server.key", "-grpc=:7788"]
1458 volumeMounts: [{
1459 name: "secret-volume"
1460 mountPath: "/etc/ssl"
1461 }]
1462 ports: [{
1463 name: "grpc"
1464 containerPort: 7788
1465 }, {
1466 name: "http"
1467 containerPort: 7080
1468 }]
1469 }]
1470 volumes: [{
1471 name: "secret-volume"
1472 }]
1473 affinity: {
1474 podAntiAffinity: {
1475 requiredDuringSchedulingIgnoredDuringExecution: [{
1476 labelSelector: {
1477 matchExpressions: [{
1478 key: "app"
1479 operator: "In"
1480 values: ["events"]
1481 }]
1482 }
1483 topologyKey: "kubernetes.io/hostname"
1484 }]
1485 }
1486 }
1487 }
1488 }
1489 replicas: 2
1490 }
1491 }
1492 }
1493 statefulSets: {}
1494 daemonSets: {}
1495 configMaps: {}
1496}
1497deployment: {
1498 tasks: {
1499 name: "tasks"
1500 kind: "deployment"
1501 replicas: 1
1502 image: "gcr.io/myproj/tasks:v0.2.6"
1503 port: {
1504 http: 7080
1505 }
1506 expose: {
1507 port: {
1508 https: 7443
1509 }
1510 }
1511 arg: {}
1512 args: []
1513 env: {}
1514 volume: {
1515 "secret-volume": {
1516 name: "secret-volume"
1517 mountPath: "/etc/ssl"
1518 subPath: null
1519 readOnly: false
1520 spec: {
1521 secret: {
1522 secretName: "star-example-com-secrets"
1523 }
1524 }
1525 kubernetes: {}
1526 }
1527 }
1528 kubernetes: {
1529 spec: {
1530 template: {
1531 metadata: {
1532 annotations: {
1533 "prometheus.io.port": "7080"
1534 "prometheus.io.scrape": "true"
1535 }
1536 }
1537 }
1538 }
1539 }
1540 label: {
1541 app: "tasks"
1542 domain: "prod"
1543 component: "infra"
1544 }
1545 envSpec: {}
1546 }
1547}
1548service: {
1549 tasks: {
1550 name: "tasks"
1551 port: {
1552 https: {
1553 name: "https"
1554 port: 443
1555 targetPort: 7443
1556 protocol: "TCP"
1557 }
1558 }
1559 kubernetes: {
1560 spec: {
1561 type: "LoadBalancer"
1562 loadBalancerIP: "1.2.3.4"
1563 }
1564 }
1565 label: {
1566 app: "tasks"
1567 domain: "prod"
1568 component: "infra"
1569 }
1570 }
1571}
1572configMap: {}
1573kubernetes: {
1574 services: {
1575 tasks: {
1576 apiVersion: "v1"
1577 kind: "Service"
1578 spec: {
1579 type: "LoadBalancer"
1580 selector: {
1581 app: "tasks"
1582 domain: "prod"
1583 component: "infra"
1584 }
1585 ports: [{
1586 name: "https"
1587 port: 443
1588 targetPort: 7443
1589 protocol: "TCP"
1590 }]
1591 loadBalancerIP: "1.2.3.4"
1592 }
1593 metadata: {
1594 name: "tasks"
1595 labels: {
1596 app: "tasks"
1597 domain: "prod"
1598 component: "infra"
1599 }
1600 }
1601 }
1602 }
1603 deployments: {
1604 tasks: {
1605 apiVersion: "extensions/v1beta1"
1606 kind: "Deployment"
1607 metadata: {
1608 name: "tasks"
1609 labels: {
1610 component: "infra"
1611 }
1612 }
1613 spec: {
1614 template: {
1615 metadata: {
1616 labels: {
1617 app: "tasks"
1618 domain: "prod"
1619 component: "infra"
1620 }
1621 annotations: {
1622 "prometheus.io.port": "7080"
1623 "prometheus.io.scrape": "true"
1624 }
1625 }
1626 spec: {
1627 containers: [{
1628 name: "tasks"
1629 image: "gcr.io/myproj/tasks:v0.2.6"
1630 args: []
1631 volumeMounts: [{
1632 name: "secret-volume"
1633 mountPath: "/etc/ssl"
1634 }]
1635 ports: [{
1636 name: "https"
1637 containerPort: 7443
1638 }, {
1639 name: "http"
1640 containerPort: 7080
1641 }]
1642 }]
1643 volumes: [{
1644 name: "secret-volume"
1645 }]
1646 }
1647 }
1648 replicas: 1
1649 }
1650 }
1651 }
1652 statefulSets: {}
1653 daemonSets: {}
1654 configMaps: {}
1655}
1656deployment: {
1657 updater: {
1658 name: "updater"
1659 kind: "deployment"
1660 replicas: 1
1661 image: "gcr.io/myproj/updater:v0.1.0"
1662 args: ["-key=/etc/certs/updater.pem"]
1663 expose: {
1664 port: {
1665 http: 8080
1666 }
1667 }
1668 port: {}
1669 arg: {}
1670 env: {}
1671 volume: {
1672 "secret-updater": {
1673 name: "secret-updater"
1674 mountPath: "/etc/certs"
1675 subPath: null
1676 readOnly: false
1677 spec: {
1678 secret: {
1679 secretName: "updater-secrets"
1680 }
1681 }
1682 kubernetes: {}
1683 }
1684 }
1685 label: {
1686 app: "updater"
1687 domain: "prod"
1688 component: "infra"
1689 }
1690 kubernetes: {}
1691 envSpec: {}
1692 }
1693}
1694service: {
1695 updater: {
1696 name: "updater"
1697 port: {
1698 http: {
1699 name: "http"
1700 port: 8080
1701 protocol: "TCP"
1702 }
1703 }
1704 label: {
1705 app: "updater"
1706 domain: "prod"
1707 component: "infra"
1708 }
1709 kubernetes: {}
1710 }
1711}
1712configMap: {}
1713kubernetes: {
1714 services: {
1715 updater: {
1716 apiVersion: "v1"
1717 kind: "Service"
1718 metadata: {
1719 name: "updater"
1720 labels: {
1721 app: "updater"
1722 domain: "prod"
1723 component: "infra"
1724 }
1725 }
1726 spec: {
1727 selector: {
1728 app: "updater"
1729 domain: "prod"
1730 component: "infra"
1731 }
1732 ports: [{
1733 name: "http"
1734 port: 8080
1735 protocol: "TCP"
1736 }]
1737 }
1738 }
1739 }
1740 deployments: {
1741 updater: {
1742 apiVersion: "extensions/v1beta1"
1743 kind: "Deployment"
1744 metadata: {
1745 name: "updater"
1746 labels: {
1747 component: "infra"
1748 }
1749 }
1750 spec: {
1751 template: {
1752 metadata: {
1753 labels: {
1754 app: "updater"
1755 domain: "prod"
1756 component: "infra"
1757 }
1758 }
1759 spec: {
1760 containers: [{
1761 name: "updater"
1762 image: "gcr.io/myproj/updater:v0.1.0"
1763 args: ["-key=/etc/certs/updater.pem"]
1764 volumeMounts: [{
1765 name: "secret-updater"
1766 mountPath: "/etc/certs"
1767 }]
1768 ports: [{
1769 name: "http"
1770 containerPort: 8080
1771 }]
1772 }]
1773 volumes: [{
1774 name: "secret-updater"
1775 }]
1776 }
1777 }
1778 replicas: 1
1779 }
1780 }
1781 }
1782 statefulSets: {}
1783 daemonSets: {}
1784 configMaps: {}
1785}
1786deployment: {
1787 watcher: {
1788 name: "watcher"
1789 kind: "deployment"
1790 replicas: 1
1791 image: "gcr.io/myproj/watcher:v0.1.0"
1792 volume: {
1793 "secret-volume": {
1794 name: "secret-volume"
1795 mountPath: "/etc/ssl"
1796 subPath: null
1797 readOnly: false
1798 spec: {
1799 secret: {
1800 secretName: "star-example-com-secrets"
1801 }
1802 }
1803 kubernetes: {}
1804 }
1805 }
1806 port: {
1807 http: 7080
1808 }
1809 expose: {
1810 port: {
1811 https: 7788
1812 }
1813 }
1814 arg: {}
1815 args: []
1816 env: {}
1817 label: {
1818 app: "watcher"
1819 domain: "prod"
1820 component: "infra"
1821 }
1822 kubernetes: {}
1823 envSpec: {}
1824 }
1825}
1826service: {
1827 watcher: {
1828 name: "watcher"
1829 port: {
1830 https: {
1831 name: "https"
1832 port: 7788
1833 protocol: "TCP"
1834 }
1835 }
1836 kubernetes: {
1837 spec: {
1838 type: "LoadBalancer"
1839 loadBalancerIP: "1.2.3.4"
1840 }
1841 }
1842 ports: {
1843 https: {
1844 port: 7788
1845 targetPort: 7788
1846 }
1847 }
1848 label: {
1849 app: "watcher"
1850 domain: "prod"
1851 component: "infra"
1852 }
1853 }
1854}
1855configMap: {}
1856kubernetes: {
1857 services: {
1858 watcher: {
1859 apiVersion: "v1"
1860 kind: "Service"
1861 spec: {
1862 type: "LoadBalancer"
1863 selector: {
1864 app: "watcher"
1865 domain: "prod"
1866 component: "infra"
1867 }
1868 ports: [{
1869 name: "https"
1870 port: 7788
1871 protocol: "TCP"
1872 }]
1873 loadBalancerIP: "1.2.3.4"
1874 }
1875 metadata: {
1876 name: "watcher"
1877 labels: {
1878 app: "watcher"
1879 domain: "prod"
1880 component: "infra"
1881 }
1882 }
1883 }
1884 }
1885 deployments: {
1886 watcher: {
1887 apiVersion: "extensions/v1beta1"
1888 kind: "Deployment"
1889 metadata: {
1890 name: "watcher"
1891 labels: {
1892 component: "infra"
1893 }
1894 }
1895 spec: {
1896 template: {
1897 metadata: {
1898 labels: {
1899 app: "watcher"
1900 domain: "prod"
1901 component: "infra"
1902 }
1903 }
1904 spec: {
1905 containers: [{
1906 name: "watcher"
1907 image: "gcr.io/myproj/watcher:v0.1.0"
1908 args: []
1909 volumeMounts: [{
1910 name: "secret-volume"
1911 mountPath: "/etc/ssl"
1912 }]
1913 ports: [{
1914 name: "https"
1915 containerPort: 7788
1916 }, {
1917 name: "http"
1918 containerPort: 7080
1919 }]
1920 }]
1921 volumes: [{
1922 name: "secret-volume"
1923 }]
1924 }
1925 }
1926 replicas: 1
1927 }
1928 }
1929 }
1930 statefulSets: {}
1931 daemonSets: {}
1932 configMaps: {}
1933}
1934deployment: {}
1935service: {}
1936configMap: {}
1937kubernetes: {
1938 services: {}
1939 deployments: {}
1940 statefulSets: {}
1941 daemonSets: {}
1942 configMaps: {}
1943}
1944deployment: {
1945 caller: {
1946 name: "caller"
1947 kind: "deployment"
1948 replicas: 3
1949 image: "gcr.io/myproj/caller:v0.20.14"
1950 expose: {
1951 port: {
1952 client: 8080
1953 }
1954 }
1955 port: {}
1956 arg: {
1957 env: "prod"
1958 logdir: "/logs"
1959 "event-server": "events:7788"
1960 key: "/etc/certs/client.key"
1961 cert: "/etc/certs/client.pem"
1962 ca: "/etc/certs/servfx.ca"
1963 "ssh-tunnel-key": "/sslcerts/tunnel-private.pem"
1964 }
1965 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-key=/etc/certs/client.key", "-cert=/etc/certs/client.pem", "-ca=/etc/certs/servfx.ca", "-ssh-tunnel-key=/sslcerts/tunnel-private.pem"]
1966 env: {}
1967 volume: {
1968 "caller-disk": {
1969 name: "ssd-caller"
1970 mountPath: "/logs"
1971 subPath: null
1972 readOnly: false
1973 spec: {
1974 gcePersistentDisk: {
1975 pdName: "ssd-caller"
1976 fsType: "ext4"
1977 }
1978 }
1979 kubernetes: {}
1980 }
1981 "secret-ssh-key": {
1982 name: "secret-ssh-key"
1983 mountPath: "/sslcerts"
1984 subPath: null
1985 readOnly: true
1986 spec: {
1987 secret: {
1988 secretName: "secrets"
1989 }
1990 }
1991 kubernetes: {}
1992 }
1993 "secret-caller": {
1994 name: "secret-caller"
1995 mountPath: "/etc/certs"
1996 subPath: null
1997 readOnly: true
1998 spec: {
1999 secret: {
2000 secretName: "caller-secrets"
2001 }
2002 }
2003 kubernetes: {}
2004 }
2005 }
2006 label: {
2007 app: "caller"
2008 domain: "prod"
2009 component: "kitchen"
2010 }
2011 kubernetes: {
2012 spec: {
2013 template: {
2014 metadata: {
2015 annotations: {
2016 "prometheus.io.scrape": "true"
2017 }
2018 }
2019 spec: {
2020 containers: [{
2021 livenessProbe: {
2022 httpGet: {
2023 path: "/debug/health"
2024 port: 8080
2025 }
2026 initialDelaySeconds: 40
2027 periodSeconds: 3
2028 }
2029 }]
2030 }
2031 }
2032 }
2033 }
2034 envSpec: {}
2035 }
2036}
2037service: {
2038 caller: {
2039 name: "caller"
2040 port: {
2041 client: {
2042 name: "client"
2043 port: 8080
2044 protocol: "TCP"
2045 }
2046 }
2047 label: {
2048 app: "caller"
2049 domain: "prod"
2050 component: "kitchen"
2051 }
2052 kubernetes: {}
2053 }
2054}
2055configMap: {}
2056kubernetes: {
2057 services: {
2058 caller: {
2059 apiVersion: "v1"
2060 kind: "Service"
2061 metadata: {
2062 name: "caller"
2063 labels: {
2064 app: "caller"
2065 domain: "prod"
2066 component: "kitchen"
2067 }
2068 }
2069 spec: {
2070 selector: {
2071 app: "caller"
2072 domain: "prod"
2073 component: "kitchen"
2074 }
2075 ports: [{
2076 name: "client"
2077 port: 8080
2078 protocol: "TCP"
2079 }]
2080 }
2081 }
2082 }
2083 deployments: {
2084 caller: {
2085 apiVersion: "extensions/v1beta1"
2086 kind: "Deployment"
2087 metadata: {
2088 name: "caller"
2089 labels: {
2090 component: "kitchen"
2091 }
2092 }
2093 spec: {
2094 template: {
2095 metadata: {
2096 labels: {
2097 app: "caller"
2098 domain: "prod"
2099 component: "kitchen"
2100 }
2101 annotations: {
2102 "prometheus.io.scrape": "true"
2103 }
2104 }
2105 spec: {
2106 containers: [{
2107 name: "caller"
2108 image: "gcr.io/myproj/caller:v0.20.14"
2109 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-key=/etc/certs/client.key", "-cert=/etc/certs/client.pem", "-ca=/etc/certs/servfx.ca", "-ssh-tunnel-key=/sslcerts/tunnel-private.pem"]
2110 volumeMounts: [{
2111 name: "ssd-caller"
2112 mountPath: "/logs"
2113 }, {
2114 name: "secret-ssh-key"
2115 readOnly: true
2116 mountPath: "/sslcerts"
2117 }, {
2118 name: "secret-caller"
2119 readOnly: true
2120 mountPath: "/etc/certs"
2121 }]
2122 livenessProbe: {
2123 httpGet: {
2124 path: "/debug/health"
2125 port: 8080
2126 }
2127 initialDelaySeconds: 40
2128 periodSeconds: 3
2129 }
2130 ports: [{
2131 name: "client"
2132 containerPort: 8080
2133 }]
2134 }]
2135 volumes: [{
2136 name: "ssd-caller"
2137 }, {
2138 name: "secret-ssh-key"
2139 }, {
2140 name: "secret-caller"
2141 }]
2142 }
2143 }
2144 replicas: 3
2145 }
2146 }
2147 }
2148 statefulSets: {}
2149 daemonSets: {}
2150 configMaps: {}
2151}
2152deployment: {
2153 dishwasher: {
2154 name: "dishwasher"
2155 kind: "deployment"
2156 replicas: 5
2157 image: "gcr.io/myproj/dishwasher:v0.2.13"
2158 expose: {
2159 port: {
2160 client: 8080
2161 }
2162 }
2163 port: {}
2164 arg: {
2165 env: "prod"
2166 logdir: "/logs"
2167 "event-server": "events:7788"
2168 "ssh-tunnel-key": "/etc/certs/tunnel-private.pem"
2169 }
2170 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem"]
2171 env: {}
2172 volume: {
2173 "secret-ssh-key": {
2174 name: "secret-ssh-key"
2175 mountPath: "/sslcerts"
2176 subPath: null
2177 readOnly: true
2178 spec: {
2179 secret: {
2180 secretName: "secrets"
2181 }
2182 }
2183 kubernetes: {}
2184 }
2185 "dishwasher-disk": {
2186 name: "dishwasher-disk"
2187 mountPath: "/logs"
2188 subPath: null
2189 readOnly: false
2190 spec: {
2191 gcePersistentDisk: {
2192 pdName: "dishwasher-disk"
2193 fsType: "ext4"
2194 }
2195 }
2196 kubernetes: {}
2197 }
2198 "secret-dishwasher": {
2199 name: "secret-dishwasher"
2200 mountPath: "/etc/certs"
2201 subPath: null
2202 readOnly: true
2203 spec: {
2204 secret: {
2205 secretName: "dishwasher-secrets"
2206 }
2207 }
2208 kubernetes: {}
2209 }
2210 }
2211 label: {
2212 app: "dishwasher"
2213 domain: "prod"
2214 component: "kitchen"
2215 }
2216 kubernetes: {
2217 spec: {
2218 template: {
2219 metadata: {
2220 annotations: {
2221 "prometheus.io.scrape": "true"
2222 }
2223 }
2224 spec: {
2225 containers: [{
2226 livenessProbe: {
2227 httpGet: {
2228 path: "/debug/health"
2229 port: 8080
2230 }
2231 initialDelaySeconds: 40
2232 periodSeconds: 3
2233 }
2234 }]
2235 }
2236 }
2237 }
2238 }
2239 envSpec: {}
2240 }
2241}
2242service: {
2243 dishwasher: {
2244 name: "dishwasher"
2245 port: {
2246 client: {
2247 name: "client"
2248 port: 8080
2249 protocol: "TCP"
2250 }
2251 }
2252 label: {
2253 app: "dishwasher"
2254 domain: "prod"
2255 component: "kitchen"
2256 }
2257 kubernetes: {}
2258 }
2259}
2260configMap: {}
2261kubernetes: {
2262 services: {
2263 dishwasher: {
2264 apiVersion: "v1"
2265 kind: "Service"
2266 metadata: {
2267 name: "dishwasher"
2268 labels: {
2269 app: "dishwasher"
2270 domain: "prod"
2271 component: "kitchen"
2272 }
2273 }
2274 spec: {
2275 selector: {
2276 app: "dishwasher"
2277 domain: "prod"
2278 component: "kitchen"
2279 }
2280 ports: [{
2281 name: "client"
2282 port: 8080
2283 protocol: "TCP"
2284 }]
2285 }
2286 }
2287 }
2288 deployments: {
2289 dishwasher: {
2290 apiVersion: "extensions/v1beta1"
2291 kind: "Deployment"
2292 metadata: {
2293 name: "dishwasher"
2294 labels: {
2295 component: "kitchen"
2296 }
2297 }
2298 spec: {
2299 template: {
2300 metadata: {
2301 labels: {
2302 app: "dishwasher"
2303 domain: "prod"
2304 component: "kitchen"
2305 }
2306 annotations: {
2307 "prometheus.io.scrape": "true"
2308 }
2309 }
2310 spec: {
2311 containers: [{
2312 name: "dishwasher"
2313 image: "gcr.io/myproj/dishwasher:v0.2.13"
2314 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem"]
2315 volumeMounts: [{
2316 name: "secret-ssh-key"
2317 readOnly: true
2318 mountPath: "/sslcerts"
2319 }, {
2320 name: "dishwasher-disk"
2321 mountPath: "/logs"
2322 }, {
2323 name: "secret-dishwasher"
2324 readOnly: true
2325 mountPath: "/etc/certs"
2326 }]
2327 livenessProbe: {
2328 httpGet: {
2329 path: "/debug/health"
2330 port: 8080
2331 }
2332 initialDelaySeconds: 40
2333 periodSeconds: 3
2334 }
2335 ports: [{
2336 name: "client"
2337 containerPort: 8080
2338 }]
2339 }]
2340 volumes: [{
2341 name: "secret-ssh-key"
2342 }, {
2343 name: "dishwasher-disk"
2344 }, {
2345 name: "secret-dishwasher"
2346 }]
2347 }
2348 }
2349 replicas: 5
2350 }
2351 }
2352 }
2353 statefulSets: {}
2354 daemonSets: {}
2355 configMaps: {}
2356}
2357deployment: {
2358 expiditer: {
2359 name: "expiditer"
2360 kind: "deployment"
2361 replicas: 1
2362 image: "gcr.io/myproj/expiditer:v0.5.34"
2363 expose: {
2364 port: {
2365 client: 8080
2366 }
2367 }
2368 port: {}
2369 arg: {
2370 env: "prod"
2371 logdir: "/logs"
2372 "event-server": "events:7788"
2373 "ssh-tunnel-key": "/etc/certs/tunnel-private.pem"
2374 }
2375 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem"]
2376 env: {}
2377 volume: {
2378 "expiditer-disk": {
2379 name: "expiditer-disk"
2380 mountPath: "/logs"
2381 subPath: null
2382 readOnly: false
2383 spec: {
2384 gcePersistentDisk: {
2385 pdName: "expiditer-disk"
2386 fsType: "ext4"
2387 }
2388 }
2389 kubernetes: {}
2390 }
2391 "secret-expiditer": {
2392 name: "secret-expiditer"
2393 mountPath: "/etc/certs"
2394 subPath: null
2395 readOnly: true
2396 spec: {
2397 secret: {
2398 secretName: "expiditer-secrets"
2399 }
2400 }
2401 kubernetes: {}
2402 }
2403 }
2404 label: {
2405 app: "expiditer"
2406 domain: "prod"
2407 component: "kitchen"
2408 }
2409 kubernetes: {
2410 spec: {
2411 template: {
2412 metadata: {
2413 annotations: {
2414 "prometheus.io.scrape": "true"
2415 }
2416 }
2417 spec: {
2418 containers: [{
2419 livenessProbe: {
2420 httpGet: {
2421 path: "/debug/health"
2422 port: 8080
2423 }
2424 initialDelaySeconds: 40
2425 periodSeconds: 3
2426 }
2427 }]
2428 }
2429 }
2430 }
2431 }
2432 envSpec: {}
2433 }
2434}
2435service: {
2436 expiditer: {
2437 name: "expiditer"
2438 port: {
2439 client: {
2440 name: "client"
2441 port: 8080
2442 protocol: "TCP"
2443 }
2444 }
2445 label: {
2446 app: "expiditer"
2447 domain: "prod"
2448 component: "kitchen"
2449 }
2450 kubernetes: {}
2451 }
2452}
2453configMap: {}
2454kubernetes: {
2455 services: {
2456 expiditer: {
2457 apiVersion: "v1"
2458 kind: "Service"
2459 metadata: {
2460 name: "expiditer"
2461 labels: {
2462 app: "expiditer"
2463 domain: "prod"
2464 component: "kitchen"
2465 }
2466 }
2467 spec: {
2468 selector: {
2469 app: "expiditer"
2470 domain: "prod"
2471 component: "kitchen"
2472 }
2473 ports: [{
2474 name: "client"
2475 port: 8080
2476 protocol: "TCP"
2477 }]
2478 }
2479 }
2480 }
2481 deployments: {
2482 expiditer: {
2483 apiVersion: "extensions/v1beta1"
2484 kind: "Deployment"
2485 metadata: {
2486 name: "expiditer"
2487 labels: {
2488 component: "kitchen"
2489 }
2490 }
2491 spec: {
2492 template: {
2493 metadata: {
2494 labels: {
2495 app: "expiditer"
2496 domain: "prod"
2497 component: "kitchen"
2498 }
2499 annotations: {
2500 "prometheus.io.scrape": "true"
2501 }
2502 }
2503 spec: {
2504 containers: [{
2505 name: "expiditer"
2506 image: "gcr.io/myproj/expiditer:v0.5.34"
2507 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem"]
2508 volumeMounts: [{
2509 name: "expiditer-disk"
2510 mountPath: "/logs"
2511 }, {
2512 name: "secret-expiditer"
2513 readOnly: true
2514 mountPath: "/etc/certs"
2515 }]
2516 livenessProbe: {
2517 httpGet: {
2518 path: "/debug/health"
2519 port: 8080
2520 }
2521 initialDelaySeconds: 40
2522 periodSeconds: 3
2523 }
2524 ports: [{
2525 name: "client"
2526 containerPort: 8080
2527 }]
2528 }]
2529 volumes: [{
2530 name: "expiditer-disk"
2531 }, {
2532 name: "secret-expiditer"
2533 }]
2534 }
2535 }
2536 replicas: 1
2537 }
2538 }
2539 }
2540 statefulSets: {}
2541 daemonSets: {}
2542 configMaps: {}
2543}
2544deployment: {
2545 headchef: {
2546 name: "headchef"
2547 kind: "deployment"
2548 replicas: 1
2549 image: "gcr.io/myproj/headchef:v0.2.16"
2550 expose: {
2551 port: {
2552 client: 8080
2553 }
2554 }
2555 port: {}
2556 arg: {
2557 env: "prod"
2558 logdir: "/logs"
2559 "event-server": "events:7788"
2560 }
2561 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788"]
2562 env: {}
2563 volume: {
2564 "secret-headchef": {
2565 name: "secret-headchef"
2566 mountPath: "/sslcerts"
2567 subPath: null
2568 readOnly: true
2569 spec: {
2570 secret: {
2571 secretName: "headchef-secrets"
2572 }
2573 }
2574 kubernetes: {}
2575 }
2576 "headchef-disk": {
2577 name: "headchef-disk"
2578 mountPath: "/logs"
2579 subPath: null
2580 readOnly: false
2581 spec: {
2582 gcePersistentDisk: {
2583 pdName: "headchef-disk"
2584 fsType: "ext4"
2585 }
2586 }
2587 kubernetes: {}
2588 }
2589 }
2590 label: {
2591 app: "headchef"
2592 domain: "prod"
2593 component: "kitchen"
2594 }
2595 kubernetes: {
2596 spec: {
2597 template: {
2598 metadata: {
2599 annotations: {
2600 "prometheus.io.scrape": "true"
2601 }
2602 }
2603 spec: {
2604 containers: [{
2605 livenessProbe: {
2606 httpGet: {
2607 path: "/debug/health"
2608 port: 8080
2609 }
2610 initialDelaySeconds: 40
2611 periodSeconds: 3
2612 }
2613 }]
2614 }
2615 }
2616 }
2617 }
2618 envSpec: {}
2619 }
2620}
2621service: {
2622 headchef: {
2623 name: "headchef"
2624 port: {
2625 client: {
2626 name: "client"
2627 port: 8080
2628 protocol: "TCP"
2629 }
2630 }
2631 label: {
2632 app: "headchef"
2633 domain: "prod"
2634 component: "kitchen"
2635 }
2636 kubernetes: {}
2637 }
2638}
2639configMap: {}
2640kubernetes: {
2641 services: {
2642 headchef: {
2643 apiVersion: "v1"
2644 kind: "Service"
2645 metadata: {
2646 name: "headchef"
2647 labels: {
2648 app: "headchef"
2649 domain: "prod"
2650 component: "kitchen"
2651 }
2652 }
2653 spec: {
2654 selector: {
2655 app: "headchef"
2656 domain: "prod"
2657 component: "kitchen"
2658 }
2659 ports: [{
2660 name: "client"
2661 port: 8080
2662 protocol: "TCP"
2663 }]
2664 }
2665 }
2666 }
2667 deployments: {
2668 headchef: {
2669 apiVersion: "extensions/v1beta1"
2670 kind: "Deployment"
2671 metadata: {
2672 name: "headchef"
2673 labels: {
2674 component: "kitchen"
2675 }
2676 }
2677 spec: {
2678 template: {
2679 metadata: {
2680 labels: {
2681 app: "headchef"
2682 domain: "prod"
2683 component: "kitchen"
2684 }
2685 annotations: {
2686 "prometheus.io.scrape": "true"
2687 }
2688 }
2689 spec: {
2690 containers: [{
2691 name: "headchef"
2692 image: "gcr.io/myproj/headchef:v0.2.16"
2693 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788"]
2694 volumeMounts: [{
2695 name: "secret-headchef"
2696 readOnly: true
2697 mountPath: "/sslcerts"
2698 }, {
2699 name: "headchef-disk"
2700 mountPath: "/logs"
2701 }]
2702 livenessProbe: {
2703 httpGet: {
2704 path: "/debug/health"
2705 port: 8080
2706 }
2707 initialDelaySeconds: 40
2708 periodSeconds: 3
2709 }
2710 ports: [{
2711 name: "client"
2712 containerPort: 8080
2713 }]
2714 }]
2715 volumes: [{
2716 name: "secret-headchef"
2717 }, {
2718 name: "headchef-disk"
2719 }]
2720 }
2721 }
2722 replicas: 1
2723 }
2724 }
2725 }
2726 statefulSets: {}
2727 daemonSets: {}
2728 configMaps: {}
2729}
2730deployment: {
2731 linecook: {
2732 name: "linecook"
2733 kind: "deployment"
2734 replicas: 1
2735 image: "gcr.io/myproj/linecook:v0.1.42"
2736 expose: {
2737 port: {
2738 client: 8080
2739 }
2740 }
2741 port: {}
2742 arg: {
2743 env: "prod"
2744 logdir: "/logs"
2745 "event-server": "events:7788"
2746 name: "linecook"
2747 etcd: "etcd:2379"
2748 "reconnect-delay": "1h"
2749 "-recovery-overlap": "100000"
2750 }
2751 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-name=linecook", "-etcd=etcd:2379", "-reconnect-delay=1h", "--recovery-overlap=100000"]
2752 env: {}
2753 volume: {
2754 "secret-linecook": {
2755 name: "secret-kitchen"
2756 mountPath: "/etc/certs"
2757 subPath: null
2758 readOnly: true
2759 spec: {
2760 secret: {
2761 secretName: "linecook-secrets"
2762 }
2763 }
2764 kubernetes: {}
2765 }
2766 "linecook-disk": {
2767 name: "linecook-disk"
2768 mountPath: "/logs"
2769 subPath: null
2770 readOnly: false
2771 spec: {
2772 gcePersistentDisk: {
2773 pdName: "linecook-disk"
2774 fsType: "ext4"
2775 }
2776 }
2777 kubernetes: {}
2778 }
2779 }
2780 label: {
2781 app: "linecook"
2782 domain: "prod"
2783 component: "kitchen"
2784 }
2785 kubernetes: {
2786 spec: {
2787 template: {
2788 metadata: {
2789 annotations: {
2790 "prometheus.io.scrape": "true"
2791 }
2792 }
2793 spec: {
2794 containers: [{
2795 livenessProbe: {
2796 httpGet: {
2797 path: "/debug/health"
2798 port: 8080
2799 }
2800 initialDelaySeconds: 40
2801 periodSeconds: 3
2802 }
2803 }]
2804 }
2805 }
2806 }
2807 }
2808 envSpec: {}
2809 }
2810}
2811service: {
2812 linecook: {
2813 name: "linecook"
2814 port: {
2815 client: {
2816 name: "client"
2817 port: 8080
2818 protocol: "TCP"
2819 }
2820 }
2821 label: {
2822 app: "linecook"
2823 domain: "prod"
2824 component: "kitchen"
2825 }
2826 kubernetes: {}
2827 }
2828}
2829configMap: {}
2830kubernetes: {
2831 services: {
2832 linecook: {
2833 apiVersion: "v1"
2834 kind: "Service"
2835 metadata: {
2836 name: "linecook"
2837 labels: {
2838 app: "linecook"
2839 domain: "prod"
2840 component: "kitchen"
2841 }
2842 }
2843 spec: {
2844 selector: {
2845 app: "linecook"
2846 domain: "prod"
2847 component: "kitchen"
2848 }
2849 ports: [{
2850 name: "client"
2851 port: 8080
2852 protocol: "TCP"
2853 }]
2854 }
2855 }
2856 }
2857 deployments: {
2858 linecook: {
2859 apiVersion: "extensions/v1beta1"
2860 kind: "Deployment"
2861 metadata: {
2862 name: "linecook"
2863 labels: {
2864 component: "kitchen"
2865 }
2866 }
2867 spec: {
2868 template: {
2869 metadata: {
2870 labels: {
2871 app: "linecook"
2872 domain: "prod"
2873 component: "kitchen"
2874 }
2875 annotations: {
2876 "prometheus.io.scrape": "true"
2877 }
2878 }
2879 spec: {
2880 containers: [{
2881 name: "linecook"
2882 image: "gcr.io/myproj/linecook:v0.1.42"
2883 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-name=linecook", "-etcd=etcd:2379", "-reconnect-delay=1h", "--recovery-overlap=100000"]
2884 volumeMounts: [{
2885 name: "secret-kitchen"
2886 readOnly: true
2887 mountPath: "/etc/certs"
2888 }, {
2889 name: "linecook-disk"
2890 mountPath: "/logs"
2891 }]
2892 livenessProbe: {
2893 httpGet: {
2894 path: "/debug/health"
2895 port: 8080
2896 }
2897 initialDelaySeconds: 40
2898 periodSeconds: 3
2899 }
2900 ports: [{
2901 name: "client"
2902 containerPort: 8080
2903 }]
2904 }]
2905 volumes: [{
2906 name: "secret-kitchen"
2907 }, {
2908 name: "linecook-disk"
2909 }]
2910 }
2911 }
2912 replicas: 1
2913 }
2914 }
2915 }
2916 statefulSets: {}
2917 daemonSets: {}
2918 configMaps: {}
2919}
2920deployment: {
2921 pastrychef: {
2922 name: "pastrychef"
2923 kind: "deployment"
2924 replicas: 1
2925 image: "gcr.io/myproj/pastrychef:v0.1.15"
2926 expose: {
2927 port: {
2928 client: 8080
2929 }
2930 }
2931 port: {}
2932 arg: {
2933 env: "prod"
2934 logdir: "/logs"
2935 "event-server": "events:7788"
2936 "ssh-tunnel-key": "/etc/certs/tunnel-private.pem"
2937 "reconnect-delay": "1m"
2938 etcd: "etcd:2379"
2939 "recovery-overlap": "10000"
2940 }
2941 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-reconnect-delay=1m", "-etcd=etcd:2379", "-recovery-overlap=10000"]
2942 env: {}
2943 volume: {
2944 "secret-pastrychef": {
2945 name: "secret-ssh-key"
2946 mountPath: "/etc/certs"
2947 subPath: null
2948 readOnly: true
2949 spec: {
2950 secret: {
2951 secretName: "secrets"
2952 }
2953 }
2954 kubernetes: {}
2955 }
2956 "pastrychef-disk": {
2957 name: "pastrychef-disk"
2958 mountPath: "/logs"
2959 subPath: null
2960 readOnly: false
2961 spec: {
2962 gcePersistentDisk: {
2963 pdName: "pastrychef-disk"
2964 fsType: "ext4"
2965 }
2966 }
2967 kubernetes: {}
2968 }
2969 }
2970 label: {
2971 app: "pastrychef"
2972 domain: "prod"
2973 component: "kitchen"
2974 }
2975 kubernetes: {
2976 spec: {
2977 template: {
2978 metadata: {
2979 annotations: {
2980 "prometheus.io.scrape": "true"
2981 }
2982 }
2983 spec: {
2984 containers: [{
2985 livenessProbe: {
2986 httpGet: {
2987 path: "/debug/health"
2988 port: 8080
2989 }
2990 initialDelaySeconds: 40
2991 periodSeconds: 3
2992 }
2993 }]
2994 }
2995 }
2996 }
2997 }
2998 envSpec: {}
2999 }
3000}
3001service: {
3002 pastrychef: {
3003 name: "pastrychef"
3004 port: {
3005 client: {
3006 name: "client"
3007 port: 8080
3008 protocol: "TCP"
3009 }
3010 }
3011 label: {
3012 app: "pastrychef"
3013 domain: "prod"
3014 component: "kitchen"
3015 }
3016 kubernetes: {}
3017 }
3018}
3019configMap: {}
3020kubernetes: {
3021 services: {
3022 pastrychef: {
3023 apiVersion: "v1"
3024 kind: "Service"
3025 metadata: {
3026 name: "pastrychef"
3027 labels: {
3028 app: "pastrychef"
3029 domain: "prod"
3030 component: "kitchen"
3031 }
3032 }
3033 spec: {
3034 selector: {
3035 app: "pastrychef"
3036 domain: "prod"
3037 component: "kitchen"
3038 }
3039 ports: [{
3040 name: "client"
3041 port: 8080
3042 protocol: "TCP"
3043 }]
3044 }
3045 }
3046 }
3047 deployments: {
3048 pastrychef: {
3049 apiVersion: "extensions/v1beta1"
3050 kind: "Deployment"
3051 metadata: {
3052 name: "pastrychef"
3053 labels: {
3054 component: "kitchen"
3055 }
3056 }
3057 spec: {
3058 template: {
3059 metadata: {
3060 labels: {
3061 app: "pastrychef"
3062 domain: "prod"
3063 component: "kitchen"
3064 }
3065 annotations: {
3066 "prometheus.io.scrape": "true"
3067 }
3068 }
3069 spec: {
3070 containers: [{
3071 name: "pastrychef"
3072 image: "gcr.io/myproj/pastrychef:v0.1.15"
3073 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-reconnect-delay=1m", "-etcd=etcd:2379", "-recovery-overlap=10000"]
3074 volumeMounts: [{
3075 name: "secret-ssh-key"
3076 readOnly: true
3077 mountPath: "/etc/certs"
3078 }, {
3079 name: "pastrychef-disk"
3080 mountPath: "/logs"
3081 }]
3082 livenessProbe: {
3083 httpGet: {
3084 path: "/debug/health"
3085 port: 8080
3086 }
3087 initialDelaySeconds: 40
3088 periodSeconds: 3
3089 }
3090 ports: [{
3091 name: "client"
3092 containerPort: 8080
3093 }]
3094 }]
3095 volumes: [{
3096 name: "secret-ssh-key"
3097 }, {
3098 name: "pastrychef-disk"
3099 }]
3100 }
3101 }
3102 replicas: 1
3103 }
3104 }
3105 }
3106 statefulSets: {}
3107 daemonSets: {}
3108 configMaps: {}
3109}
3110deployment: {
3111 souschef: {
3112 name: "souschef"
3113 kind: "deployment"
3114 replicas: 1
3115 image: "gcr.io/myproj/souschef:v0.5.3"
3116 expose: {
3117 port: {
3118 client: 8080
3119 }
3120 }
3121 port: {}
3122 arg: {}
3123 args: []
3124 env: {}
3125 label: {
3126 app: "souschef"
3127 domain: "prod"
3128 component: "kitchen"
3129 }
3130 kubernetes: {
3131 spec: {
3132 template: {
3133 metadata: {
3134 annotations: {
3135 "prometheus.io.scrape": "true"
3136 }
3137 }
3138 spec: {
3139 containers: [{
3140 livenessProbe: {
3141 httpGet: {
3142 path: "/debug/health"
3143 port: 8080
3144 }
3145 initialDelaySeconds: 40
3146 periodSeconds: 3
3147 }
3148 }]
3149 }
3150 }
3151 }
3152 }
3153 envSpec: {}
3154 volume: {}
3155 }
3156}
3157service: {
3158 souschef: {
3159 name: "souschef"
3160 port: {
3161 client: {
3162 name: "client"
3163 port: 8080
3164 protocol: "TCP"
3165 }
3166 }
3167 label: {
3168 app: "souschef"
3169 domain: "prod"
3170 component: "kitchen"
3171 }
3172 kubernetes: {}
3173 }
3174}
3175configMap: {}
3176kubernetes: {
3177 services: {
3178 souschef: {
3179 apiVersion: "v1"
3180 kind: "Service"
3181 metadata: {
3182 name: "souschef"
3183 labels: {
3184 app: "souschef"
3185 domain: "prod"
3186 component: "kitchen"
3187 }
3188 }
3189 spec: {
3190 selector: {
3191 app: "souschef"
3192 domain: "prod"
3193 component: "kitchen"
3194 }
3195 ports: [{
3196 name: "client"
3197 port: 8080
3198 protocol: "TCP"
3199 }]
3200 }
3201 }
3202 }
3203 deployments: {
3204 souschef: {
3205 apiVersion: "extensions/v1beta1"
3206 kind: "Deployment"
3207 metadata: {
3208 name: "souschef"
3209 labels: {
3210 component: "kitchen"
3211 }
3212 }
3213 spec: {
3214 template: {
3215 metadata: {
3216 labels: {
3217 app: "souschef"
3218 domain: "prod"
3219 component: "kitchen"
3220 }
3221 annotations: {
3222 "prometheus.io.scrape": "true"
3223 }
3224 }
3225 spec: {
3226 containers: [{
3227 name: "souschef"
3228 image: "gcr.io/myproj/souschef:v0.5.3"
3229 args: []
3230 livenessProbe: {
3231 httpGet: {
3232 path: "/debug/health"
3233 port: 8080
3234 }
3235 initialDelaySeconds: 40
3236 periodSeconds: 3
3237 }
3238 ports: [{
3239 name: "client"
3240 containerPort: 8080
3241 }]
3242 }]
3243 }
3244 }
3245 replicas: 1
3246 }
3247 }
3248 }
3249 statefulSets: {}
3250 daemonSets: {}
3251 configMaps: {}
3252}
3253deployment: {}
3254service: {}
3255configMap: {}
3256kubernetes: {
3257 services: {}
3258 deployments: {}
3259 statefulSets: {}
3260 daemonSets: {}
3261 configMaps: {}
3262}
3263deployment: {
3264 alertmanager: {
3265 name: "alertmanager"
3266 kind: "deployment"
3267 replicas: 1
3268 kubernetes: {
3269 spec: {
3270 selector: {
3271 matchLabels: {
3272 app: "alertmanager"
3273 }
3274 }
3275 }
3276 }
3277 image: "prom/alertmanager:v0.15.2"
3278 args: ["--config.file=/etc/alertmanager/alerts.yaml", "--storage.path=/alertmanager", "--web.external-url=https://alertmanager.example.com"]
3279 expose: {
3280 port: {
3281 alertmanager: 9093
3282 }
3283 }
3284 port: {}
3285 arg: {}
3286 env: {}
3287 volume: {
3288 "config-volume": {
3289 name: "config-volume"
3290 mountPath: "/etc/alertmanager"
3291 subPath: null
3292 readOnly: false
3293 spec: {
3294 configMap: {
3295 name: "alertmanager"
3296 }
3297 }
3298 kubernetes: {}
3299 }
3300 alertmanager: {
3301 name: "alertmanager"
3302 mountPath: "/alertmanager"
3303 subPath: null
3304 readOnly: false
3305 spec: {
3306 emptyDir: {}
3307 }
3308 kubernetes: {}
3309 }
3310 }
3311 label: {
3312 app: "alertmanager"
3313 domain: "prod"
3314 component: "mon"
3315 }
3316 envSpec: {}
3317 }
3318}
3319service: {
3320 alertmanager: {
3321 name: "alertmanager"
3322 label: {
3323 name: "alertmanager"
3324 app: "alertmanager"
3325 domain: "prod"
3326 component: "mon"
3327 }
3328 port: {
3329 alertmanager: {
3330 name: "main"
3331 port: 9093
3332 protocol: "TCP"
3333 }
3334 }
3335 kubernetes: {
3336 metadata: {
3337 annotations: {
3338 "prometheus.io/scrape": "true"
3339 "prometheus.io/path": "/metrics"
3340 }
3341 }
3342 }
3343 }
3344}
3345configMap: {
3346 alertmanager: {
3347 "alerts.yaml": """
3348 receivers:
3349 - name: pager
3350 slack_configs:
3351 - channel: '#cloudmon'
3352 text: |-
3353 {{ range .Alerts }}{{ .Annotations.description }}
3354 {{ end }}
3355 send_resolved: true
3356 route:
3357 receiver: pager
3358 group_by:
3359 - alertname
3360 - cluster
3361
3362 """
3363 }
3364}
3365kubernetes: {
3366 services: {
3367 alertmanager: {
3368 apiVersion: "v1"
3369 kind: "Service"
3370 metadata: {
3371 name: "alertmanager"
3372 labels: {
3373 name: "alertmanager"
3374 app: "alertmanager"
3375 domain: "prod"
3376 component: "mon"
3377 }
3378 annotations: {
3379 "prometheus.io/scrape": "true"
3380 "prometheus.io/path": "/metrics"
3381 }
3382 }
3383 spec: {
3384 selector: {
3385 name: "alertmanager"
3386 app: "alertmanager"
3387 domain: "prod"
3388 component: "mon"
3389 }
3390 ports: [{
3391 name: "main"
3392 port: 9093
3393 protocol: "TCP"
3394 }]
3395 }
3396 }
3397 }
3398 deployments: {
3399 alertmanager: {
3400 apiVersion: "extensions/v1beta1"
3401 kind: "Deployment"
3402 metadata: {
3403 name: "alertmanager"
3404 labels: {
3405 component: "mon"
3406 }
3407 }
3408 spec: {
3409 template: {
3410 metadata: {
3411 labels: {
3412 app: "alertmanager"
3413 domain: "prod"
3414 component: "mon"
3415 }
3416 }
3417 spec: {
3418 containers: [{
3419 name: "alertmanager"
3420 image: "prom/alertmanager:v0.15.2"
3421 args: ["--config.file=/etc/alertmanager/alerts.yaml", "--storage.path=/alertmanager", "--web.external-url=https://alertmanager.example.com"]
3422 volumeMounts: [{
3423 name: "config-volume"
3424 mountPath: "/etc/alertmanager"
3425 }, {
3426 name: "alertmanager"
3427 mountPath: "/alertmanager"
3428 }]
3429 ports: [{
3430 name: "alertmanager"
3431 containerPort: 9093
3432 }]
3433 }]
3434 volumes: [{
3435 name: "config-volume"
3436 }, {
3437 name: "alertmanager"
3438 }]
3439 }
3440 }
3441 selector: {
3442 matchLabels: {
3443 app: "alertmanager"
3444 }
3445 }
3446 replicas: 1
3447 }
3448 }
3449 }
3450 statefulSets: {}
3451 daemonSets: {}
3452 configMaps: {
3453 alertmanager: {
3454 apiVersion: "v1"
3455 kind: "ConfigMap"
3456 metadata: {
3457 name: "alertmanager"
3458 labels: {
3459 component: "mon"
3460 }
3461 }
3462 data: {
3463 "alerts.yaml": """
3464 receivers:
3465 - name: pager
3466 slack_configs:
3467 - channel: '#cloudmon'
3468 text: |-
3469 {{ range .Alerts }}{{ .Annotations.description }}
3470 {{ end }}
3471 send_resolved: true
3472 route:
3473 receiver: pager
3474 group_by:
3475 - alertname
3476 - cluster
3477
3478 """
3479 }
3480 }
3481 }
3482}
3483deployment: {
3484 grafana: {
3485 name: "grafana"
3486 kind: "deployment"
3487 replicas: 1
3488 image: "grafana/grafana:4.5.2"
3489 expose: {
3490 port: {
3491 grafana: 3000
3492 }
3493 }
3494 port: {
3495 web: 8080
3496 }
3497 arg: {}
3498 args: []
3499 volume: {
3500 "grafana-volume": {
3501 name: "grafana-volume"
3502 mountPath: "/var/lib/grafana"
3503 subPath: null
3504 readOnly: false
3505 spec: {
3506 gcePersistentDisk: {
3507 pdName: "grafana-volume"
3508 fsType: "ext4"
3509 }
3510 }
3511 kubernetes: {}
3512 }
3513 }
3514 env: {
3515 GF_AUTH_BASIC_ENABLED: "false"
3516 GF_AUTH_ANONYMOUS_ENABLED: "true"
3517 GF_AUTH_ANONYMOUS_ORG_ROLE: "admin"
3518 }
3519 kubernetes: {
3520 spec: {
3521 template: {
3522 spec: {
3523 containers: [{
3524 resources: {
3525 limits: {
3526 cpu: "100m"
3527 memory: "100Mi"
3528 }
3529 requests: {
3530 cpu: "100m"
3531 memory: "100Mi"
3532 }
3533 }
3534 }]
3535 }
3536 }
3537 }
3538 }
3539 label: {
3540 app: "grafana"
3541 domain: "prod"
3542 component: "mon"
3543 }
3544 envSpec: {
3545 GF_AUTH_BASIC_ENABLED: {
3546 value: "false"
3547 }
3548 GF_AUTH_ANONYMOUS_ENABLED: {
3549 value: "true"
3550 }
3551 GF_AUTH_ANONYMOUS_ORG_ROLE: {
3552 value: "admin"
3553 }
3554 }
3555 }
3556}
3557service: {
3558 grafana: {
3559 name: "grafana"
3560 port: {
3561 grafana: {
3562 name: "grafana"
3563 port: 3000
3564 protocol: "TCP"
3565 }
3566 }
3567 label: {
3568 app: "grafana"
3569 domain: "prod"
3570 component: "mon"
3571 }
3572 kubernetes: {}
3573 }
3574}
3575configMap: {}
3576kubernetes: {
3577 services: {
3578 grafana: {
3579 apiVersion: "v1"
3580 kind: "Service"
3581 metadata: {
3582 name: "grafana"
3583 labels: {
3584 app: "grafana"
3585 domain: "prod"
3586 component: "mon"
3587 }
3588 }
3589 spec: {
3590 selector: {
3591 app: "grafana"
3592 domain: "prod"
3593 component: "mon"
3594 }
3595 ports: [{
3596 name: "grafana"
3597 port: 3000
3598 protocol: "TCP"
3599 }]
3600 }
3601 }
3602 }
3603 deployments: {
3604 grafana: {
3605 apiVersion: "extensions/v1beta1"
3606 kind: "Deployment"
3607 metadata: {
3608 name: "grafana"
3609 labels: {
3610 component: "mon"
3611 }
3612 }
3613 spec: {
3614 template: {
3615 metadata: {
3616 labels: {
3617 app: "grafana"
3618 domain: "prod"
3619 component: "mon"
3620 }
3621 }
3622 spec: {
3623 containers: [{
3624 name: "grafana"
3625 image: "grafana/grafana:4.5.2"
3626 args: []
3627 env: [{
3628 name: "GF_AUTH_BASIC_ENABLED"
3629 value: "false"
3630 }, {
3631 name: "GF_AUTH_ANONYMOUS_ENABLED"
3632 value: "true"
3633 }, {
3634 name: "GF_AUTH_ANONYMOUS_ORG_ROLE"
3635 value: "admin"
3636 }]
3637 volumeMounts: [{
3638 name: "grafana-volume"
3639 mountPath: "/var/lib/grafana"
3640 }]
3641 ports: [{
3642 name: "grafana"
3643 containerPort: 3000
3644 }, {
3645 name: "web"
3646 containerPort: 8080
3647 }]
3648 resources: {
3649 limits: {
3650 cpu: "100m"
3651 memory: "100Mi"
3652 }
3653 requests: {
3654 cpu: "100m"
3655 memory: "100Mi"
3656 }
3657 }
3658 }]
3659 volumes: [{
3660 name: "grafana-volume"
3661 }]
3662 }
3663 }
3664 replicas: 1
3665 }
3666 }
3667 }
3668 statefulSets: {}
3669 daemonSets: {}
3670 configMaps: {}
3671}
3672deployment: {
3673 "node-exporter": {
3674 name: "node-exporter"
3675 kind: "daemon"
3676 replicas: 1
3677 image: "quay.io/prometheus/node-exporter:v0.16.0"
3678 expose: {
3679 port: {
3680 scrape: 9100
3681 }
3682 }
3683 port: {}
3684 arg: {}
3685 args: ["--path.procfs=/host/proc", "--path.sysfs=/host/sys"]
3686 env: {}
3687 volume: {
3688 proc: {
3689 name: "proc"
3690 mountPath: "/host/proc"
3691 subPath: null
3692 readOnly: true
3693 spec: {
3694 hostPath: {
3695 path: "/proc"
3696 }
3697 }
3698 kubernetes: {}
3699 }
3700 sys: {
3701 name: "sys"
3702 mountPath: "/host/sys"
3703 subPath: null
3704 readOnly: true
3705 spec: {
3706 hostPath: {
3707 path: "/sys"
3708 }
3709 }
3710 kubernetes: {}
3711 }
3712 }
3713 kubernetes: {
3714 spec: {
3715 template: {
3716 spec: {
3717 hostNetwork: true
3718 hostPID: true
3719 containers: [{
3720 ports: [{
3721 hostPort: 9100
3722 }]
3723 resources: {
3724 requests: {
3725 memory: "30Mi"
3726 cpu: "100m"
3727 }
3728 limits: {
3729 memory: "50Mi"
3730 cpu: "200m"
3731 }
3732 }
3733 }]
3734 }
3735 }
3736 }
3737 }
3738 label: {
3739 app: "node-exporter"
3740 domain: "prod"
3741 component: "mon"
3742 }
3743 envSpec: {}
3744 }
3745}
3746service: {
3747 "node-exporter": {
3748 name: "node-exporter"
3749 port: {
3750 scrape: {
3751 name: "metrics"
3752 port: 9100
3753 protocol: "TCP"
3754 }
3755 }
3756 kubernetes: {
3757 metadata: {
3758 annotations: {
3759 "prometheus.io/scrape": "true"
3760 }
3761 }
3762 spec: {
3763 type: "ClusterIP"
3764 clusterIP: "None"
3765 }
3766 }
3767 label: {
3768 app: "node-exporter"
3769 domain: "prod"
3770 component: "mon"
3771 }
3772 }
3773}
3774configMap: {}
3775kubernetes: {
3776 services: {
3777 "node-exporter": {
3778 apiVersion: "v1"
3779 kind: "Service"
3780 metadata: {
3781 annotations: {
3782 "prometheus.io/scrape": "true"
3783 }
3784 name: "node-exporter"
3785 labels: {
3786 app: "node-exporter"
3787 domain: "prod"
3788 component: "mon"
3789 }
3790 }
3791 spec: {
3792 type: "ClusterIP"
3793 clusterIP: "None"
3794 selector: {
3795 app: "node-exporter"
3796 domain: "prod"
3797 component: "mon"
3798 }
3799 ports: [{
3800 name: "metrics"
3801 port: 9100
3802 protocol: "TCP"
3803 }]
3804 }
3805 }
3806 }
3807 deployments: {}
3808 statefulSets: {}
3809 daemonSets: {
3810 "node-exporter": {
3811 apiVersion: "extensions/v1beta1"
3812 metadata: {
3813 name: "node-exporter"
3814 labels: {
3815 component: "mon"
3816 }
3817 }
3818 spec: {
3819 template: {
3820 metadata: {
3821 labels: {
3822 app: "node-exporter"
3823 domain: "prod"
3824 component: "mon"
3825 }
3826 }
3827 spec: {
3828 volumes: [{
3829 name: "proc"
3830 }, {
3831 name: "sys"
3832 }]
3833 hostNetwork: true
3834 hostPID: true
3835 containers: [{
3836 name: "node-exporter"
3837 image: "quay.io/prometheus/node-exporter:v0.16.0"
3838 args: ["--path.procfs=/host/proc", "--path.sysfs=/host/sys"]
3839 volumeMounts: [{
3840 name: "proc"
3841 readOnly: true
3842 mountPath: "/host/proc"
3843 }, {
3844 name: "sys"
3845 readOnly: true
3846 mountPath: "/host/sys"
3847 }]
3848 ports: [{
3849 name: "scrape"
3850 hostPort: 9100
3851 containerPort: 9100
3852 }]
3853 resources: {
3854 requests: {
3855 memory: "30Mi"
3856 cpu: "100m"
3857 }
3858 limits: {
3859 memory: "50Mi"
3860 cpu: "200m"
3861 }
3862 }
3863 }]
3864 }
3865 }
3866 }
3867 kind: "DaemonSet"
3868 }
3869 }
3870 configMaps: {}
3871}
3872deployment: {
3873 prometheus: {
3874 name: "prometheus"
3875 kind: "deployment"
3876 replicas: 1
3877 image: "prom/prometheus:v2.4.3"
3878 args: ["--config.file=/etc/prometheus/prometheus.yml", "--web.external-url=https://prometheus.example.com"]
3879 expose: {
3880 port: {
3881 web: 9090
3882 }
3883 }
3884 port: {}
3885 arg: {}
3886 env: {}
3887 volume: {
3888 "config-volume": {
3889 name: "config-volume"
3890 mountPath: "/etc/prometheus"
3891 subPath: null
3892 readOnly: false
3893 spec: {
3894 configMap: {
3895 name: "prometheus"
3896 }
3897 }
3898 kubernetes: {}
3899 }
3900 }
3901 kubernetes: {
3902 spec: {
3903 selector: {
3904 matchLabels: {
3905 app: "prometheus"
3906 }
3907 }
3908 strategy: {
3909 type: "RollingUpdate"
3910 rollingUpdate: {
3911 maxSurge: 0
3912 maxUnavailable: 1
3913 }
3914 }
3915 template: {
3916 metadata: {
3917 annotations: {
3918 "prometheus.io.scrape": "true"
3919 }
3920 }
3921 }
3922 }
3923 }
3924 label: {
3925 app: "prometheus"
3926 domain: "prod"
3927 component: "mon"
3928 }
3929 envSpec: {}
3930 }
3931}
3932service: {
3933 prometheus: {
3934 name: "prometheus"
3935 label: {
3936 name: "prometheus"
3937 app: "prometheus"
3938 domain: "prod"
3939 component: "mon"
3940 }
3941 port: {
3942 web: {
3943 name: "main"
3944 port: 9090
3945 nodePort: 30900
3946 protocol: "TCP"
3947 }
3948 }
3949 kubernetes: {
3950 metadata: {
3951 annotations: {
3952 "prometheus.io/scrape": "true"
3953 }
3954 }
3955 spec: {
3956 type: "NodePort"
3957 }
3958 }
3959 }
3960}
3961configMap: {
3962 prometheus: {
3963 "alert.rules": """
3964 groups:
3965 - name: rules.yaml
3966 rules:
3967 - alert: InstanceDown
3968 expr: up == 0
3969 for: 30s
3970 labels:
3971 severity: page
3972 annotations:
3973 description: '{{$labels.app}} of job {{ $labels.job }} has been down for more than 30 seconds.'
3974 summary: Instance {{$labels.app}} down
3975 - alert: InsufficientPeers
3976 expr: count(up{job="etcd"} == 0) > (count(up{job="etcd"}) / 2 - 1)
3977 for: 3m
3978 labels:
3979 severity: page
3980 annotations:
3981 description: If one more etcd peer goes down the cluster will be unavailable
3982 summary: etcd cluster small
3983 - alert: EtcdNoMaster
3984 expr: sum(etcd_server_has_leader{app="etcd"}) == 0
3985 for: 1s
3986 labels:
3987 severity: page
3988 annotations:
3989 summary: No ETCD master elected.
3990 - alert: PodRestart
3991 expr: (max_over_time(pod_container_status_restarts_total[5m]) - min_over_time(pod_container_status_restarts_total[5m])) > 2
3992 for: 1m
3993 labels:
3994 severity: page
3995 annotations:
3996 description: '{{$labels.app}} {{ $labels.container }} resturted {{ $value }} times in 5m.'
3997 summary: Pod for {{$labels.container}} restarts too often
3998
3999 """
4000 "prometheus.yml": """
4001 global:
4002 scrape_interval: 15s
4003 rule_files:
4004 - /etc/prometheus/alert.rules
4005 alerting:
4006 alertmanagers:
4007 - scheme: http
4008 static_configs:
4009 - targets:
4010 - alertmanager:9093
4011 scrape_configs:
4012 - job_name: kubernetes-apiservers
4013 kubernetes_sd_configs:
4014 - role: endpoints
4015 scheme: https
4016 tls_config:
4017 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
4018 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
4019 relabel_configs:
4020 - source_labels:
4021 - __meta_kubernetes_namespace
4022 - __meta_kubernetes_service_name
4023 - __meta_kubernetes_endpoint_port_name
4024 action: keep
4025 regex: default;kubernetes;https
4026 - job_name: kubernetes-nodes
4027 scheme: https
4028 tls_config:
4029 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
4030 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
4031 kubernetes_sd_configs:
4032 - role: node
4033 relabel_configs:
4034 - action: labelmap
4035 regex: __meta_kubernetes_node_label_(.+)
4036 - target_label: __address__
4037 replacement: kubernetes.default.svc:443
4038 - source_labels:
4039 - __meta_kubernetes_node_name
4040 regex: (.+)
4041 target_label: __metrics_path__
4042 replacement: /api/v1/nodes/${1}/proxy/metrics
4043 - job_name: kubernetes-cadvisor
4044 scheme: https
4045 tls_config:
4046 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
4047 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
4048 kubernetes_sd_configs:
4049 - role: node
4050 relabel_configs:
4051 - action: labelmap
4052 regex: __meta_kubernetes_node_label_(.+)
4053 - target_label: __address__
4054 replacement: kubernetes.default.svc:443
4055 - source_labels:
4056 - __meta_kubernetes_node_name
4057 regex: (.+)
4058 target_label: __metrics_path__
4059 replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
4060 - job_name: kubernetes-service-endpoints
4061 kubernetes_sd_configs:
4062 - role: endpoints
4063 relabel_configs:
4064 - source_labels:
4065 - __meta_kubernetes_service_annotation_prometheus_io_scrape
4066 action: keep
4067 regex: true
4068 - source_labels:
4069 - __meta_kubernetes_service_annotation_prometheus_io_scheme
4070 action: replace
4071 target_label: __scheme__
4072 regex: (https?)
4073 - source_labels:
4074 - __meta_kubernetes_service_annotation_prometheus_io_path
4075 action: replace
4076 target_label: __metrics_path__
4077 regex: (.+)
4078 - source_labels:
4079 - __address__
4080 - __meta_kubernetes_service_annotation_prometheus_io_port
4081 action: replace
4082 target_label: __address__
4083 regex: ([^:]+)(?::\\d+)?;(\\d+)
4084 replacement: $1:$2
4085 - action: labelmap
4086 regex: __meta_kubernetes_service_label_(.+)
4087 - source_labels:
4088 - __meta_kubernetes_namespace
4089 action: replace
4090 target_label: kubernetes_namespace
4091 - source_labels:
4092 - __meta_kubernetes_service_name
4093 action: replace
4094 target_label: kubernetes_name
4095 - job_name: kubernetes-services
4096 metrics_path: /probe
4097 params:
4098 module:
4099 - http_2xx
4100 kubernetes_sd_configs:
4101 - role: service
4102 relabel_configs:
4103 - source_labels:
4104 - __meta_kubernetes_service_annotation_prometheus_io_probe
4105 action: keep
4106 regex: true
4107 - source_labels:
4108 - __address__
4109 target_label: __param_target
4110 - target_label: __address__
4111 replacement: blackbox-exporter.example.com:9115
4112 - source_labels:
4113 - __param_target
4114 target_label: app
4115 - action: labelmap
4116 regex: __meta_kubernetes_service_label_(.+)
4117 - source_labels:
4118 - __meta_kubernetes_namespace
4119 target_label: kubernetes_namespace
4120 - source_labels:
4121 - __meta_kubernetes_service_name
4122 target_label: kubernetes_name
4123 - job_name: kubernetes-ingresses
4124 metrics_path: /probe
4125 params:
4126 module:
4127 - http_2xx
4128 kubernetes_sd_configs:
4129 - role: ingress
4130 relabel_configs:
4131 - source_labels:
4132 - __meta_kubernetes_ingress_annotation_prometheus_io_probe
4133 action: keep
4134 regex: true
4135 - source_labels:
4136 - __meta_kubernetes_ingress_scheme
4137 - __address__
4138 - __meta_kubernetes_ingress_path
4139 regex: (.+);(.+);(.+)
4140 replacement: ${1}://${2}${3}
4141 target_label: __param_target
4142 - target_label: __address__
4143 replacement: blackbox-exporter.example.com:9115
4144 - source_labels:
4145 - __param_target
4146 target_label: app
4147 - action: labelmap
4148 regex: __meta_kubernetes_ingress_label_(.+)
4149 - source_labels:
4150 - __meta_kubernetes_namespace
4151 target_label: kubernetes_namespace
4152 - source_labels:
4153 - __meta_kubernetes_ingress_name
4154 target_label: kubernetes_name
4155 - job_name: kubernetes-pods
4156 kubernetes_sd_configs:
4157 - role: pod
4158 relabel_configs:
4159 - source_labels:
4160 - __meta_kubernetes_pod_annotation_prometheus_io_scrape
4161 action: keep
4162 regex: true
4163 - source_labels:
4164 - __meta_kubernetes_pod_annotation_prometheus_io_path
4165 action: replace
4166 target_label: __metrics_path__
4167 regex: (.+)
4168 - source_labels:
4169 - __address__
4170 - __meta_kubernetes_pod_annotation_prometheus_io_port
4171 action: replace
4172 regex: ([^:]+)(?::\\d+)?;(\\d+)
4173 replacement: $1:$2
4174 target_label: __address__
4175 - action: labelmap
4176 regex: __meta_kubernetes_pod_label_(.+)
4177 - source_labels:
4178 - __meta_kubernetes_namespace
4179 action: replace
4180 target_label: kubernetes_namespace
4181 - source_labels:
4182 - __meta_kubernetes_pod_name
4183 action: replace
4184 target_label: kubernetes_pod_name
4185
4186 """
4187 }
4188}
4189kubernetes: {
4190 services: {
4191 prometheus: {
4192 apiVersion: "v1"
4193 kind: "Service"
4194 metadata: {
4195 annotations: {
4196 "prometheus.io/scrape": "true"
4197 }
4198 name: "prometheus"
4199 labels: {
4200 name: "prometheus"
4201 app: "prometheus"
4202 domain: "prod"
4203 component: "mon"
4204 }
4205 }
4206 spec: {
4207 type: "NodePort"
4208 selector: {
4209 name: "prometheus"
4210 app: "prometheus"
4211 domain: "prod"
4212 component: "mon"
4213 }
4214 ports: [{
4215 name: "main"
4216 port: 9090
4217 nodePort: 30900
4218 protocol: "TCP"
4219 }]
4220 }
4221 }
4222 }
4223 deployments: {
4224 prometheus: {
4225 apiVersion: "extensions/v1beta1"
4226 kind: "Deployment"
4227 metadata: {
4228 name: "prometheus"
4229 labels: {
4230 component: "mon"
4231 }
4232 }
4233 spec: {
4234 template: {
4235 metadata: {
4236 labels: {
4237 app: "prometheus"
4238 domain: "prod"
4239 component: "mon"
4240 }
4241 annotations: {
4242 "prometheus.io.scrape": "true"
4243 }
4244 }
4245 spec: {
4246 containers: [{
4247 name: "prometheus"
4248 image: "prom/prometheus:v2.4.3"
4249 args: ["--config.file=/etc/prometheus/prometheus.yml", "--web.external-url=https://prometheus.example.com"]
4250 volumeMounts: [{
4251 name: "config-volume"
4252 mountPath: "/etc/prometheus"
4253 }]
4254 ports: [{
4255 name: "web"
4256 containerPort: 9090
4257 }]
4258 }]
4259 volumes: [{
4260 name: "config-volume"
4261 }]
4262 }
4263 }
4264 selector: {
4265 matchLabels: {
4266 app: "prometheus"
4267 }
4268 }
4269 strategy: {
4270 type: "RollingUpdate"
4271 rollingUpdate: {
4272 maxSurge: 0
4273 maxUnavailable: 1
4274 }
4275 }
4276 replicas: 1
4277 }
4278 }
4279 }
4280 statefulSets: {}
4281 daemonSets: {}
4282 configMaps: {
4283 prometheus: {
4284 apiVersion: "v1"
4285 kind: "ConfigMap"
4286 metadata: {
4287 name: "prometheus"
4288 labels: {
4289 component: "mon"
4290 }
4291 }
4292 data: {
4293 "alert.rules": """
4294 groups:
4295 - name: rules.yaml
4296 rules:
4297 - alert: InstanceDown
4298 expr: up == 0
4299 for: 30s
4300 labels:
4301 severity: page
4302 annotations:
4303 description: '{{$labels.app}} of job {{ $labels.job }} has been down for more than 30 seconds.'
4304 summary: Instance {{$labels.app}} down
4305 - alert: InsufficientPeers
4306 expr: count(up{job="etcd"} == 0) > (count(up{job="etcd"}) / 2 - 1)
4307 for: 3m
4308 labels:
4309 severity: page
4310 annotations:
4311 description: If one more etcd peer goes down the cluster will be unavailable
4312 summary: etcd cluster small
4313 - alert: EtcdNoMaster
4314 expr: sum(etcd_server_has_leader{app="etcd"}) == 0
4315 for: 1s
4316 labels:
4317 severity: page
4318 annotations:
4319 summary: No ETCD master elected.
4320 - alert: PodRestart
4321 expr: (max_over_time(pod_container_status_restarts_total[5m]) - min_over_time(pod_container_status_restarts_total[5m])) > 2
4322 for: 1m
4323 labels:
4324 severity: page
4325 annotations:
4326 description: '{{$labels.app}} {{ $labels.container }} resturted {{ $value }} times in 5m.'
4327 summary: Pod for {{$labels.container}} restarts too often
4328
4329 """
4330 "prometheus.yml": """
4331 global:
4332 scrape_interval: 15s
4333 rule_files:
4334 - /etc/prometheus/alert.rules
4335 alerting:
4336 alertmanagers:
4337 - scheme: http
4338 static_configs:
4339 - targets:
4340 - alertmanager:9093
4341 scrape_configs:
4342 - job_name: kubernetes-apiservers
4343 kubernetes_sd_configs:
4344 - role: endpoints
4345 scheme: https
4346 tls_config:
4347 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
4348 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
4349 relabel_configs:
4350 - source_labels:
4351 - __meta_kubernetes_namespace
4352 - __meta_kubernetes_service_name
4353 - __meta_kubernetes_endpoint_port_name
4354 action: keep
4355 regex: default;kubernetes;https
4356 - job_name: kubernetes-nodes
4357 scheme: https
4358 tls_config:
4359 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
4360 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
4361 kubernetes_sd_configs:
4362 - role: node
4363 relabel_configs:
4364 - action: labelmap
4365 regex: __meta_kubernetes_node_label_(.+)
4366 - target_label: __address__
4367 replacement: kubernetes.default.svc:443
4368 - source_labels:
4369 - __meta_kubernetes_node_name
4370 regex: (.+)
4371 target_label: __metrics_path__
4372 replacement: /api/v1/nodes/${1}/proxy/metrics
4373 - job_name: kubernetes-cadvisor
4374 scheme: https
4375 tls_config:
4376 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
4377 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
4378 kubernetes_sd_configs:
4379 - role: node
4380 relabel_configs:
4381 - action: labelmap
4382 regex: __meta_kubernetes_node_label_(.+)
4383 - target_label: __address__
4384 replacement: kubernetes.default.svc:443
4385 - source_labels:
4386 - __meta_kubernetes_node_name
4387 regex: (.+)
4388 target_label: __metrics_path__
4389 replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
4390 - job_name: kubernetes-service-endpoints
4391 kubernetes_sd_configs:
4392 - role: endpoints
4393 relabel_configs:
4394 - source_labels:
4395 - __meta_kubernetes_service_annotation_prometheus_io_scrape
4396 action: keep
4397 regex: true
4398 - source_labels:
4399 - __meta_kubernetes_service_annotation_prometheus_io_scheme
4400 action: replace
4401 target_label: __scheme__
4402 regex: (https?)
4403 - source_labels:
4404 - __meta_kubernetes_service_annotation_prometheus_io_path
4405 action: replace
4406 target_label: __metrics_path__
4407 regex: (.+)
4408 - source_labels:
4409 - __address__
4410 - __meta_kubernetes_service_annotation_prometheus_io_port
4411 action: replace
4412 target_label: __address__
4413 regex: ([^:]+)(?::\\d+)?;(\\d+)
4414 replacement: $1:$2
4415 - action: labelmap
4416 regex: __meta_kubernetes_service_label_(.+)
4417 - source_labels:
4418 - __meta_kubernetes_namespace
4419 action: replace
4420 target_label: kubernetes_namespace
4421 - source_labels:
4422 - __meta_kubernetes_service_name
4423 action: replace
4424 target_label: kubernetes_name
4425 - job_name: kubernetes-services
4426 metrics_path: /probe
4427 params:
4428 module:
4429 - http_2xx
4430 kubernetes_sd_configs:
4431 - role: service
4432 relabel_configs:
4433 - source_labels:
4434 - __meta_kubernetes_service_annotation_prometheus_io_probe
4435 action: keep
4436 regex: true
4437 - source_labels:
4438 - __address__
4439 target_label: __param_target
4440 - target_label: __address__
4441 replacement: blackbox-exporter.example.com:9115
4442 - source_labels:
4443 - __param_target
4444 target_label: app
4445 - action: labelmap
4446 regex: __meta_kubernetes_service_label_(.+)
4447 - source_labels:
4448 - __meta_kubernetes_namespace
4449 target_label: kubernetes_namespace
4450 - source_labels:
4451 - __meta_kubernetes_service_name
4452 target_label: kubernetes_name
4453 - job_name: kubernetes-ingresses
4454 metrics_path: /probe
4455 params:
4456 module:
4457 - http_2xx
4458 kubernetes_sd_configs:
4459 - role: ingress
4460 relabel_configs:
4461 - source_labels:
4462 - __meta_kubernetes_ingress_annotation_prometheus_io_probe
4463 action: keep
4464 regex: true
4465 - source_labels:
4466 - __meta_kubernetes_ingress_scheme
4467 - __address__
4468 - __meta_kubernetes_ingress_path
4469 regex: (.+);(.+);(.+)
4470 replacement: ${1}://${2}${3}
4471 target_label: __param_target
4472 - target_label: __address__
4473 replacement: blackbox-exporter.example.com:9115
4474 - source_labels:
4475 - __param_target
4476 target_label: app
4477 - action: labelmap
4478 regex: __meta_kubernetes_ingress_label_(.+)
4479 - source_labels:
4480 - __meta_kubernetes_namespace
4481 target_label: kubernetes_namespace
4482 - source_labels:
4483 - __meta_kubernetes_ingress_name
4484 target_label: kubernetes_name
4485 - job_name: kubernetes-pods
4486 kubernetes_sd_configs:
4487 - role: pod
4488 relabel_configs:
4489 - source_labels:
4490 - __meta_kubernetes_pod_annotation_prometheus_io_scrape
4491 action: keep
4492 regex: true
4493 - source_labels:
4494 - __meta_kubernetes_pod_annotation_prometheus_io_path
4495 action: replace
4496 target_label: __metrics_path__
4497 regex: (.+)
4498 - source_labels:
4499 - __address__
4500 - __meta_kubernetes_pod_annotation_prometheus_io_port
4501 action: replace
4502 regex: ([^:]+)(?::\\d+)?;(\\d+)
4503 replacement: $1:$2
4504 target_label: __address__
4505 - action: labelmap
4506 regex: __meta_kubernetes_pod_label_(.+)
4507 - source_labels:
4508 - __meta_kubernetes_namespace
4509 action: replace
4510 target_label: kubernetes_namespace
4511 - source_labels:
4512 - __meta_kubernetes_pod_name
4513 action: replace
4514 target_label: kubernetes_pod_name
4515
4516 """
4517 }
4518 }
4519 }
4520}
4521deployment: {}
4522service: {}
4523configMap: {}
4524kubernetes: {
4525 services: {}
4526 deployments: {}
4527 statefulSets: {}
4528 daemonSets: {}
4529 configMaps: {}
4530}
4531deployment: {
4532 authproxy: {
4533 name: "authproxy"
4534 kind: "deployment"
4535 replicas: 1
4536 image: "skippy/oauth2_proxy:2.0.1"
4537 args: ["--config=/etc/authproxy/authproxy.cfg"]
4538 expose: {
4539 port: {
4540 client: 4180
4541 }
4542 }
4543 port: {}
4544 arg: {}
4545 env: {}
4546 volume: {
4547 "config-volume": {
4548 name: "config-volume"
4549 mountPath: "/etc/authproxy"
4550 subPath: null
4551 readOnly: false
4552 spec: {
4553 configMap: {
4554 name: "authproxy"
4555 }
4556 }
4557 kubernetes: {}
4558 }
4559 }
4560 label: {
4561 app: "authproxy"
4562 domain: "prod"
4563 component: "proxy"
4564 }
4565 kubernetes: {}
4566 envSpec: {}
4567 }
4568}
4569service: {
4570 authproxy: {
4571 name: "authproxy"
4572 port: {
4573 client: {
4574 name: "client"
4575 port: 4180
4576 protocol: "TCP"
4577 }
4578 }
4579 label: {
4580 app: "authproxy"
4581 domain: "prod"
4582 component: "proxy"
4583 }
4584 kubernetes: {}
4585 }
4586}
4587configMap: {
4588 authproxy: {
4589 "authproxy.cfg": """
4590 # Google Auth Proxy Config File
4591 ## https://github.com/bitly/google_auth_proxy
4592
4593 ## <addr>:<port> to listen on for HTTP clients
4594 http_address = "0.0.0.0:4180"
4595
4596 ## the OAuth Redirect URL.
4597 redirect_url = "https://auth.example.com/oauth2/callback"
4598
4599 ## the http url(s) of the upstream endpoint. If multiple, routing is based on path
4600 upstreams = [
4601 # frontend
4602 "http://frontend-waiter:7080/dpr/",
4603 "http://frontend-maitred:7080/ui/",
4604 "http://frontend-maitred:7080/ui",
4605 "http://frontend-maitred:7080/report/",
4606 "http://frontend-maitred:7080/report",
4607 "http://frontend-maitred:7080/static/",
4608 # kitchen
4609 "http://kitchen-chef:8080/visit",
4610 # infrastructure
4611 "http://download:7080/file/",
4612 "http://download:7080/archive",
4613 "http://tasks:7080/tasks",
4614 "http://tasks:7080/tasks/",
4615 ]
4616
4617 ## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
4618 pass_basic_auth = true
4619 request_logging = true
4620
4621 ## Google Apps Domains to allow authentication for
4622 google_apps_domains = [
4623 "mod.test",
4624 ]
4625
4626 email_domains = [
4627 "mod.test",
4628 ]
4629
4630 ## The Google OAuth Client ID, Secret
4631 client_id = "---"
4632 client_secret = "---"
4633
4634 ## Cookie Settings
4635 ## Secret - the seed string for secure cookies
4636 ## Domain - optional cookie domain to force cookies to (ie: .yourcompany.com)
4637 ## Expire - expire timeframe for cookie
4638 cookie_secret = "won't tell you"
4639 cookie_domain = ".example.com"
4640 cookie_https_only = true
4641 """
4642 }
4643}
4644kubernetes: {
4645 services: {
4646 authproxy: {
4647 apiVersion: "v1"
4648 kind: "Service"
4649 metadata: {
4650 name: "authproxy"
4651 labels: {
4652 app: "authproxy"
4653 domain: "prod"
4654 component: "proxy"
4655 }
4656 }
4657 spec: {
4658 selector: {
4659 app: "authproxy"
4660 domain: "prod"
4661 component: "proxy"
4662 }
4663 ports: [{
4664 name: "client"
4665 port: 4180
4666 protocol: "TCP"
4667 }]
4668 }
4669 }
4670 }
4671 deployments: {
4672 authproxy: {
4673 apiVersion: "extensions/v1beta1"
4674 kind: "Deployment"
4675 metadata: {
4676 name: "authproxy"
4677 labels: {
4678 component: "proxy"
4679 }
4680 }
4681 spec: {
4682 template: {
4683 metadata: {
4684 labels: {
4685 app: "authproxy"
4686 domain: "prod"
4687 component: "proxy"
4688 }
4689 }
4690 spec: {
4691 containers: [{
4692 name: "authproxy"
4693 image: "skippy/oauth2_proxy:2.0.1"
4694 args: ["--config=/etc/authproxy/authproxy.cfg"]
4695 volumeMounts: [{
4696 name: "config-volume"
4697 mountPath: "/etc/authproxy"
4698 }]
4699 ports: [{
4700 name: "client"
4701 containerPort: 4180
4702 }]
4703 }]
4704 volumes: [{
4705 name: "config-volume"
4706 }]
4707 }
4708 }
4709 replicas: 1
4710 }
4711 }
4712 }
4713 statefulSets: {}
4714 daemonSets: {}
4715 configMaps: {
4716 authproxy: {
4717 apiVersion: "v1"
4718 kind: "ConfigMap"
4719 metadata: {
4720 name: "authproxy"
4721 labels: {
4722 component: "proxy"
4723 }
4724 }
4725 data: {
4726 "authproxy.cfg": """
4727 # Google Auth Proxy Config File
4728 ## https://github.com/bitly/google_auth_proxy
4729
4730 ## <addr>:<port> to listen on for HTTP clients
4731 http_address = "0.0.0.0:4180"
4732
4733 ## the OAuth Redirect URL.
4734 redirect_url = "https://auth.example.com/oauth2/callback"
4735
4736 ## the http url(s) of the upstream endpoint. If multiple, routing is based on path
4737 upstreams = [
4738 # frontend
4739 "http://frontend-waiter:7080/dpr/",
4740 "http://frontend-maitred:7080/ui/",
4741 "http://frontend-maitred:7080/ui",
4742 "http://frontend-maitred:7080/report/",
4743 "http://frontend-maitred:7080/report",
4744 "http://frontend-maitred:7080/static/",
4745 # kitchen
4746 "http://kitchen-chef:8080/visit",
4747 # infrastructure
4748 "http://download:7080/file/",
4749 "http://download:7080/archive",
4750 "http://tasks:7080/tasks",
4751 "http://tasks:7080/tasks/",
4752 ]
4753
4754 ## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
4755 pass_basic_auth = true
4756 request_logging = true
4757
4758 ## Google Apps Domains to allow authentication for
4759 google_apps_domains = [
4760 "mod.test",
4761 ]
4762
4763 email_domains = [
4764 "mod.test",
4765 ]
4766
4767 ## The Google OAuth Client ID, Secret
4768 client_id = "---"
4769 client_secret = "---"
4770
4771 ## Cookie Settings
4772 ## Secret - the seed string for secure cookies
4773 ## Domain - optional cookie domain to force cookies to (ie: .yourcompany.com)
4774 ## Expire - expire timeframe for cookie
4775 cookie_secret = "won't tell you"
4776 cookie_domain = ".example.com"
4777 cookie_https_only = true
4778 """
4779 }
4780 }
4781 }
4782}
4783deployment: {
4784 goget: {
4785 name: "goget"
4786 kind: "deployment"
4787 replicas: 1
4788 image: "gcr.io/myproj/goget:v0.5.1"
4789 expose: {
4790 port: {
4791 https: 7443
4792 }
4793 }
4794 port: {}
4795 arg: {}
4796 args: []
4797 env: {}
4798 volume: {
4799 "secret-volume": {
4800 name: "secret-volume"
4801 mountPath: "/etc/ssl"
4802 subPath: null
4803 readOnly: false
4804 spec: {
4805 secret: {
4806 secretName: "goget-secrets"
4807 }
4808 }
4809 kubernetes: {}
4810 }
4811 }
4812 label: {
4813 app: "goget"
4814 domain: "prod"
4815 component: "proxy"
4816 }
4817 kubernetes: {}
4818 envSpec: {}
4819 }
4820}
4821service: {
4822 goget: {
4823 name: "goget"
4824 port: {
4825 http: {
4826 name: "http"
4827 port: 443
4828 protocol: "TCP"
4829 }
4830 https: {
4831 name: "https"
4832 port: 7443
4833 protocol: "TCP"
4834 }
4835 }
4836 kubernetes: {
4837 spec: {
4838 type: "LoadBalancer"
4839 loadBalancerIP: "1.3.5.7"
4840 }
4841 }
4842 label: {
4843 app: "goget"
4844 domain: "prod"
4845 component: "proxy"
4846 }
4847 }
4848}
4849configMap: {}
4850kubernetes: {
4851 services: {
4852 goget: {
4853 apiVersion: "v1"
4854 kind: "Service"
4855 spec: {
4856 type: "LoadBalancer"
4857 selector: {
4858 app: "goget"
4859 domain: "prod"
4860 component: "proxy"
4861 }
4862 ports: [{
4863 name: "http"
4864 port: 443
4865 protocol: "TCP"
4866 }, {
4867 name: "https"
4868 port: 7443
4869 protocol: "TCP"
4870 }]
4871 loadBalancerIP: "1.3.5.7"
4872 }
4873 metadata: {
4874 name: "goget"
4875 labels: {
4876 app: "goget"
4877 domain: "prod"
4878 component: "proxy"
4879 }
4880 }
4881 }
4882 }
4883 deployments: {
4884 goget: {
4885 apiVersion: "extensions/v1beta1"
4886 kind: "Deployment"
4887 metadata: {
4888 name: "goget"
4889 labels: {
4890 component: "proxy"
4891 }
4892 }
4893 spec: {
4894 template: {
4895 metadata: {
4896 labels: {
4897 app: "goget"
4898 domain: "prod"
4899 component: "proxy"
4900 }
4901 }
4902 spec: {
4903 containers: [{
4904 name: "goget"
4905 image: "gcr.io/myproj/goget:v0.5.1"
4906 args: []
4907 volumeMounts: [{
4908 name: "secret-volume"
4909 mountPath: "/etc/ssl"
4910 }]
4911 ports: [{
4912 name: "https"
4913 containerPort: 7443
4914 }]
4915 }]
4916 volumes: [{
4917 name: "secret-volume"
4918 }]
4919 }
4920 }
4921 replicas: 1
4922 }
4923 }
4924 }
4925 statefulSets: {}
4926 daemonSets: {}
4927 configMaps: {}
4928}
4929deployment: {
4930 nginx: {
4931 name: "nginx"
4932 kind: "deployment"
4933 replicas: 1
4934 image: "nginx:1.11.10-alpine"
4935 expose: {
4936 port: {
4937 http: 80
4938 https: 443
4939 }
4940 }
4941 port: {}
4942 arg: {}
4943 args: []
4944 env: {}
4945 volume: {
4946 "secret-volume": {
4947 name: "secret-volume"
4948 mountPath: "/etc/ssl"
4949 subPath: null
4950 readOnly: false
4951 spec: {
4952 secret: {
4953 secretName: "proxy-secrets"
4954 }
4955 }
4956 kubernetes: {}
4957 }
4958 "config-volume": {
4959 name: "config-volume"
4960 mountPath: "/etc/nginx/nginx.conf"
4961 subPath: "nginx.conf"
4962 readOnly: false
4963 spec: {
4964 configMap: {
4965 name: "nginx"
4966 }
4967 }
4968 kubernetes: {}
4969 }
4970 }
4971 label: {
4972 app: "nginx"
4973 domain: "prod"
4974 component: "proxy"
4975 }
4976 kubernetes: {}
4977 envSpec: {}
4978 }
4979}
4980service: {
4981 nginx: {
4982 name: "nginx"
4983 port: {
4984 http: {
4985 name: "http"
4986 port: 80
4987 protocol: "TCP"
4988 }
4989 https: {
4990 name: "https"
4991 port: 443
4992 protocol: "TCP"
4993 }
4994 }
4995 kubernetes: {
4996 spec: {
4997 type: "LoadBalancer"
4998 loadBalancerIP: "1.3.4.5"
4999 }
5000 }
5001 label: {
5002 app: "nginx"
5003 domain: "prod"
5004 component: "proxy"
5005 }
5006 }
5007}
5008configMap: {
5009 nginx: {
5010 "nginx.conf": """
5011 events {
5012 worker_connections 768;
5013 }
5014 http {
5015 sendfile on;
5016 tcp_nopush on;
5017 tcp_nodelay on;
5018 # needs to be high for some download jobs.
5019 keepalive_timeout 400;
5020 # proxy_connect_timeout 300;
5021 proxy_send_timeout 300;
5022 proxy_read_timeout 300;
5023 send_timeout 300;
5024
5025 types_hash_max_size 2048;
5026
5027 include /etc/nginx/mime.types;
5028 default_type application/octet-stream;
5029
5030 access_log /dev/stdout;
5031 error_log /dev/stdout;
5032
5033 # Disable POST body size constraints. We often deal with large
5034 # files. Especially docker containers may be large.
5035 client_max_body_size 0;
5036
5037 upstream goget {
5038 server localhost:7070;
5039 }
5040
5041 # Redirect incoming Google Cloud Storage notifications:
5042 server {
5043 listen 443 ssl;
5044 server_name notify.example.com notify2.example.com;
5045
5046 ssl_certificate /etc/ssl/server.crt;
5047 ssl_certificate_key /etc/ssl/server.key;
5048
5049 # Security enhancements to deal with poodles and the like.
5050 # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
5051 # ssl_ciphers 'AES256+EECDH:AES256+EDH';
5052 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
5053
5054 # We don't like poodles.
5055 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
5056 ssl_session_cache shared:SSL:10m;
5057
5058 # Enable Forward secrecy.
5059 ssl_dhparam /etc/ssl/dhparam.pem;
5060 ssl_prefer_server_ciphers on;
5061
5062 # Enable HTST.
5063 add_header Strict-Transport-Security max-age=1209600;
5064
5065 # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
5066 chunked_transfer_encoding on;
5067
5068 location / {
5069 proxy_pass http://tasks:7080;
5070 proxy_connect_timeout 1;
5071 }
5072 }
5073
5074 server {
5075 listen 80;
5076 listen 443 ssl;
5077 server_name x.example.com example.io;
5078
5079 location ~ "(/[^/]+)(/.*)?" {
5080 set $myhost $host;
5081 if ($arg_go-get = "1") {
5082 set $myhost "goget";
5083 }
5084 proxy_pass http://$myhost$1;
5085 proxy_set_header Host $host;
5086 proxy_set_header X-Real-IP $remote_addr;
5087 proxy_set_header X-Scheme $scheme;
5088 proxy_connect_timeout 1;
5089 }
5090
5091 location / {
5092 set $myhost $host;
5093 if ($arg_go-get = "1") {
5094 set $myhost "goget";
5095 }
5096 proxy_pass http://$myhost;
5097 proxy_set_header Host $host;
5098 proxy_set_header X-Real-IP $remote_addr;
5099 proxy_set_header X-Scheme $scheme;
5100 proxy_connect_timeout 1;
5101 }
5102 }
5103
5104 server {
5105 listen 80;
5106 server_name www.example.com w.example.com;
5107
5108 resolver 8.8.8.8;
5109
5110 location / {
5111 proxy_set_header X-Forwarded-Host $host;
5112 proxy_set_header X-Forwarded-Server $host;
5113 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
5114 proxy_set_header X-Real-IP $remote_addr;
5115
5116 proxy_pass http://$host.default.example.appspot.com/$request_uri;
5117 proxy_redirect http://$host.default.example.appspot.com/ /;
5118 }
5119 }
5120
5121 # Kubernetes URI space. Maps URIs paths to specific servers using the
5122 # proxy.
5123 server {
5124 listen 80;
5125 listen 443 ssl;
5126 server_name proxy.example.com;
5127
5128 ssl_certificate /etc/ssl/server.crt;
5129 ssl_certificate_key /etc/ssl/server.key;
5130
5131 # Security enhancements to deal with poodles and the like.
5132 # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
5133 # ssl_ciphers 'AES256+EECDH:AES256+EDH';
5134 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
5135
5136 # We don't like poodles.
5137 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
5138 ssl_session_cache shared:SSL:10m;
5139
5140 # Enable Forward secrecy.
5141 ssl_dhparam /etc/ssl/dhparam.pem;
5142 ssl_prefer_server_ciphers on;
5143
5144 # Enable HTST.
5145 add_header Strict-Transport-Security max-age=1209600;
5146
5147 if ($ssl_protocol = "") {
5148 rewrite ^ https://$host$request_uri? permanent;
5149 }
5150
5151 # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
5152 chunked_transfer_encoding on;
5153
5154 location / {
5155 proxy_pass http://kubeproxy:4180;
5156 proxy_set_header Host $host;
5157 proxy_set_header X-Real-IP $remote_addr;
5158 proxy_set_header X-Scheme $scheme;
5159 proxy_connect_timeout 1;
5160 }
5161 }
5162
5163 server {
5164 # We could add the following line and the connection would still be SSL,
5165 # but it doesn't appear to be necessary. Seems saver this way.
5166 listen 80;
5167 listen 443 default ssl;
5168 server_name ~^(?<sub>.*)\\.example\\.com$;
5169
5170 ssl_certificate /etc/ssl/server.crt;
5171 ssl_certificate_key /etc/ssl/server.key;
5172
5173 # Security enhancements to deal with poodles and the like.
5174 # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
5175 # ssl_ciphers 'AES256+EECDH:AES256+EDH';
5176 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
5177
5178 # We don't like poodles.
5179 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
5180 ssl_session_cache shared:SSL:10m;
5181
5182 # Enable Forward secrecy.
5183 ssl_dhparam /etc/ssl/dhparam.pem;
5184 ssl_prefer_server_ciphers on;
5185
5186 # Enable HTST.
5187 add_header Strict-Transport-Security max-age=1209600;
5188
5189 if ($ssl_protocol = "") {
5190 rewrite ^ https://$host$request_uri? permanent;
5191 }
5192
5193 # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
5194 chunked_transfer_encoding on;
5195
5196 location / {
5197 proxy_pass http://authproxy:4180;
5198 proxy_set_header Host $host;
5199 proxy_set_header X-Real-IP $remote_addr;
5200 proxy_set_header X-Scheme $scheme;
5201 proxy_connect_timeout 1;
5202 }
5203 }
5204 }
5205 """
5206 }
5207}
5208kubernetes: {
5209 services: {
5210 nginx: {
5211 apiVersion: "v1"
5212 kind: "Service"
5213 spec: {
5214 type: "LoadBalancer"
5215 selector: {
5216 app: "nginx"
5217 domain: "prod"
5218 component: "proxy"
5219 }
5220 ports: [{
5221 name: "http"
5222 port: 80
5223 protocol: "TCP"
5224 }, {
5225 name: "https"
5226 port: 443
5227 protocol: "TCP"
5228 }]
5229 loadBalancerIP: "1.3.4.5"
5230 }
5231 metadata: {
5232 name: "nginx"
5233 labels: {
5234 app: "nginx"
5235 domain: "prod"
5236 component: "proxy"
5237 }
5238 }
5239 }
5240 }
5241 deployments: {
5242 nginx: {
5243 apiVersion: "extensions/v1beta1"
5244 kind: "Deployment"
5245 metadata: {
5246 name: "nginx"
5247 labels: {
5248 component: "proxy"
5249 }
5250 }
5251 spec: {
5252 template: {
5253 metadata: {
5254 labels: {
5255 app: "nginx"
5256 domain: "prod"
5257 component: "proxy"
5258 }
5259 }
5260 spec: {
5261 containers: [{
5262 name: "nginx"
5263 image: "nginx:1.11.10-alpine"
5264 args: []
5265 volumeMounts: [{
5266 name: "secret-volume"
5267 mountPath: "/etc/ssl"
5268 }, {
5269 name: "config-volume"
5270 subPath: "nginx.conf"
5271 mountPath: "/etc/nginx/nginx.conf"
5272 }]
5273 ports: [{
5274 name: "http"
5275 containerPort: 80
5276 }, {
5277 name: "https"
5278 containerPort: 443
5279 }]
5280 }]
5281 volumes: [{
5282 name: "secret-volume"
5283 }, {
5284 name: "config-volume"
5285 }]
5286 }
5287 }
5288 replicas: 1
5289 }
5290 }
5291 }
5292 statefulSets: {}
5293 daemonSets: {}
5294 configMaps: {
5295 nginx: {
5296 apiVersion: "v1"
5297 kind: "ConfigMap"
5298 metadata: {
5299 name: "nginx"
5300 labels: {
5301 component: "proxy"
5302 }
5303 }
5304 data: {
5305 "nginx.conf": """
5306 events {
5307 worker_connections 768;
5308 }
5309 http {
5310 sendfile on;
5311 tcp_nopush on;
5312 tcp_nodelay on;
5313 # needs to be high for some download jobs.
5314 keepalive_timeout 400;
5315 # proxy_connect_timeout 300;
5316 proxy_send_timeout 300;
5317 proxy_read_timeout 300;
5318 send_timeout 300;
5319
5320 types_hash_max_size 2048;
5321
5322 include /etc/nginx/mime.types;
5323 default_type application/octet-stream;
5324
5325 access_log /dev/stdout;
5326 error_log /dev/stdout;
5327
5328 # Disable POST body size constraints. We often deal with large
5329 # files. Especially docker containers may be large.
5330 client_max_body_size 0;
5331
5332 upstream goget {
5333 server localhost:7070;
5334 }
5335
5336 # Redirect incoming Google Cloud Storage notifications:
5337 server {
5338 listen 443 ssl;
5339 server_name notify.example.com notify2.example.com;
5340
5341 ssl_certificate /etc/ssl/server.crt;
5342 ssl_certificate_key /etc/ssl/server.key;
5343
5344 # Security enhancements to deal with poodles and the like.
5345 # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
5346 # ssl_ciphers 'AES256+EECDH:AES256+EDH';
5347 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
5348
5349 # We don't like poodles.
5350 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
5351 ssl_session_cache shared:SSL:10m;
5352
5353 # Enable Forward secrecy.
5354 ssl_dhparam /etc/ssl/dhparam.pem;
5355 ssl_prefer_server_ciphers on;
5356
5357 # Enable HTST.
5358 add_header Strict-Transport-Security max-age=1209600;
5359
5360 # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
5361 chunked_transfer_encoding on;
5362
5363 location / {
5364 proxy_pass http://tasks:7080;
5365 proxy_connect_timeout 1;
5366 }
5367 }
5368
5369 server {
5370 listen 80;
5371 listen 443 ssl;
5372 server_name x.example.com example.io;
5373
5374 location ~ "(/[^/]+)(/.*)?" {
5375 set $myhost $host;
5376 if ($arg_go-get = "1") {
5377 set $myhost "goget";
5378 }
5379 proxy_pass http://$myhost$1;
5380 proxy_set_header Host $host;
5381 proxy_set_header X-Real-IP $remote_addr;
5382 proxy_set_header X-Scheme $scheme;
5383 proxy_connect_timeout 1;
5384 }
5385
5386 location / {
5387 set $myhost $host;
5388 if ($arg_go-get = "1") {
5389 set $myhost "goget";
5390 }
5391 proxy_pass http://$myhost;
5392 proxy_set_header Host $host;
5393 proxy_set_header X-Real-IP $remote_addr;
5394 proxy_set_header X-Scheme $scheme;
5395 proxy_connect_timeout 1;
5396 }
5397 }
5398
5399 server {
5400 listen 80;
5401 server_name www.example.com w.example.com;
5402
5403 resolver 8.8.8.8;
5404
5405 location / {
5406 proxy_set_header X-Forwarded-Host $host;
5407 proxy_set_header X-Forwarded-Server $host;
5408 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
5409 proxy_set_header X-Real-IP $remote_addr;
5410
5411 proxy_pass http://$host.default.example.appspot.com/$request_uri;
5412 proxy_redirect http://$host.default.example.appspot.com/ /;
5413 }
5414 }
5415
5416 # Kubernetes URI space. Maps URIs paths to specific servers using the
5417 # proxy.
5418 server {
5419 listen 80;
5420 listen 443 ssl;
5421 server_name proxy.example.com;
5422
5423 ssl_certificate /etc/ssl/server.crt;
5424 ssl_certificate_key /etc/ssl/server.key;
5425
5426 # Security enhancements to deal with poodles and the like.
5427 # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
5428 # ssl_ciphers 'AES256+EECDH:AES256+EDH';
5429 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
5430
5431 # We don't like poodles.
5432 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
5433 ssl_session_cache shared:SSL:10m;
5434
5435 # Enable Forward secrecy.
5436 ssl_dhparam /etc/ssl/dhparam.pem;
5437 ssl_prefer_server_ciphers on;
5438
5439 # Enable HTST.
5440 add_header Strict-Transport-Security max-age=1209600;
5441
5442 if ($ssl_protocol = "") {
5443 rewrite ^ https://$host$request_uri? permanent;
5444 }
5445
5446 # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
5447 chunked_transfer_encoding on;
5448
5449 location / {
5450 proxy_pass http://kubeproxy:4180;
5451 proxy_set_header Host $host;
5452 proxy_set_header X-Real-IP $remote_addr;
5453 proxy_set_header X-Scheme $scheme;
5454 proxy_connect_timeout 1;
5455 }
5456 }
5457
5458 server {
5459 # We could add the following line and the connection would still be SSL,
5460 # but it doesn't appear to be necessary. Seems saver this way.
5461 listen 80;
5462 listen 443 default ssl;
5463 server_name ~^(?<sub>.*)\\.example\\.com$;
5464
5465 ssl_certificate /etc/ssl/server.crt;
5466 ssl_certificate_key /etc/ssl/server.key;
5467
5468 # Security enhancements to deal with poodles and the like.
5469 # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
5470 # ssl_ciphers 'AES256+EECDH:AES256+EDH';
5471 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
5472
5473 # We don't like poodles.
5474 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
5475 ssl_session_cache shared:SSL:10m;
5476
5477 # Enable Forward secrecy.
5478 ssl_dhparam /etc/ssl/dhparam.pem;
5479 ssl_prefer_server_ciphers on;
5480
5481 # Enable HTST.
5482 add_header Strict-Transport-Security max-age=1209600;
5483
5484 if ($ssl_protocol = "") {
5485 rewrite ^ https://$host$request_uri? permanent;
5486 }
5487
5488 # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
5489 chunked_transfer_encoding on;
5490
5491 location / {
5492 proxy_pass http://authproxy:4180;
5493 proxy_set_header Host $host;
5494 proxy_set_header X-Real-IP $remote_addr;
5495 proxy_set_header X-Scheme $scheme;
5496 proxy_connect_timeout 1;
5497 }
5498 }
5499 }
5500 """
5501 }
5502 }
5503 }
5504}
View as plain text