...

Text file src/cuelang.org/go/doc/tutorial/kubernetes/testdata/quick.out

Documentation: cuelang.org/go/doc/tutorial/kubernetes/testdata

     1service: {}
     2deployment: {}
     3#Component: string
     4daemonSet: {}
     5statefulSet: {}
     6configMap: {}
     7service: {}
     8deployment: {}
     9#Component: "frontend"
    10daemonSet: {}
    11statefulSet: {}
    12configMap: {}
    13service: {
    14    bartender: {
    15        spec: {
    16            ports: [{
    17                port:       7080
    18                targetPort: 7080
    19                name:       "client"
    20                protocol:   "TCP"
    21            }]
    22            selector: {
    23                app:       "bartender"
    24                domain:    "prod"
    25                component: "frontend"
    26            }
    27        }
    28        metadata: {
    29            name: "bartender"
    30            labels: {
    31                app:       "bartender"
    32                domain:    "prod"
    33                component: "frontend"
    34            }
    35        }
    36        kind:       "Service"
    37        apiVersion: "v1"
    38    }
    39}
    40deployment: {
    41    bartender: {
    42        spec: {
    43            replicas: 1
    44            selector: {}
    45            template: {
    46                metadata: {
    47                    labels: {
    48                        app:       "bartender"
    49                        domain:    "prod"
    50                        component: "frontend"
    51                    }
    52                    annotations: {
    53                        "prometheus.io.scrape": "true"
    54                        "prometheus.io.port":   "7080"
    55                    }
    56                }
    57                spec: {
    58                    containers: [{
    59                        name:  "bartender"
    60                        image: "gcr.io/myproj/bartender:v0.1.34"
    61                        args: []
    62                        ports: [{
    63                            containerPort: 7080
    64                        }]
    65                    }]
    66                }
    67            }
    68        }
    69        metadata: {
    70            name: "bartender"
    71            labels: {
    72                component: "frontend"
    73            }
    74        }
    75        kind:       "Deployment"
    76        apiVersion: "apps/v1"
    77    }
    78}
    79#Component: "frontend"
    80daemonSet: {}
    81statefulSet: {}
    82configMap: {}
    83service: {
    84    breaddispatcher: {
    85        spec: {
    86            ports: [{
    87                port:       7080
    88                targetPort: 7080
    89                name:       "client"
    90                protocol:   "TCP"
    91            }]
    92            selector: {
    93                app:       "breaddispatcher"
    94                domain:    "prod"
    95                component: "frontend"
    96            }
    97        }
    98        metadata: {
    99            name: "breaddispatcher"
   100            labels: {
   101                app:       "breaddispatcher"
   102                domain:    "prod"
   103                component: "frontend"
   104            }
   105        }
   106        kind:       "Service"
   107        apiVersion: "v1"
   108    }
   109}
   110deployment: {
   111    breaddispatcher: {
   112        spec: {
   113            replicas: 1
   114            selector: {}
   115            template: {
   116                metadata: {
   117                    labels: {
   118                        app:       "breaddispatcher"
   119                        domain:    "prod"
   120                        component: "frontend"
   121                    }
   122                    annotations: {
   123                        "prometheus.io.scrape": "true"
   124                        "prometheus.io.port":   "7080"
   125                    }
   126                }
   127                spec: {
   128                    containers: [{
   129                        name:  "breaddispatcher"
   130                        image: "gcr.io/myproj/breaddispatcher:v0.3.24"
   131                        args: ["-etcd=etcd:2379", "-event-server=events:7788"]
   132                        ports: [{
   133                            containerPort: 7080
   134                        }]
   135                    }]
   136                }
   137            }
   138        }
   139        metadata: {
   140            name: "breaddispatcher"
   141            labels: {
   142                component: "frontend"
   143            }
   144        }
   145        kind:       "Deployment"
   146        apiVersion: "apps/v1"
   147    }
   148}
   149#Component: "frontend"
   150daemonSet: {}
   151statefulSet: {}
   152configMap: {}
   153service: {
   154    host: {
   155        spec: {
   156            ports: [{
   157                port:       7080
   158                targetPort: 7080
   159                name:       "client"
   160                protocol:   "TCP"
   161            }]
   162            selector: {
   163                app:       "host"
   164                domain:    "prod"
   165                component: "frontend"
   166            }
   167        }
   168        metadata: {
   169            name: "host"
   170            labels: {
   171                app:       "host"
   172                domain:    "prod"
   173                component: "frontend"
   174            }
   175        }
   176        kind:       "Service"
   177        apiVersion: "v1"
   178    }
   179}
   180deployment: {
   181    host: {
   182        spec: {
   183            replicas: 2
   184            selector: {}
   185            template: {
   186                metadata: {
   187                    labels: {
   188                        app:       "host"
   189                        domain:    "prod"
   190                        component: "frontend"
   191                    }
   192                    annotations: {
   193                        "prometheus.io.scrape": "true"
   194                        "prometheus.io.port":   "7080"
   195                    }
   196                }
   197                spec: {
   198                    containers: [{
   199                        name:  "host"
   200                        image: "gcr.io/myproj/host:v0.1.10"
   201                        args: []
   202                        ports: [{
   203                            containerPort: 7080
   204                        }]
   205                    }]
   206                }
   207            }
   208        }
   209        metadata: {
   210            name: "host"
   211            labels: {
   212                component: "frontend"
   213            }
   214        }
   215        kind:       "Deployment"
   216        apiVersion: "apps/v1"
   217    }
   218}
   219#Component: "frontend"
   220daemonSet: {}
   221statefulSet: {}
   222configMap: {}
   223service: {
   224    maitred: {
   225        spec: {
   226            ports: [{
   227                port:       7080
   228                targetPort: 7080
   229                name:       "client"
   230                protocol:   "TCP"
   231            }]
   232            selector: {
   233                app:       "maitred"
   234                domain:    "prod"
   235                component: "frontend"
   236            }
   237        }
   238        metadata: {
   239            name: "maitred"
   240            labels: {
   241                app:       "maitred"
   242                domain:    "prod"
   243                component: "frontend"
   244            }
   245        }
   246        kind:       "Service"
   247        apiVersion: "v1"
   248    }
   249}
   250deployment: {
   251    maitred: {
   252        spec: {
   253            replicas: 1
   254            selector: {}
   255            template: {
   256                metadata: {
   257                    labels: {
   258                        app:       "maitred"
   259                        domain:    "prod"
   260                        component: "frontend"
   261                    }
   262                    annotations: {
   263                        "prometheus.io.scrape": "true"
   264                        "prometheus.io.port":   "7080"
   265                    }
   266                }
   267                spec: {
   268                    containers: [{
   269                        name:  "maitred"
   270                        image: "gcr.io/myproj/maitred:v0.0.4"
   271                        args: []
   272                        ports: [{
   273                            containerPort: 7080
   274                        }]
   275                    }]
   276                }
   277            }
   278        }
   279        metadata: {
   280            name: "maitred"
   281            labels: {
   282                component: "frontend"
   283            }
   284        }
   285        kind:       "Deployment"
   286        apiVersion: "apps/v1"
   287    }
   288}
   289#Component: "frontend"
   290daemonSet: {}
   291statefulSet: {}
   292configMap: {}
   293service: {
   294    valeter: {
   295        spec: {
   296            ports: [{
   297                name:       "http"
   298                port:       8080
   299                protocol:   "TCP"
   300                targetPort: 8080
   301            }]
   302            selector: {
   303                app:       "valeter"
   304                domain:    "prod"
   305                component: "frontend"
   306            }
   307        }
   308        metadata: {
   309            name: "valeter"
   310            labels: {
   311                app:       "valeter"
   312                domain:    "prod"
   313                component: "frontend"
   314            }
   315        }
   316        kind:       "Service"
   317        apiVersion: "v1"
   318    }
   319}
   320deployment: {
   321    valeter: {
   322        spec: {
   323            replicas: 1
   324            selector: {}
   325            template: {
   326                metadata: {
   327                    labels: {
   328                        app:       "valeter"
   329                        domain:    "prod"
   330                        component: "frontend"
   331                    }
   332                    annotations: {
   333                        "prometheus.io.scrape": "true"
   334                        "prometheus.io.port":   "8080"
   335                    }
   336                }
   337                spec: {
   338                    containers: [{
   339                        name:  "valeter"
   340                        image: "gcr.io/myproj/valeter:v0.0.4"
   341                        ports: [{
   342                            containerPort: 8080
   343                        }]
   344                        args: ["-http=:8080", "-etcd=etcd:2379"]
   345                    }]
   346                }
   347            }
   348        }
   349        metadata: {
   350            name: "valeter"
   351            labels: {
   352                component: "frontend"
   353            }
   354        }
   355        kind:       "Deployment"
   356        apiVersion: "apps/v1"
   357    }
   358}
   359#Component: "frontend"
   360daemonSet: {}
   361statefulSet: {}
   362configMap: {}
   363service: {
   364    waiter: {
   365        spec: {
   366            ports: [{
   367                port:       7080
   368                targetPort: 7080
   369                name:       "client"
   370                protocol:   "TCP"
   371            }]
   372            selector: {
   373                app:       "waiter"
   374                domain:    "prod"
   375                component: "frontend"
   376            }
   377        }
   378        metadata: {
   379            name: "waiter"
   380            labels: {
   381                app:       "waiter"
   382                domain:    "prod"
   383                component: "frontend"
   384            }
   385        }
   386        kind:       "Service"
   387        apiVersion: "v1"
   388    }
   389}
   390deployment: {
   391    waiter: {
   392        spec: {
   393            replicas: 5
   394            selector: {}
   395            template: {
   396                metadata: {
   397                    labels: {
   398                        app:       "waiter"
   399                        domain:    "prod"
   400                        component: "frontend"
   401                    }
   402                    annotations: {
   403                        "prometheus.io.scrape": "true"
   404                        "prometheus.io.port":   "7080"
   405                    }
   406                }
   407                spec: {
   408                    containers: [{
   409                        name:  "waiter"
   410                        image: "gcr.io/myproj/waiter:v0.3.0"
   411                        ports: [{
   412                            containerPort: 7080
   413                        }]
   414                    }]
   415                }
   416            }
   417        }
   418        metadata: {
   419            name: "waiter"
   420            labels: {
   421                component: "frontend"
   422            }
   423        }
   424        kind:       "Deployment"
   425        apiVersion: "apps/v1"
   426    }
   427}
   428#Component: "frontend"
   429daemonSet: {}
   430statefulSet: {}
   431configMap: {}
   432service: {
   433    waterdispatcher: {
   434        spec: {
   435            ports: [{
   436                name:       "http"
   437                port:       7080
   438                protocol:   "TCP"
   439                targetPort: 7080
   440            }]
   441            selector: {
   442                app:       "waterdispatcher"
   443                domain:    "prod"
   444                component: "frontend"
   445            }
   446        }
   447        metadata: {
   448            name: "waterdispatcher"
   449            labels: {
   450                app:       "waterdispatcher"
   451                domain:    "prod"
   452                component: "frontend"
   453            }
   454        }
   455        kind:       "Service"
   456        apiVersion: "v1"
   457    }
   458}
   459deployment: {
   460    waterdispatcher: {
   461        spec: {
   462            replicas: 1
   463            selector: {}
   464            template: {
   465                metadata: {
   466                    labels: {
   467                        app:       "waterdispatcher"
   468                        domain:    "prod"
   469                        component: "frontend"
   470                    }
   471                    annotations: {
   472                        "prometheus.io.scrape": "true"
   473                        "prometheus.io.port":   "7080"
   474                    }
   475                }
   476                spec: {
   477                    containers: [{
   478                        name:  "waterdispatcher"
   479                        image: "gcr.io/myproj/waterdispatcher:v0.0.48"
   480                        args: ["-http=:8080", "-etcd=etcd:2379"]
   481                        ports: [{
   482                            containerPort: 7080
   483                        }]
   484                    }]
   485                }
   486            }
   487        }
   488        metadata: {
   489            name: "waterdispatcher"
   490            labels: {
   491                component: "frontend"
   492            }
   493        }
   494        kind:       "Deployment"
   495        apiVersion: "apps/v1"
   496    }
   497}
   498#Component: "frontend"
   499daemonSet: {}
   500statefulSet: {}
   501configMap: {}
   502service: {}
   503deployment: {}
   504#Component: "infra"
   505daemonSet: {}
   506statefulSet: {}
   507configMap: {}
   508service: {
   509    download: {
   510        spec: {
   511            ports: [{
   512                port:       7080
   513                targetPort: 7080
   514                name:       "client"
   515                protocol:   "TCP"
   516            }]
   517            selector: {
   518                app:       "download"
   519                domain:    "prod"
   520                component: "infra"
   521            }
   522        }
   523        metadata: {
   524            name: "download"
   525            labels: {
   526                app:       "download"
   527                domain:    "prod"
   528                component: "infra"
   529            }
   530        }
   531        kind:       "Service"
   532        apiVersion: "v1"
   533    }
   534}
   535deployment: {
   536    download: {
   537        spec: {
   538            replicas: 1
   539            selector: {}
   540            template: {
   541                metadata: {
   542                    labels: {
   543                        app:       "download"
   544                        domain:    "prod"
   545                        component: "infra"
   546                    }
   547                }
   548                spec: {
   549                    containers: [{
   550                        name:  "download"
   551                        image: "gcr.io/myproj/download:v0.0.2"
   552                        ports: [{
   553                            containerPort: 7080
   554                        }]
   555                    }]
   556                }
   557            }
   558        }
   559        metadata: {
   560            name: "download"
   561            labels: {
   562                component: "infra"
   563            }
   564        }
   565        kind:       "Deployment"
   566        apiVersion: "apps/v1"
   567    }
   568}
   569#Component: "infra"
   570daemonSet: {}
   571statefulSet: {}
   572configMap: {}
   573service: {
   574    etcd: {
   575        spec: {
   576            clusterIP: "None"
   577            ports: [{
   578                port:       2379
   579                targetPort: 2379
   580                name:       "client"
   581                protocol:   "TCP"
   582            }, {
   583                name:       "peer"
   584                port:       2380
   585                protocol:   "TCP"
   586                targetPort: 2380
   587            }]
   588            selector: {
   589                app:       "etcd"
   590                component: "infra"
   591                domain:    "prod"
   592            }
   593        }
   594        metadata: {
   595            name: "etcd"
   596            labels: {
   597                app:       "etcd"
   598                domain:    "prod"
   599                component: "infra"
   600            }
   601        }
   602        kind:       "Service"
   603        apiVersion: "v1"
   604    }
   605}
   606deployment: {}
   607#Component: "infra"
   608daemonSet: {}
   609statefulSet: {
   610    etcd: {
   611        spec: {
   612            serviceName: "etcd"
   613            replicas:    3
   614            selector: {}
   615            template: {
   616                metadata: {
   617                    labels: {
   618                        app:       "etcd"
   619                        component: "infra"
   620                        domain:    "prod"
   621                    }
   622                    annotations: {
   623                        "prometheus.io.scrape": "true"
   624                        "prometheus.io.port":   "2379"
   625                    }
   626                }
   627                spec: {
   628                    affinity: {
   629                        podAntiAffinity: {
   630                            requiredDuringSchedulingIgnoredDuringExecution: [{
   631                                labelSelector: {
   632                                    matchExpressions: [{
   633                                        key:      "app"
   634                                        operator: "In"
   635                                        values: ["etcd"]
   636                                    }]
   637                                }
   638                                topologyKey: "kubernetes.io/hostname"
   639                            }]
   640                        }
   641                    }
   642                    terminationGracePeriodSeconds: 10
   643                    containers: [{
   644                        name:  "etcd"
   645                        image: "quay.io/coreos/etcd:v3.3.10"
   646                        ports: [{
   647                            name:          "client"
   648                            containerPort: 2379
   649                        }, {
   650                            name:          "peer"
   651                            containerPort: 2380
   652                        }]
   653                        livenessProbe: {
   654                            httpGet: {
   655                                path: "/health"
   656                                port: "client"
   657                            }
   658                            initialDelaySeconds: 30
   659                        }
   660                        volumeMounts: [{
   661                            name:      "etcd3"
   662                            mountPath: "/data"
   663                        }]
   664                        env: [{
   665                            name:  "ETCDCTL_API"
   666                            value: "3"
   667                        }, {
   668                            name:  "ETCD_AUTO_COMPACTION_RETENTION"
   669                            value: "4"
   670                        }, {
   671                            name: "NAME"
   672                            valueFrom: {
   673                                fieldRef: {
   674                                    fieldPath: "metadata.name"
   675                                }
   676                            }
   677                        }, {
   678                            name: "IP"
   679                            valueFrom: {
   680                                fieldRef: {
   681                                    fieldPath: "status.podIP"
   682                                }
   683                            }
   684                        }]
   685                        command: ["/usr/local/bin/etcd"]
   686                        args: ["-name", "$(NAME)", "-data-dir", "/data/etcd3", "-initial-advertise-peer-urls", "http://$(IP):2380", "-listen-peer-urls", "http://$(IP):2380", "-listen-client-urls", "http://$(IP):2379,http://127.0.0.1:2379", "-advertise-client-urls", "http://$(IP):2379", "-discovery", "https://discovery.etcd.io/xxxxxx"]
   687                    }]
   688                }
   689            }
   690            volumeClaimTemplates: [{
   691                metadata: {
   692                    name: "etcd3"
   693                    annotations: {
   694                        "volume.alpha.kubernetes.io/storage-class": "default"
   695                    }
   696                }
   697                spec: {
   698                    accessModes: ["ReadWriteOnce"]
   699                    resources: {
   700                        requests: {
   701                            storage: "10Gi"
   702                        }
   703                    }
   704                }
   705            }]
   706        }
   707        metadata: {
   708            name: "etcd"
   709            labels: {
   710                component: "infra"
   711            }
   712        }
   713        kind:       "StatefulSet"
   714        apiVersion: "apps/v1"
   715    }
   716}
   717configMap: {}
   718service: {
   719    events: {
   720        spec: {
   721            ports: [{
   722                name:       "grpc"
   723                port:       7788
   724                protocol:   "TCP"
   725                targetPort: 7788
   726            }]
   727            selector: {
   728                app:       "events"
   729                domain:    "prod"
   730                component: "infra"
   731            }
   732        }
   733        metadata: {
   734            name: "events"
   735            labels: {
   736                app:       "events"
   737                domain:    "prod"
   738                component: "infra"
   739            }
   740        }
   741        kind:       "Service"
   742        apiVersion: "v1"
   743    }
   744}
   745deployment: {
   746    events: {
   747        spec: {
   748            replicas: 2
   749            selector: {}
   750            template: {
   751                metadata: {
   752                    labels: {
   753                        app:       "events"
   754                        domain:    "prod"
   755                        component: "infra"
   756                    }
   757                    annotations: {
   758                        "prometheus.io.scrape": "true"
   759                        "prometheus.io.port":   "7080"
   760                    }
   761                }
   762                spec: {
   763                    affinity: {
   764                        podAntiAffinity: {
   765                            requiredDuringSchedulingIgnoredDuringExecution: [{
   766                                labelSelector: {
   767                                    matchExpressions: [{
   768                                        key:      "app"
   769                                        operator: "In"
   770                                        values: ["events"]
   771                                    }]
   772                                }
   773                                topologyKey: "kubernetes.io/hostname"
   774                            }]
   775                        }
   776                    }
   777                    volumes: [{
   778                        name: "secret-volume"
   779                        secret: {
   780                            secretName: "biz-secrets"
   781                        }
   782                    }]
   783                    containers: [{
   784                        name:  "events"
   785                        image: "gcr.io/myproj/events:v0.1.31"
   786                        ports: [{
   787                            containerPort: 7080
   788                        }, {
   789                            containerPort: 7788
   790                        }]
   791                        args: ["-cert=/etc/ssl/server.pem", "-key=/etc/ssl/server.key", "-grpc=:7788"]
   792                        volumeMounts: [{
   793                            mountPath: "/etc/ssl"
   794                            name:      "secret-volume"
   795                        }]
   796                    }]
   797                }
   798            }
   799        }
   800        metadata: {
   801            name: "events"
   802            labels: {
   803                component: "infra"
   804            }
   805        }
   806        kind:       "Deployment"
   807        apiVersion: "apps/v1"
   808    }
   809}
   810#Component: "infra"
   811daemonSet: {}
   812statefulSet: {}
   813configMap: {}
   814service: {
   815    tasks: {
   816        spec: {
   817            type:           "LoadBalancer"
   818            loadBalancerIP: "1.2.3.4"
   819            ports: [{
   820                port:       443
   821                name:       "http"
   822                protocol:   "TCP"
   823                targetPort: 7443
   824            }]
   825            selector: {
   826                app:       "tasks"
   827                domain:    "prod"
   828                component: "infra"
   829            }
   830        }
   831        metadata: {
   832            name: "tasks"
   833            labels: {
   834                app:       "tasks"
   835                domain:    "prod"
   836                component: "infra"
   837            }
   838        }
   839        kind:       "Service"
   840        apiVersion: "v1"
   841    }
   842}
   843deployment: {
   844    tasks: {
   845        spec: {
   846            replicas: 1
   847            selector: {}
   848            template: {
   849                metadata: {
   850                    labels: {
   851                        app:       "tasks"
   852                        domain:    "prod"
   853                        component: "infra"
   854                    }
   855                    annotations: {
   856                        "prometheus.io.scrape": "true"
   857                        "prometheus.io.port":   "7080"
   858                    }
   859                }
   860                spec: {
   861                    volumes: [{
   862                        name: "secret-volume"
   863                        secret: {
   864                            secretName: "star-example-com-secrets"
   865                        }
   866                    }]
   867                    containers: [{
   868                        name:  "tasks"
   869                        image: "gcr.io/myproj/tasks:v0.2.6"
   870                        ports: [{
   871                            containerPort: 7080
   872                        }, {
   873                            containerPort: 7443
   874                        }]
   875                        volumeMounts: [{
   876                            mountPath: "/etc/ssl"
   877                            name:      "secret-volume"
   878                        }]
   879                    }]
   880                }
   881            }
   882        }
   883        metadata: {
   884            name: "tasks"
   885            labels: {
   886                component: "infra"
   887            }
   888        }
   889        kind:       "Deployment"
   890        apiVersion: "apps/v1"
   891    }
   892}
   893#Component: "infra"
   894daemonSet: {}
   895statefulSet: {}
   896configMap: {}
   897service: {
   898    updater: {
   899        spec: {
   900            ports: [{
   901                port:       8080
   902                targetPort: 8080
   903                name:       "client"
   904                protocol:   "TCP"
   905            }]
   906            selector: {
   907                app:       "updater"
   908                domain:    "prod"
   909                component: "infra"
   910            }
   911        }
   912        metadata: {
   913            name: "updater"
   914            labels: {
   915                app:       "updater"
   916                domain:    "prod"
   917                component: "infra"
   918            }
   919        }
   920        kind:       "Service"
   921        apiVersion: "v1"
   922    }
   923}
   924deployment: {
   925    updater: {
   926        spec: {
   927            replicas: 1
   928            selector: {}
   929            template: {
   930                metadata: {
   931                    labels: {
   932                        app:       "updater"
   933                        domain:    "prod"
   934                        component: "infra"
   935                    }
   936                }
   937                spec: {
   938                    volumes: [{
   939                        name: "secret-updater"
   940                        secret: {
   941                            secretName: "updater-secrets"
   942                        }
   943                    }]
   944                    containers: [{
   945                        name:  "updater"
   946                        image: "gcr.io/myproj/updater:v0.1.0"
   947                        volumeMounts: [{
   948                            mountPath: "/etc/certs"
   949                            name:      "secret-updater"
   950                        }]
   951                        ports: [{
   952                            containerPort: 8080
   953                        }]
   954                        args: ["-key=/etc/certs/updater.pem"]
   955                    }]
   956                }
   957            }
   958        }
   959        metadata: {
   960            name: "updater"
   961            labels: {
   962                component: "infra"
   963            }
   964        }
   965        kind:       "Deployment"
   966        apiVersion: "apps/v1"
   967    }
   968}
   969#Component: "infra"
   970daemonSet: {}
   971statefulSet: {}
   972configMap: {}
   973service: {
   974    watcher: {
   975        spec: {
   976            type:           "LoadBalancer"
   977            loadBalancerIP: "1.2.3.4."
   978            ports: [{
   979                name:       "http"
   980                port:       7788
   981                protocol:   "TCP"
   982                targetPort: 7788
   983            }]
   984            selector: {
   985                app:       "watcher"
   986                domain:    "prod"
   987                component: "infra"
   988            }
   989        }
   990        metadata: {
   991            name: "watcher"
   992            labels: {
   993                app:       "watcher"
   994                domain:    "prod"
   995                component: "infra"
   996            }
   997        }
   998        kind:       "Service"
   999        apiVersion: "v1"
  1000    }
  1001}
  1002deployment: {
  1003    watcher: {
  1004        spec: {
  1005            replicas: 1
  1006            selector: {}
  1007            template: {
  1008                metadata: {
  1009                    labels: {
  1010                        app:       "watcher"
  1011                        domain:    "prod"
  1012                        component: "infra"
  1013                    }
  1014                }
  1015                spec: {
  1016                    volumes: [{
  1017                        name: "secret-volume"
  1018                        secret: {
  1019                            secretName: "star-example-com-secrets"
  1020                        }
  1021                    }]
  1022                    containers: [{
  1023                        name:  "watcher"
  1024                        image: "gcr.io/myproj/watcher:v0.1.0"
  1025                        ports: [{
  1026                            containerPort: 7080
  1027                        }, {
  1028                            containerPort: 7788
  1029                        }]
  1030                        volumeMounts: [{
  1031                            mountPath: "/etc/ssl"
  1032                            name:      "secret-volume"
  1033                        }]
  1034                    }]
  1035                }
  1036            }
  1037        }
  1038        metadata: {
  1039            name: "watcher"
  1040            labels: {
  1041                component: "infra"
  1042            }
  1043        }
  1044        kind:       "Deployment"
  1045        apiVersion: "apps/v1"
  1046    }
  1047}
  1048#Component: "infra"
  1049daemonSet: {}
  1050statefulSet: {}
  1051configMap: {}
  1052service: {}
  1053deployment: {}
  1054#Component: "kitchen"
  1055daemonSet: {}
  1056statefulSet: {}
  1057configMap: {}
  1058service: {
  1059    caller: {
  1060        spec: {
  1061            ports: [{
  1062                port:       8080
  1063                targetPort: 8080
  1064                name:       "client"
  1065                protocol:   "TCP"
  1066            }]
  1067            selector: {
  1068                app:       "caller"
  1069                domain:    "prod"
  1070                component: "kitchen"
  1071            }
  1072        }
  1073        metadata: {
  1074            name: "caller"
  1075            labels: {
  1076                app:       "caller"
  1077                domain:    "prod"
  1078                component: "kitchen"
  1079            }
  1080        }
  1081        kind:       "Service"
  1082        apiVersion: "v1"
  1083    }
  1084}
  1085deployment: {
  1086    caller: {
  1087        spec: {
  1088            replicas: 3
  1089            selector: {}
  1090            template: {
  1091                metadata: {
  1092                    labels: {
  1093                        app:       "caller"
  1094                        domain:    "prod"
  1095                        component: "kitchen"
  1096                    }
  1097                    annotations: {
  1098                        "prometheus.io.scrape": "true"
  1099                    }
  1100                }
  1101                spec: {
  1102                    volumes: [{
  1103                        name: "ssd-caller"
  1104                        gcePersistentDisk: {
  1105                            pdName: "ssd-caller"
  1106                            fsType: "ext4"
  1107                        }
  1108                    }, {
  1109                        name: "secret-caller"
  1110                        secret: {
  1111                            secretName: "caller-secrets"
  1112                        }
  1113                    }, {
  1114                        name: "secret-ssh-key"
  1115                        secret: {
  1116                            secretName: "secrets"
  1117                        }
  1118                    }]
  1119                    containers: [{
  1120                        name:  "caller"
  1121                        image: "gcr.io/myproj/caller:v0.20.14"
  1122                        volumeMounts: [{
  1123                            name:      "ssd-caller"
  1124                            mountPath: "/logs"
  1125                        }, {
  1126                            mountPath: "/etc/certs"
  1127                            name:      "secret-caller"
  1128                            readOnly:  true
  1129                        }, {
  1130                            mountPath: "/sslcerts"
  1131                            name:      "secret-ssh-key"
  1132                            readOnly:  true
  1133                        }]
  1134                        args: ["-env=prod", "-key=/etc/certs/client.key", "-cert=/etc/certs/client.pem", "-ca=/etc/certs/servfx.ca", "-ssh-tunnel-key=/sslcerts/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788"]
  1135                        ports: [{
  1136                            containerPort: 8080
  1137                        }]
  1138                        livenessProbe: {
  1139                            httpGet: {
  1140                                path: "/debug/health"
  1141                                port: 8080
  1142                            }
  1143                            initialDelaySeconds: 40
  1144                            periodSeconds:       3
  1145                        }
  1146                    }]
  1147                }
  1148            }
  1149        }
  1150        metadata: {
  1151            name: "caller"
  1152            labels: {
  1153                component: "kitchen"
  1154            }
  1155        }
  1156        kind:       "Deployment"
  1157        apiVersion: "apps/v1"
  1158    }
  1159}
  1160#Component: "kitchen"
  1161daemonSet: {}
  1162statefulSet: {}
  1163configMap: {}
  1164service: {
  1165    dishwasher: {
  1166        spec: {
  1167            ports: [{
  1168                port:       8080
  1169                targetPort: 8080
  1170                name:       "client"
  1171                protocol:   "TCP"
  1172            }]
  1173            selector: {
  1174                app:       "dishwasher"
  1175                domain:    "prod"
  1176                component: "kitchen"
  1177            }
  1178        }
  1179        metadata: {
  1180            name: "dishwasher"
  1181            labels: {
  1182                app:       "dishwasher"
  1183                domain:    "prod"
  1184                component: "kitchen"
  1185            }
  1186        }
  1187        kind:       "Service"
  1188        apiVersion: "v1"
  1189    }
  1190}
  1191deployment: {
  1192    dishwasher: {
  1193        spec: {
  1194            replicas: 5
  1195            selector: {}
  1196            template: {
  1197                metadata: {
  1198                    labels: {
  1199                        app:       "dishwasher"
  1200                        domain:    "prod"
  1201                        component: "kitchen"
  1202                    }
  1203                    annotations: {
  1204                        "prometheus.io.scrape": "true"
  1205                    }
  1206                }
  1207                spec: {
  1208                    volumes: [{
  1209                        name: "dishwasher-disk"
  1210                        gcePersistentDisk: {
  1211                            pdName: "dishwasher-disk"
  1212                            fsType: "ext4"
  1213                        }
  1214                    }, {
  1215                        name: "secret-dishwasher"
  1216                        secret: {
  1217                            secretName: "dishwasher-secrets"
  1218                        }
  1219                    }, {
  1220                        name: "secret-ssh-key"
  1221                        secret: {
  1222                            secretName: "dishwasher-secrets"
  1223                        }
  1224                    }]
  1225                    containers: [{
  1226                        name:  "dishwasher"
  1227                        image: "gcr.io/myproj/dishwasher:v0.2.13"
  1228                        volumeMounts: [{
  1229                            name:      "dishwasher-disk"
  1230                            mountPath: "/logs"
  1231                        }, {
  1232                            mountPath: "/sslcerts"
  1233                            name:      "secret-dishwasher"
  1234                            readOnly:  true
  1235                        }, {
  1236                            mountPath: "/etc/certs"
  1237                            name:      "secret-ssh-key"
  1238                            readOnly:  true
  1239                        }]
  1240                        args: ["-env=prod", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788"]
  1241                        ports: [{
  1242                            containerPort: 8080
  1243                        }]
  1244                        livenessProbe: {
  1245                            httpGet: {
  1246                                path: "/debug/health"
  1247                                port: 8080
  1248                            }
  1249                            initialDelaySeconds: 40
  1250                            periodSeconds:       3
  1251                        }
  1252                    }]
  1253                }
  1254            }
  1255        }
  1256        metadata: {
  1257            name: "dishwasher"
  1258            labels: {
  1259                component: "kitchen"
  1260            }
  1261        }
  1262        kind:       "Deployment"
  1263        apiVersion: "apps/v1"
  1264    }
  1265}
  1266#Component: "kitchen"
  1267daemonSet: {}
  1268statefulSet: {}
  1269configMap: {}
  1270service: {
  1271    expiditer: {
  1272        spec: {
  1273            ports: [{
  1274                port:       8080
  1275                targetPort: 8080
  1276                name:       "client"
  1277                protocol:   "TCP"
  1278            }]
  1279            selector: {
  1280                app:       "expiditer"
  1281                domain:    "prod"
  1282                component: "kitchen"
  1283            }
  1284        }
  1285        metadata: {
  1286            name: "expiditer"
  1287            labels: {
  1288                app:       "expiditer"
  1289                domain:    "prod"
  1290                component: "kitchen"
  1291            }
  1292        }
  1293        kind:       "Service"
  1294        apiVersion: "v1"
  1295    }
  1296}
  1297deployment: {
  1298    expiditer: {
  1299        spec: {
  1300            replicas: 1
  1301            selector: {}
  1302            template: {
  1303                metadata: {
  1304                    labels: {
  1305                        app:       "expiditer"
  1306                        domain:    "prod"
  1307                        component: "kitchen"
  1308                    }
  1309                    annotations: {
  1310                        "prometheus.io.scrape": "true"
  1311                    }
  1312                }
  1313                spec: {
  1314                    volumes: [{
  1315                        name: "expiditer-disk"
  1316                        gcePersistentDisk: {
  1317                            pdName: "expiditer-disk"
  1318                            fsType: "ext4"
  1319                        }
  1320                    }, {
  1321                        name: "secret-expiditer"
  1322                        secret: {
  1323                            secretName: "expiditer-secrets"
  1324                        }
  1325                    }]
  1326                    containers: [{
  1327                        name:  "expiditer"
  1328                        image: "gcr.io/myproj/expiditer:v0.5.34"
  1329                        args: ["-env=prod", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788"]
  1330                        ports: [{
  1331                            containerPort: 8080
  1332                        }]
  1333                        volumeMounts: [{
  1334                            name:      "expiditer-disk"
  1335                            mountPath: "/logs"
  1336                        }, {
  1337                            mountPath: "/etc/certs"
  1338                            name:      "secret-expiditer"
  1339                            readOnly:  true
  1340                        }]
  1341                        livenessProbe: {
  1342                            httpGet: {
  1343                                path: "/debug/health"
  1344                                port: 8080
  1345                            }
  1346                            initialDelaySeconds: 40
  1347                            periodSeconds:       3
  1348                        }
  1349                    }]
  1350                }
  1351            }
  1352        }
  1353        metadata: {
  1354            name: "expiditer"
  1355            labels: {
  1356                component: "kitchen"
  1357            }
  1358        }
  1359        kind:       "Deployment"
  1360        apiVersion: "apps/v1"
  1361    }
  1362}
  1363#Component: "kitchen"
  1364daemonSet: {}
  1365statefulSet: {}
  1366configMap: {}
  1367service: {
  1368    headchef: {
  1369        spec: {
  1370            ports: [{
  1371                port:       8080
  1372                targetPort: 8080
  1373                name:       "client"
  1374                protocol:   "TCP"
  1375            }]
  1376            selector: {
  1377                app:       "headchef"
  1378                domain:    "prod"
  1379                component: "kitchen"
  1380            }
  1381        }
  1382        metadata: {
  1383            name: "headchef"
  1384            labels: {
  1385                app:       "headchef"
  1386                domain:    "prod"
  1387                component: "kitchen"
  1388            }
  1389        }
  1390        kind:       "Service"
  1391        apiVersion: "v1"
  1392    }
  1393}
  1394deployment: {
  1395    headchef: {
  1396        spec: {
  1397            replicas: 1
  1398            selector: {}
  1399            template: {
  1400                metadata: {
  1401                    labels: {
  1402                        app:       "headchef"
  1403                        domain:    "prod"
  1404                        component: "kitchen"
  1405                    }
  1406                    annotations: {
  1407                        "prometheus.io.scrape": "true"
  1408                    }
  1409                }
  1410                spec: {
  1411                    volumes: [{
  1412                        name: "headchef-disk"
  1413                        gcePersistentDisk: {
  1414                            pdName: "headchef-disk"
  1415                            fsType: "ext4"
  1416                        }
  1417                    }, {
  1418                        name: "secret-headchef"
  1419                        secret: {
  1420                            secretName: "headchef-secrets"
  1421                        }
  1422                    }]
  1423                    containers: [{
  1424                        name:  "headchef"
  1425                        image: "gcr.io/myproj/headchef:v0.2.16"
  1426                        volumeMounts: [{
  1427                            name:      "headchef-disk"
  1428                            mountPath: "/logs"
  1429                        }, {
  1430                            mountPath: "/sslcerts"
  1431                            name:      "secret-headchef"
  1432                            readOnly:  true
  1433                        }]
  1434                        args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788"]
  1435                        ports: [{
  1436                            containerPort: 8080
  1437                        }]
  1438                        livenessProbe: {
  1439                            httpGet: {
  1440                                path: "/debug/health"
  1441                                port: 8080
  1442                            }
  1443                            initialDelaySeconds: 40
  1444                            periodSeconds:       3
  1445                        }
  1446                    }]
  1447                }
  1448            }
  1449        }
  1450        metadata: {
  1451            name: "headchef"
  1452            labels: {
  1453                component: "kitchen"
  1454            }
  1455        }
  1456        kind:       "Deployment"
  1457        apiVersion: "apps/v1"
  1458    }
  1459}
  1460#Component: "kitchen"
  1461daemonSet: {}
  1462statefulSet: {}
  1463configMap: {}
  1464service: {
  1465    linecook: {
  1466        spec: {
  1467            ports: [{
  1468                port:       8080
  1469                targetPort: 8080
  1470                name:       "client"
  1471                protocol:   "TCP"
  1472            }]
  1473            selector: {
  1474                app:       "linecook"
  1475                domain:    "prod"
  1476                component: "kitchen"
  1477            }
  1478        }
  1479        metadata: {
  1480            name: "linecook"
  1481            labels: {
  1482                app:       "linecook"
  1483                domain:    "prod"
  1484                component: "kitchen"
  1485            }
  1486        }
  1487        kind:       "Service"
  1488        apiVersion: "v1"
  1489    }
  1490}
  1491deployment: {
  1492    linecook: {
  1493        spec: {
  1494            replicas: 1
  1495            selector: {}
  1496            template: {
  1497                metadata: {
  1498                    labels: {
  1499                        app:       "linecook"
  1500                        domain:    "prod"
  1501                        component: "kitchen"
  1502                    }
  1503                    annotations: {
  1504                        "prometheus.io.scrape": "true"
  1505                    }
  1506                }
  1507                spec: {
  1508                    volumes: [{
  1509                        name: "linecook-disk"
  1510                        gcePersistentDisk: {
  1511                            pdName: "linecook-disk"
  1512                            fsType: "ext4"
  1513                        }
  1514                    }, {
  1515                        name: "secret-kitchen"
  1516                        secret: {
  1517                            secretName: "secrets"
  1518                        }
  1519                    }]
  1520                    containers: [{
  1521                        name:  "linecook"
  1522                        image: "gcr.io/myproj/linecook:v0.1.42"
  1523                        volumeMounts: [{
  1524                            name:      "linecook-disk"
  1525                            mountPath: "/logs"
  1526                        }, {
  1527                            name:      "secret-kitchen"
  1528                            mountPath: "/etc/certs"
  1529                            readOnly:  true
  1530                        }]
  1531                        args: ["-name=linecook", "-env=prod", "-logdir=/logs", "-event-server=events:7788", "-etcd", "etcd:2379", "-reconnect-delay", "1h", "-recovery-overlap", "100000"]
  1532                        ports: [{
  1533                            containerPort: 8080
  1534                        }]
  1535                        livenessProbe: {
  1536                            httpGet: {
  1537                                path: "/debug/health"
  1538                                port: 8080
  1539                            }
  1540                            initialDelaySeconds: 40
  1541                            periodSeconds:       3
  1542                        }
  1543                    }]
  1544                }
  1545            }
  1546        }
  1547        metadata: {
  1548            name: "linecook"
  1549            labels: {
  1550                component: "kitchen"
  1551            }
  1552        }
  1553        kind:       "Deployment"
  1554        apiVersion: "apps/v1"
  1555    }
  1556}
  1557#Component: "kitchen"
  1558daemonSet: {}
  1559statefulSet: {}
  1560configMap: {}
  1561service: {
  1562    pastrychef: {
  1563        spec: {
  1564            ports: [{
  1565                port:       8080
  1566                targetPort: 8080
  1567                name:       "client"
  1568                protocol:   "TCP"
  1569            }]
  1570            selector: {
  1571                app:       "pastrychef"
  1572                domain:    "prod"
  1573                component: "kitchen"
  1574            }
  1575        }
  1576        metadata: {
  1577            name: "pastrychef"
  1578            labels: {
  1579                app:       "pastrychef"
  1580                domain:    "prod"
  1581                component: "kitchen"
  1582            }
  1583        }
  1584        kind:       "Service"
  1585        apiVersion: "v1"
  1586    }
  1587}
  1588deployment: {
  1589    pastrychef: {
  1590        spec: {
  1591            replicas: 1
  1592            selector: {}
  1593            template: {
  1594                metadata: {
  1595                    labels: {
  1596                        app:       "pastrychef"
  1597                        domain:    "prod"
  1598                        component: "kitchen"
  1599                    }
  1600                    annotations: {
  1601                        "prometheus.io.scrape": "true"
  1602                    }
  1603                }
  1604                spec: {
  1605                    volumes: [{
  1606                        name: "pastrychef-disk"
  1607                        gcePersistentDisk: {
  1608                            pdName: "pastrychef-disk"
  1609                            fsType: "ext4"
  1610                        }
  1611                    }, {
  1612                        name: "secret-ssh-key"
  1613                        secret: {
  1614                            secretName: "secrets"
  1615                        }
  1616                    }]
  1617                    containers: [{
  1618                        name:  "pastrychef"
  1619                        image: "gcr.io/myproj/pastrychef:v0.1.15"
  1620                        volumeMounts: [{
  1621                            name:      "pastrychef-disk"
  1622                            mountPath: "/logs"
  1623                        }, {
  1624                            name:      "secret-ssh-key"
  1625                            mountPath: "/etc/certs"
  1626                            readOnly:  true
  1627                        }]
  1628                        args: ["-env=prod", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788", "-reconnect-delay=1m", "-etcd=etcd:2379", "-recovery-overlap=10000"]
  1629                        ports: [{
  1630                            containerPort: 8080
  1631                        }]
  1632                        livenessProbe: {
  1633                            httpGet: {
  1634                                path: "/debug/health"
  1635                                port: 8080
  1636                            }
  1637                            initialDelaySeconds: 40
  1638                            periodSeconds:       3
  1639                        }
  1640                    }]
  1641                }
  1642            }
  1643        }
  1644        metadata: {
  1645            name: "pastrychef"
  1646            labels: {
  1647                component: "kitchen"
  1648            }
  1649        }
  1650        kind:       "Deployment"
  1651        apiVersion: "apps/v1"
  1652    }
  1653}
  1654#Component: "kitchen"
  1655daemonSet: {}
  1656statefulSet: {}
  1657configMap: {}
  1658service: {
  1659    souschef: {
  1660        spec: {
  1661            ports: [{
  1662                port:       8080
  1663                targetPort: 8080
  1664                name:       "client"
  1665                protocol:   "TCP"
  1666            }]
  1667            selector: {
  1668                app:       "souschef"
  1669                domain:    "prod"
  1670                component: "kitchen"
  1671            }
  1672        }
  1673        metadata: {
  1674            name: "souschef"
  1675            labels: {
  1676                app:       "souschef"
  1677                domain:    "prod"
  1678                component: "kitchen"
  1679            }
  1680        }
  1681        kind:       "Service"
  1682        apiVersion: "v1"
  1683    }
  1684}
  1685deployment: {
  1686    souschef: {
  1687        spec: {
  1688            replicas: 1
  1689            selector: {}
  1690            template: {
  1691                metadata: {
  1692                    labels: {
  1693                        app:       "souschef"
  1694                        domain:    "prod"
  1695                        component: "kitchen"
  1696                    }
  1697                    annotations: {
  1698                        "prometheus.io.scrape": "true"
  1699                    }
  1700                }
  1701                spec: {
  1702                    containers: [{
  1703                        name:  "souschef"
  1704                        image: "gcr.io/myproj/souschef:v0.5.3"
  1705                        ports: [{
  1706                            containerPort: 8080
  1707                        }]
  1708                        livenessProbe: {
  1709                            httpGet: {
  1710                                path: "/debug/health"
  1711                                port: 8080
  1712                            }
  1713                            initialDelaySeconds: 40
  1714                            periodSeconds:       3
  1715                        }
  1716                    }]
  1717                }
  1718            }
  1719        }
  1720        metadata: {
  1721            name: "souschef"
  1722            labels: {
  1723                component: "kitchen"
  1724            }
  1725        }
  1726        kind:       "Deployment"
  1727        apiVersion: "apps/v1"
  1728    }
  1729}
  1730#Component: "kitchen"
  1731daemonSet: {}
  1732statefulSet: {}
  1733configMap: {}
  1734service: {}
  1735deployment: {}
  1736#Component: "mon"
  1737daemonSet: {}
  1738statefulSet: {}
  1739configMap: {}
  1740service: {
  1741    alertmanager: {
  1742        metadata: {
  1743            name: "alertmanager"
  1744            annotations: {
  1745                "prometheus.io/scrape": "true"
  1746                "prometheus.io/path":   "/metrics"
  1747            }
  1748            labels: {
  1749                app:       "alertmanager"
  1750                domain:    "prod"
  1751                component: "mon"
  1752            }
  1753        }
  1754        spec: {
  1755            ports: [{
  1756                name:       "main"
  1757                port:       9093
  1758                protocol:   "TCP"
  1759                targetPort: 9093
  1760            }]
  1761            selector: {
  1762                app:       "alertmanager"
  1763                domain:    "prod"
  1764                component: "mon"
  1765            }
  1766        }
  1767        kind:       "Service"
  1768        apiVersion: "v1"
  1769    }
  1770}
  1771deployment: {
  1772    alertmanager: {
  1773        spec: {
  1774            replicas: 1
  1775            selector: {
  1776                matchLabels: {
  1777                    app: "alertmanager"
  1778                }
  1779            }
  1780            template: {
  1781                metadata: {
  1782                    name: "alertmanager"
  1783                    labels: {
  1784                        app:       "alertmanager"
  1785                        domain:    "prod"
  1786                        component: "mon"
  1787                    }
  1788                }
  1789                spec: {
  1790                    containers: [{
  1791                        name:  "alertmanager"
  1792                        image: "prom/alertmanager:v0.15.2"
  1793                        args: ["--config.file=/etc/alertmanager/alerts.yaml", "--storage.path=/alertmanager", "--web.external-url=https://alertmanager.example.com"]
  1794                        ports: [{
  1795                            name:          "alertmanager"
  1796                            containerPort: 9093
  1797                        }]
  1798                        volumeMounts: [{
  1799                            name:      "config-volume"
  1800                            mountPath: "/etc/alertmanager"
  1801                        }, {
  1802                            name:      "alertmanager"
  1803                            mountPath: "/alertmanager"
  1804                        }]
  1805                    }]
  1806                    volumes: [{
  1807                        name: "config-volume"
  1808                        configMap: {
  1809                            name: "alertmanager"
  1810                        }
  1811                    }, {
  1812                        name: "alertmanager"
  1813                        emptyDir: {}
  1814                    }]
  1815                }
  1816            }
  1817        }
  1818        metadata: {
  1819            name: "alertmanager"
  1820            labels: {
  1821                component: "mon"
  1822            }
  1823        }
  1824        kind:       "Deployment"
  1825        apiVersion: "apps/v1"
  1826    }
  1827}
  1828#Component: "mon"
  1829daemonSet: {}
  1830statefulSet: {}
  1831configMap: {
  1832    alertmanager: {
  1833        apiVersion: "v1"
  1834        kind:       "ConfigMap"
  1835        data: {
  1836            "alerts.yaml": """
  1837                receivers:
  1838                  - name: pager
  1839                    slack_configs:
  1840                      - channel: '#cloudmon'
  1841                        text: |-
  1842                          {{ range .Alerts }}{{ .Annotations.description }}
  1843                          {{ end }}
  1844                        send_resolved: true
  1845                route:
  1846                  receiver: pager
  1847                  group_by:
  1848                    - alertname
  1849                    - cluster
  1850
  1851                """
  1852        }
  1853        metadata: {
  1854            name: "alertmanager"
  1855            labels: {
  1856                component: "mon"
  1857            }
  1858        }
  1859    }
  1860}
  1861service: {
  1862    grafana: {
  1863        spec: {
  1864            ports: [{
  1865                name:       "grafana"
  1866                port:       3000
  1867                protocol:   "TCP"
  1868                targetPort: 3000
  1869            }]
  1870            selector: {
  1871                app:       "grafana"
  1872                domain:    "prod"
  1873                component: "mon"
  1874            }
  1875        }
  1876        metadata: {
  1877            name: "grafana"
  1878            labels: {
  1879                app:       "grafana"
  1880                domain:    "prod"
  1881                component: "mon"
  1882            }
  1883        }
  1884        kind:       "Service"
  1885        apiVersion: "v1"
  1886    }
  1887}
  1888deployment: {
  1889    grafana: {
  1890        metadata: {
  1891            name: "grafana"
  1892            labels: {
  1893                app:       "grafana"
  1894                component: "mon"
  1895            }
  1896        }
  1897        spec: {
  1898            replicas: 1
  1899            selector: {}
  1900            template: {
  1901                metadata: {
  1902                    labels: {
  1903                        app:       "grafana"
  1904                        domain:    "prod"
  1905                        component: "mon"
  1906                    }
  1907                }
  1908                spec: {
  1909                    volumes: [{
  1910                        name: "grafana-volume"
  1911                        gcePersistentDisk: {
  1912                            pdName: "grafana-volume"
  1913                            fsType: "ext4"
  1914                        }
  1915                    }]
  1916                    containers: [{
  1917                        name:  "grafana"
  1918                        image: "grafana/grafana:4.5.2"
  1919                        ports: [{
  1920                            containerPort: 8080
  1921                        }]
  1922                        resources: {
  1923                            limits: {
  1924                                cpu:    "100m"
  1925                                memory: "100Mi"
  1926                            }
  1927                            requests: {
  1928                                cpu:    "100m"
  1929                                memory: "100Mi"
  1930                            }
  1931                        }
  1932                        env: [{
  1933                            name:  "GF_AUTH_BASIC_ENABLED"
  1934                            value: "false"
  1935                        }, {
  1936                            name:  "GF_AUTH_ANONYMOUS_ENABLED"
  1937                            value: "true"
  1938                        }, {
  1939                            name:  "GF_AUTH_ANONYMOUS_ORG_ROLE"
  1940                            value: "admin"
  1941                        }]
  1942                        volumeMounts: [{
  1943                            name:      "grafana-volume"
  1944                            mountPath: "/var/lib/grafana"
  1945                        }]
  1946                    }]
  1947                }
  1948            }
  1949        }
  1950        kind:       "Deployment"
  1951        apiVersion: "apps/v1"
  1952    }
  1953}
  1954#Component: "mon"
  1955daemonSet: {}
  1956statefulSet: {}
  1957configMap: {}
  1958service: {
  1959    "node-exporter": {
  1960        metadata: {
  1961            name: "node-exporter"
  1962            annotations: {
  1963                "prometheus.io/scrape": "true"
  1964            }
  1965            labels: {
  1966                app:       "node-exporter"
  1967                domain:    "prod"
  1968                component: "mon"
  1969            }
  1970        }
  1971        spec: {
  1972            type:      "ClusterIP"
  1973            clusterIP: "None"
  1974            ports: [{
  1975                name:       "metrics"
  1976                port:       9100
  1977                protocol:   "TCP"
  1978                targetPort: 9100
  1979            }]
  1980            selector: {
  1981                app:       "node-exporter"
  1982                component: "mon"
  1983                domain:    "prod"
  1984            }
  1985        }
  1986        kind:       "Service"
  1987        apiVersion: "v1"
  1988    }
  1989}
  1990deployment: {}
  1991#Component: "mon"
  1992daemonSet: {
  1993    "node-exporter": {
  1994        spec: {
  1995            selector: {}
  1996            template: {
  1997                metadata: {
  1998                    name: "node-exporter"
  1999                    labels: {
  2000                        app:       "node-exporter"
  2001                        component: "mon"
  2002                        domain:    "prod"
  2003                    }
  2004                }
  2005                spec: {
  2006                    hostNetwork: true
  2007                    hostPID:     true
  2008                    containers: [{
  2009                        name:  "node-exporter"
  2010                        image: "quay.io/prometheus/node-exporter:v0.16.0"
  2011                        args: ["--path.procfs=/host/proc", "--path.sysfs=/host/sys"]
  2012                        ports: [{
  2013                            containerPort: 9100
  2014                            hostPort:      9100
  2015                            name:          "scrape"
  2016                        }]
  2017                        resources: {
  2018                            requests: {
  2019                                memory: "30Mi"
  2020                                cpu:    "100m"
  2021                            }
  2022                            limits: {
  2023                                memory: "50Mi"
  2024                                cpu:    "200m"
  2025                            }
  2026                        }
  2027                        volumeMounts: [{
  2028                            name:      "proc"
  2029                            readOnly:  true
  2030                            mountPath: "/host/proc"
  2031                        }, {
  2032                            name:      "sys"
  2033                            readOnly:  true
  2034                            mountPath: "/host/sys"
  2035                        }]
  2036                    }]
  2037                    volumes: [{
  2038                        name: "proc"
  2039                        hostPath: {
  2040                            path: "/proc"
  2041                        }
  2042                    }, {
  2043                        name: "sys"
  2044                        hostPath: {
  2045                            path: "/sys"
  2046                        }
  2047                    }]
  2048                }
  2049            }
  2050        }
  2051        metadata: {
  2052            name: "node-exporter"
  2053            labels: {
  2054                component: "mon"
  2055            }
  2056        }
  2057        kind:       "DaemonSet"
  2058        apiVersion: "apps/v1"
  2059    }
  2060}
  2061statefulSet: {}
  2062configMap: {}
  2063service: {
  2064    prometheus: {
  2065        metadata: {
  2066            name: "prometheus"
  2067            annotations: {
  2068                "prometheus.io/scrape": "true"
  2069            }
  2070            labels: {
  2071                app:       "prometheus"
  2072                domain:    "prod"
  2073                component: "mon"
  2074            }
  2075        }
  2076        spec: {
  2077            type: "NodePort"
  2078            ports: [{
  2079                name:       "main"
  2080                nodePort:   30900
  2081                port:       9090
  2082                protocol:   "TCP"
  2083                targetPort: 9090
  2084            }]
  2085            selector: {
  2086                app:       "prometheus"
  2087                domain:    "prod"
  2088                component: "mon"
  2089            }
  2090        }
  2091        kind:       "Service"
  2092        apiVersion: "v1"
  2093    }
  2094}
  2095deployment: {
  2096    prometheus: {
  2097        spec: {
  2098            replicas: 1
  2099            strategy: {
  2100                rollingUpdate: {
  2101                    maxSurge:       0
  2102                    maxUnavailable: 1
  2103                }
  2104                type: "RollingUpdate"
  2105            }
  2106            selector: {
  2107                matchLabels: {
  2108                    app: "prometheus"
  2109                }
  2110            }
  2111            template: {
  2112                metadata: {
  2113                    name: "prometheus"
  2114                    labels: {
  2115                        app:       "prometheus"
  2116                        domain:    "prod"
  2117                        component: "mon"
  2118                    }
  2119                    annotations: {
  2120                        "prometheus.io.scrape": "true"
  2121                    }
  2122                }
  2123                spec: {
  2124                    containers: [{
  2125                        name:  "prometheus"
  2126                        image: "prom/prometheus:v2.4.3"
  2127                        args: ["--config.file=/etc/prometheus/prometheus.yml", "--web.external-url=https://prometheus.example.com"]
  2128                        ports: [{
  2129                            name:          "web"
  2130                            containerPort: 9090
  2131                        }]
  2132                        volumeMounts: [{
  2133                            name:      "config-volume"
  2134                            mountPath: "/etc/prometheus"
  2135                        }]
  2136                    }]
  2137                    volumes: [{
  2138                        name: "config-volume"
  2139                        configMap: {
  2140                            name: "prometheus"
  2141                        }
  2142                    }]
  2143                }
  2144            }
  2145        }
  2146        metadata: {
  2147            name: "prometheus"
  2148            labels: {
  2149                component: "mon"
  2150            }
  2151        }
  2152        kind:       "Deployment"
  2153        apiVersion: "apps/v1"
  2154    }
  2155}
  2156#Component: "mon"
  2157daemonSet: {}
  2158statefulSet: {}
  2159configMap: {
  2160    prometheus: {
  2161        apiVersion: "v1"
  2162        kind:       "ConfigMap"
  2163        data: {
  2164            "alert.rules": """
  2165                groups:
  2166                  - name: rules.yaml
  2167                    rules:
  2168                      - alert: InstanceDown
  2169                        expr: up == 0
  2170                        for: 30s
  2171                        labels:
  2172                          severity: page
  2173                        annotations:
  2174                          description: '{{$labels.app}} of job {{ $labels.job }} has been down for more than 30 seconds.'
  2175                          summary: Instance {{$labels.app}} down
  2176                      - alert: InsufficientPeers
  2177                        expr: count(up{job="etcd"} == 0) > (count(up{job="etcd"}) / 2 - 1)
  2178                        for: 3m
  2179                        labels:
  2180                          severity: page
  2181                        annotations:
  2182                          description: If one more etcd peer goes down the cluster will be unavailable
  2183                          summary: etcd cluster small
  2184                      - alert: EtcdNoMaster
  2185                        expr: sum(etcd_server_has_leader{app="etcd"}) == 0
  2186                        for: 1s
  2187                        labels:
  2188                          severity: page
  2189                        annotations:
  2190                          summary: No ETCD master elected.
  2191                      - alert: PodRestart
  2192                        expr: (max_over_time(pod_container_status_restarts_total[5m]) - min_over_time(pod_container_status_restarts_total[5m])) > 2
  2193                        for: 1m
  2194                        labels:
  2195                          severity: page
  2196                        annotations:
  2197                          description: '{{$labels.app}} {{ $labels.container }} resturted {{ $value }} times in 5m.'
  2198                          summary: Pod for {{$labels.container}} restarts too often
  2199
  2200                """
  2201            "prometheus.yml": """
  2202                global:
  2203                  scrape_interval: 15s
  2204                rule_files:
  2205                  - /etc/prometheus/alert.rules
  2206                alerting:
  2207                  alertmanagers:
  2208                    - scheme: http
  2209                      static_configs:
  2210                        - targets:
  2211                            - alertmanager:9093
  2212                scrape_configs:
  2213                  - job_name: kubernetes-apiservers
  2214                    kubernetes_sd_configs:
  2215                      - role: endpoints
  2216                    scheme: https
  2217                    tls_config:
  2218                      ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
  2219                    bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  2220                    relabel_configs:
  2221                      - source_labels:
  2222                          - __meta_kubernetes_namespace
  2223                          - __meta_kubernetes_service_name
  2224                          - __meta_kubernetes_endpoint_port_name
  2225                        action: keep
  2226                        regex: default;kubernetes;https
  2227                  - job_name: kubernetes-nodes
  2228                    scheme: https
  2229                    tls_config:
  2230                      ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
  2231                    bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  2232                    kubernetes_sd_configs:
  2233                      - role: node
  2234                    relabel_configs:
  2235                      - action: labelmap
  2236                        regex: __meta_kubernetes_node_label_(.+)
  2237                      - target_label: __address__
  2238                        replacement: kubernetes.default.svc:443
  2239                      - source_labels:
  2240                          - __meta_kubernetes_node_name
  2241                        regex: (.+)
  2242                        target_label: __metrics_path__
  2243                        replacement: /api/v1/nodes/${1}/proxy/metrics
  2244                  - job_name: kubernetes-cadvisor
  2245                    scheme: https
  2246                    tls_config:
  2247                      ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
  2248                    bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  2249                    kubernetes_sd_configs:
  2250                      - role: node
  2251                    relabel_configs:
  2252                      - action: labelmap
  2253                        regex: __meta_kubernetes_node_label_(.+)
  2254                      - target_label: __address__
  2255                        replacement: kubernetes.default.svc:443
  2256                      - source_labels:
  2257                          - __meta_kubernetes_node_name
  2258                        regex: (.+)
  2259                        target_label: __metrics_path__
  2260                        replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
  2261                  - job_name: kubernetes-service-endpoints
  2262                    kubernetes_sd_configs:
  2263                      - role: endpoints
  2264                    relabel_configs:
  2265                      - source_labels:
  2266                          - __meta_kubernetes_service_annotation_prometheus_io_scrape
  2267                        action: keep
  2268                        regex: true
  2269                      - source_labels:
  2270                          - __meta_kubernetes_service_annotation_prometheus_io_scheme
  2271                        action: replace
  2272                        target_label: __scheme__
  2273                        regex: (https?)
  2274                      - source_labels:
  2275                          - __meta_kubernetes_service_annotation_prometheus_io_path
  2276                        action: replace
  2277                        target_label: __metrics_path__
  2278                        regex: (.+)
  2279                      - source_labels:
  2280                          - __address__
  2281                          - __meta_kubernetes_service_annotation_prometheus_io_port
  2282                        action: replace
  2283                        target_label: __address__
  2284                        regex: ([^:]+)(?::\\d+)?;(\\d+)
  2285                        replacement: $1:$2
  2286                      - action: labelmap
  2287                        regex: __meta_kubernetes_service_label_(.+)
  2288                      - source_labels:
  2289                          - __meta_kubernetes_namespace
  2290                        action: replace
  2291                        target_label: kubernetes_namespace
  2292                      - source_labels:
  2293                          - __meta_kubernetes_service_name
  2294                        action: replace
  2295                        target_label: kubernetes_name
  2296                  - job_name: kubernetes-services
  2297                    metrics_path: /probe
  2298                    params:
  2299                      module:
  2300                        - http_2xx
  2301                    kubernetes_sd_configs:
  2302                      - role: service
  2303                    relabel_configs:
  2304                      - source_labels:
  2305                          - __meta_kubernetes_service_annotation_prometheus_io_probe
  2306                        action: keep
  2307                        regex: true
  2308                      - source_labels:
  2309                          - __address__
  2310                        target_label: __param_target
  2311                      - target_label: __address__
  2312                        replacement: blackbox-exporter.example.com:9115
  2313                      - source_labels:
  2314                          - __param_target
  2315                        target_label: app
  2316                      - action: labelmap
  2317                        regex: __meta_kubernetes_service_label_(.+)
  2318                      - source_labels:
  2319                          - __meta_kubernetes_namespace
  2320                        target_label: kubernetes_namespace
  2321                      - source_labels:
  2322                          - __meta_kubernetes_service_name
  2323                        target_label: kubernetes_name
  2324                  - job_name: kubernetes-ingresses
  2325                    metrics_path: /probe
  2326                    params:
  2327                      module:
  2328                        - http_2xx
  2329                    kubernetes_sd_configs:
  2330                      - role: ingress
  2331                    relabel_configs:
  2332                      - source_labels:
  2333                          - __meta_kubernetes_ingress_annotation_prometheus_io_probe
  2334                        action: keep
  2335                        regex: true
  2336                      - source_labels:
  2337                          - __meta_kubernetes_ingress_scheme
  2338                          - __address__
  2339                          - __meta_kubernetes_ingress_path
  2340                        regex: (.+);(.+);(.+)
  2341                        replacement: ${1}://${2}${3}
  2342                        target_label: __param_target
  2343                      - target_label: __address__
  2344                        replacement: blackbox-exporter.example.com:9115
  2345                      - source_labels:
  2346                          - __param_target
  2347                        target_label: app
  2348                      - action: labelmap
  2349                        regex: __meta_kubernetes_ingress_label_(.+)
  2350                      - source_labels:
  2351                          - __meta_kubernetes_namespace
  2352                        target_label: kubernetes_namespace
  2353                      - source_labels:
  2354                          - __meta_kubernetes_ingress_name
  2355                        target_label: kubernetes_name
  2356                  - job_name: kubernetes-pods
  2357                    kubernetes_sd_configs:
  2358                      - role: pod
  2359                    relabel_configs:
  2360                      - source_labels:
  2361                          - __meta_kubernetes_pod_annotation_prometheus_io_scrape
  2362                        action: keep
  2363                        regex: true
  2364                      - source_labels:
  2365                          - __meta_kubernetes_pod_annotation_prometheus_io_path
  2366                        action: replace
  2367                        target_label: __metrics_path__
  2368                        regex: (.+)
  2369                      - source_labels:
  2370                          - __address__
  2371                          - __meta_kubernetes_pod_annotation_prometheus_io_port
  2372                        action: replace
  2373                        regex: ([^:]+)(?::\\d+)?;(\\d+)
  2374                        replacement: $1:$2
  2375                        target_label: __address__
  2376                      - action: labelmap
  2377                        regex: __meta_kubernetes_pod_label_(.+)
  2378                      - source_labels:
  2379                          - __meta_kubernetes_namespace
  2380                        action: replace
  2381                        target_label: kubernetes_namespace
  2382                      - source_labels:
  2383                          - __meta_kubernetes_pod_name
  2384                        action: replace
  2385                        target_label: kubernetes_pod_name
  2386
  2387                """
  2388        }
  2389        metadata: {
  2390            name: "prometheus"
  2391            labels: {
  2392                component: "mon"
  2393            }
  2394        }
  2395    }
  2396}
  2397service: {}
  2398deployment: {}
  2399#Component: "proxy"
  2400daemonSet: {}
  2401statefulSet: {}
  2402configMap: {}
  2403service: {
  2404    authproxy: {
  2405        spec: {
  2406            ports: [{
  2407                port:       4180
  2408                targetPort: 4180
  2409                name:       "client"
  2410                protocol:   "TCP"
  2411            }]
  2412            selector: {
  2413                app:       "authproxy"
  2414                domain:    "prod"
  2415                component: "proxy"
  2416            }
  2417        }
  2418        metadata: {
  2419            name: "authproxy"
  2420            labels: {
  2421                app:       "authproxy"
  2422                domain:    "prod"
  2423                component: "proxy"
  2424            }
  2425        }
  2426        kind:       "Service"
  2427        apiVersion: "v1"
  2428    }
  2429}
  2430deployment: {
  2431    authproxy: {
  2432        spec: {
  2433            replicas: 1
  2434            selector: {}
  2435            template: {
  2436                metadata: {
  2437                    labels: {
  2438                        app:       "authproxy"
  2439                        domain:    "prod"
  2440                        component: "proxy"
  2441                    }
  2442                }
  2443                spec: {
  2444                    containers: [{
  2445                        name:  "authproxy"
  2446                        image: "skippy/oauth2_proxy:2.0.1"
  2447                        ports: [{
  2448                            containerPort: 4180
  2449                        }]
  2450                        args: ["--config=/etc/authproxy/authproxy.cfg"]
  2451                        volumeMounts: [{
  2452                            name:      "config-volume"
  2453                            mountPath: "/etc/authproxy"
  2454                        }]
  2455                    }]
  2456                    volumes: [{
  2457                        name: "config-volume"
  2458                        configMap: {
  2459                            name: "authproxy"
  2460                        }
  2461                    }]
  2462                }
  2463            }
  2464        }
  2465        metadata: {
  2466            name: "authproxy"
  2467            labels: {
  2468                component: "proxy"
  2469            }
  2470        }
  2471        kind:       "Deployment"
  2472        apiVersion: "apps/v1"
  2473    }
  2474}
  2475#Component: "proxy"
  2476daemonSet: {}
  2477statefulSet: {}
  2478configMap: {
  2479    authproxy: {
  2480        apiVersion: "v1"
  2481        kind:       "ConfigMap"
  2482        data: {
  2483            "authproxy.cfg": """
  2484                # Google Auth Proxy Config File
  2485                ## https://github.com/bitly/google_auth_proxy
  2486
  2487                ## <addr>:<port> to listen on for HTTP clients
  2488                http_address = "0.0.0.0:4180"
  2489
  2490                ## the OAuth Redirect URL.
  2491                redirect_url = "https://auth.example.com/oauth2/callback"
  2492
  2493                ## the http url(s) of the upstream endpoint. If multiple, routing is based on path
  2494                upstreams = [
  2495                    # frontend
  2496                    "http://frontend-waiter:7080/dpr/",
  2497                    "http://frontend-maitred:7080/ui/",
  2498                    "http://frontend-maitred:7080/ui",
  2499                    "http://frontend-maitred:7080/report/",
  2500                    "http://frontend-maitred:7080/report",
  2501                    "http://frontend-maitred:7080/static/",
  2502                    # kitchen
  2503                    "http://kitchen-chef:8080/visit",
  2504                    # infrastructure
  2505                    "http://download:7080/file/",
  2506                    "http://download:7080/archive",
  2507                    "http://tasks:7080/tasks",
  2508                    "http://tasks:7080/tasks/",
  2509                ]
  2510
  2511                ## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
  2512                pass_basic_auth = true
  2513                request_logging = true
  2514
  2515                ## Google Apps Domains to allow authentication for
  2516                google_apps_domains = [
  2517                    "mod.test",
  2518                ]
  2519
  2520                email_domains = [
  2521                    "mod.test",
  2522                ]
  2523
  2524                ## The Google OAuth Client ID, Secret
  2525                client_id = "---"
  2526                client_secret = "---"
  2527
  2528                ## Cookie Settings
  2529                ## Secret - the seed string for secure cookies
  2530                ## Domain - optional cookie domain to force cookies to (ie: .yourcompany.com)
  2531                ## Expire - expire timeframe for cookie
  2532                cookie_secret = "won't tell you"
  2533                cookie_domain = ".example.com"
  2534                cookie_https_only = true
  2535                """
  2536        }
  2537        metadata: {
  2538            name: "authproxy"
  2539            labels: {
  2540                component: "proxy"
  2541            }
  2542        }
  2543    }
  2544}
  2545service: {
  2546    goget: {
  2547        spec: {
  2548            type:           "LoadBalancer"
  2549            loadBalancerIP: "1.3.5.7"
  2550            ports: [{
  2551                port:       443
  2552                name:       "https"
  2553                protocol:   "TCP"
  2554                targetPort: 7443
  2555            }]
  2556            selector: {
  2557                app:       "goget"
  2558                domain:    "prod"
  2559                component: "proxy"
  2560            }
  2561        }
  2562        metadata: {
  2563            name: "goget"
  2564            labels: {
  2565                app:       "goget"
  2566                domain:    "prod"
  2567                component: "proxy"
  2568            }
  2569        }
  2570        kind:       "Service"
  2571        apiVersion: "v1"
  2572    }
  2573}
  2574deployment: {
  2575    goget: {
  2576        spec: {
  2577            replicas: 1
  2578            selector: {}
  2579            template: {
  2580                metadata: {
  2581                    labels: {
  2582                        app:       "goget"
  2583                        domain:    "prod"
  2584                        component: "proxy"
  2585                    }
  2586                }
  2587                spec: {
  2588                    volumes: [{
  2589                        name: "secret-volume"
  2590                        secret: {
  2591                            secretName: "goget-secrets"
  2592                        }
  2593                    }]
  2594                    containers: [{
  2595                        name:  "goget"
  2596                        image: "gcr.io/myproj/goget:v0.5.1"
  2597                        ports: [{
  2598                            containerPort: 7443
  2599                        }]
  2600                        volumeMounts: [{
  2601                            mountPath: "/etc/ssl"
  2602                            name:      "secret-volume"
  2603                        }]
  2604                    }]
  2605                }
  2606            }
  2607        }
  2608        metadata: {
  2609            name: "goget"
  2610            labels: {
  2611                component: "proxy"
  2612            }
  2613        }
  2614        kind:       "Deployment"
  2615        apiVersion: "apps/v1"
  2616    }
  2617}
  2618#Component: "proxy"
  2619daemonSet: {}
  2620statefulSet: {}
  2621configMap: {}
  2622service: {
  2623    nginx: {
  2624        spec: {
  2625            type:           "LoadBalancer"
  2626            loadBalancerIP: "1.3.4.5"
  2627            ports: [{
  2628                name:       "http"
  2629                port:       80
  2630                protocol:   "TCP"
  2631                targetPort: 80
  2632            }, {
  2633                name:       "https"
  2634                port:       443
  2635                protocol:   "TCP"
  2636                targetPort: 443
  2637            }]
  2638            selector: {
  2639                app:       "nginx"
  2640                domain:    "prod"
  2641                component: "proxy"
  2642            }
  2643        }
  2644        metadata: {
  2645            name: "nginx"
  2646            labels: {
  2647                app:       "nginx"
  2648                domain:    "prod"
  2649                component: "proxy"
  2650            }
  2651        }
  2652        kind:       "Service"
  2653        apiVersion: "v1"
  2654    }
  2655}
  2656deployment: {
  2657    nginx: {
  2658        spec: {
  2659            replicas: 1
  2660            selector: {}
  2661            template: {
  2662                metadata: {
  2663                    labels: {
  2664                        app:       "nginx"
  2665                        domain:    "prod"
  2666                        component: "proxy"
  2667                    }
  2668                }
  2669                spec: {
  2670                    volumes: [{
  2671                        name: "secret-volume"
  2672                        secret: {
  2673                            secretName: "proxy-secrets"
  2674                        }
  2675                    }, {
  2676                        name: "config-volume"
  2677                        configMap: {
  2678                            name: "nginx"
  2679                        }
  2680                    }]
  2681                    containers: [{
  2682                        name:  "nginx"
  2683                        image: "nginx:1.11.10-alpine"
  2684                        ports: [{
  2685                            containerPort: 80
  2686                        }, {
  2687                            containerPort: 443
  2688                        }]
  2689                        volumeMounts: [{
  2690                            mountPath: "/etc/ssl"
  2691                            name:      "secret-volume"
  2692                        }, {
  2693                            name:      "config-volume"
  2694                            mountPath: "/etc/nginx/nginx.conf"
  2695                            subPath:   "nginx.conf"
  2696                        }]
  2697                    }]
  2698                }
  2699            }
  2700        }
  2701        metadata: {
  2702            name: "nginx"
  2703            labels: {
  2704                component: "proxy"
  2705            }
  2706        }
  2707        kind:       "Deployment"
  2708        apiVersion: "apps/v1"
  2709    }
  2710}
  2711#Component: "proxy"
  2712daemonSet: {}
  2713statefulSet: {}
  2714configMap: {
  2715    nginx: {
  2716        apiVersion: "v1"
  2717        kind:       "ConfigMap"
  2718        data: {
  2719            "nginx.conf": """
  2720                events {
  2721                    worker_connections 768;
  2722                }
  2723                http {
  2724                    sendfile on;
  2725                    tcp_nopush on;
  2726                    tcp_nodelay on;
  2727                    # needs to be high for some download jobs.
  2728                    keepalive_timeout 400;
  2729                    # proxy_connect_timeout  300;
  2730                    proxy_send_timeout       300;
  2731                    proxy_read_timeout       300;
  2732                    send_timeout             300;
  2733
  2734                    types_hash_max_size 2048;
  2735
  2736                    include /etc/nginx/mime.types;
  2737                    default_type application/octet-stream;
  2738
  2739                    access_log /dev/stdout;
  2740                    error_log  /dev/stdout;
  2741
  2742                    # Disable POST body size constraints. We often deal with large
  2743                    # files. Especially docker containers may be large.
  2744                    client_max_body_size 0;
  2745
  2746                    upstream goget {
  2747                        server localhost:7070;
  2748                    }
  2749
  2750                    # Redirect incoming Google Cloud Storage notifications:
  2751                   server {
  2752                        listen 443 ssl;
  2753                        server_name notify.example.com notify2.example.com;
  2754
  2755                        ssl_certificate /etc/ssl/server.crt;
  2756                        ssl_certificate_key /etc/ssl/server.key;
  2757
  2758                        # Security enhancements to deal with poodles and the like.
  2759                        # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  2760                        # ssl_ciphers 'AES256+EECDH:AES256+EDH';
  2761                        ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  2762
  2763                        # We don't like poodles.
  2764                        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  2765                        ssl_session_cache shared:SSL:10m;
  2766
  2767                        # Enable Forward secrecy.
  2768                        ssl_dhparam /etc/ssl/dhparam.pem;
  2769                        ssl_prefer_server_ciphers on;
  2770
  2771                        # Enable HTST.
  2772                        add_header Strict-Transport-Security max-age=1209600;
  2773
  2774                        # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
  2775                        chunked_transfer_encoding on;
  2776
  2777                        location / {
  2778                            proxy_pass http://tasks:7080;
  2779                            proxy_connect_timeout 1;
  2780                        }
  2781                    }
  2782
  2783                    server {
  2784                        listen 80;
  2785                        listen 443 ssl;
  2786                        server_name x.example.com example.io;
  2787
  2788                        location ~ "(/[^/]+)(/.*)?" {
  2789                            set $myhost $host;
  2790                            if ($arg_go-get = "1") {
  2791                                set $myhost "goget";
  2792                            }
  2793                            proxy_pass http://$myhost$1;
  2794                            proxy_set_header Host $host;
  2795                            proxy_set_header X-Real-IP $remote_addr;
  2796                            proxy_set_header X-Scheme $scheme;
  2797                            proxy_connect_timeout 1;
  2798                        }
  2799
  2800                        location / {
  2801                            set $myhost $host;
  2802                            if ($arg_go-get = "1") {
  2803                                set $myhost "goget";
  2804                            }
  2805                            proxy_pass http://$myhost;
  2806                            proxy_set_header Host $host;
  2807                            proxy_set_header X-Real-IP $remote_addr;
  2808                            proxy_set_header X-Scheme $scheme;
  2809                            proxy_connect_timeout 1;
  2810                        }
  2811                    }
  2812
  2813                    server {
  2814                        listen 80;
  2815                        server_name www.example.com w.example.com;
  2816
  2817                        resolver 8.8.8.8;
  2818
  2819                        location / {
  2820                            proxy_set_header X-Forwarded-Host $host;
  2821                            proxy_set_header X-Forwarded-Server $host;
  2822                            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  2823                            proxy_set_header X-Real-IP $remote_addr;
  2824
  2825                            proxy_pass http://$host.default.example.appspot.com/$request_uri;
  2826                            proxy_redirect http://$host.default.example.appspot.com/ /;
  2827                        }
  2828                    }
  2829
  2830                    server {
  2831                        # We could add the following line and the connection would still be SSL,
  2832                        # but it doesn't appear to be necessary. Seems saver this way.
  2833                        listen 80;
  2834                        listen 443 default ssl;
  2835                        server_name ~^(?<sub>.*)\\.example\\.com$;
  2836
  2837                        ssl_certificate /etc/ssl/server.crt;
  2838                        ssl_certificate_key /etc/ssl/server.key;
  2839
  2840                        # Security enhancements to deal with poodles and the like.
  2841                        # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  2842                        # ssl_ciphers 'AES256+EECDH:AES256+EDH';
  2843                        ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  2844
  2845                        # We don't like poodles.
  2846                        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  2847                        ssl_session_cache shared:SSL:10m;
  2848
  2849                        # Enable Forward secrecy.
  2850                        ssl_dhparam /etc/ssl/dhparam.pem;
  2851                        ssl_prefer_server_ciphers on;
  2852
  2853                        # Enable HTST.
  2854                        add_header Strict-Transport-Security max-age=1209600;
  2855
  2856                        if ($ssl_protocol = "") {
  2857                            rewrite ^   https://$host$request_uri? permanent;
  2858                        }
  2859
  2860                        # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
  2861                        chunked_transfer_encoding on;
  2862
  2863                        location / {
  2864                            proxy_pass http://authproxy:4180;
  2865                            proxy_set_header Host $host;
  2866                            proxy_set_header X-Real-IP $remote_addr;
  2867                            proxy_set_header X-Scheme $scheme;
  2868                            proxy_connect_timeout 1;
  2869                        }
  2870                    }
  2871                }
  2872                """
  2873        }
  2874        metadata: {
  2875            name: "nginx"
  2876            labels: {
  2877                component: "proxy"
  2878            }
  2879        }
  2880    }
  2881}

View as plain text