1service: {}
2deployment: {}
3#Component: string
4daemonSet: {}
5statefulSet: {}
6configMap: {}
7service: {}
8deployment: {}
9#Component: "frontend"
10daemonSet: {}
11statefulSet: {}
12configMap: {}
13service: {
14 bartender: {
15 spec: {
16 ports: [{
17 port: 7080
18 targetPort: 7080
19 name: "client"
20 protocol: "TCP"
21 }]
22 selector: {
23 app: "bartender"
24 domain: "prod"
25 component: "frontend"
26 }
27 }
28 metadata: {
29 name: "bartender"
30 labels: {
31 app: "bartender"
32 domain: "prod"
33 component: "frontend"
34 }
35 }
36 kind: "Service"
37 apiVersion: "v1"
38 }
39}
40deployment: {
41 bartender: {
42 spec: {
43 replicas: 1
44 selector: {}
45 template: {
46 metadata: {
47 labels: {
48 app: "bartender"
49 domain: "prod"
50 component: "frontend"
51 }
52 annotations: {
53 "prometheus.io.scrape": "true"
54 "prometheus.io.port": "7080"
55 }
56 }
57 spec: {
58 containers: [{
59 name: "bartender"
60 image: "gcr.io/myproj/bartender:v0.1.34"
61 args: []
62 ports: [{
63 containerPort: 7080
64 }]
65 }]
66 }
67 }
68 }
69 metadata: {
70 name: "bartender"
71 labels: {
72 component: "frontend"
73 }
74 }
75 kind: "Deployment"
76 apiVersion: "apps/v1"
77 }
78}
79#Component: "frontend"
80daemonSet: {}
81statefulSet: {}
82configMap: {}
83service: {
84 breaddispatcher: {
85 spec: {
86 ports: [{
87 port: 7080
88 targetPort: 7080
89 name: "client"
90 protocol: "TCP"
91 }]
92 selector: {
93 app: "breaddispatcher"
94 domain: "prod"
95 component: "frontend"
96 }
97 }
98 metadata: {
99 name: "breaddispatcher"
100 labels: {
101 app: "breaddispatcher"
102 domain: "prod"
103 component: "frontend"
104 }
105 }
106 kind: "Service"
107 apiVersion: "v1"
108 }
109}
110deployment: {
111 breaddispatcher: {
112 spec: {
113 replicas: 1
114 selector: {}
115 template: {
116 metadata: {
117 labels: {
118 app: "breaddispatcher"
119 domain: "prod"
120 component: "frontend"
121 }
122 annotations: {
123 "prometheus.io.scrape": "true"
124 "prometheus.io.port": "7080"
125 }
126 }
127 spec: {
128 containers: [{
129 name: "breaddispatcher"
130 image: "gcr.io/myproj/breaddispatcher:v0.3.24"
131 args: ["-etcd=etcd:2379", "-event-server=events:7788"]
132 ports: [{
133 containerPort: 7080
134 }]
135 }]
136 }
137 }
138 }
139 metadata: {
140 name: "breaddispatcher"
141 labels: {
142 component: "frontend"
143 }
144 }
145 kind: "Deployment"
146 apiVersion: "apps/v1"
147 }
148}
149#Component: "frontend"
150daemonSet: {}
151statefulSet: {}
152configMap: {}
153service: {
154 host: {
155 spec: {
156 ports: [{
157 port: 7080
158 targetPort: 7080
159 name: "client"
160 protocol: "TCP"
161 }]
162 selector: {
163 app: "host"
164 domain: "prod"
165 component: "frontend"
166 }
167 }
168 metadata: {
169 name: "host"
170 labels: {
171 app: "host"
172 domain: "prod"
173 component: "frontend"
174 }
175 }
176 kind: "Service"
177 apiVersion: "v1"
178 }
179}
180deployment: {
181 host: {
182 spec: {
183 replicas: 2
184 selector: {}
185 template: {
186 metadata: {
187 labels: {
188 app: "host"
189 domain: "prod"
190 component: "frontend"
191 }
192 annotations: {
193 "prometheus.io.scrape": "true"
194 "prometheus.io.port": "7080"
195 }
196 }
197 spec: {
198 containers: [{
199 name: "host"
200 image: "gcr.io/myproj/host:v0.1.10"
201 args: []
202 ports: [{
203 containerPort: 7080
204 }]
205 }]
206 }
207 }
208 }
209 metadata: {
210 name: "host"
211 labels: {
212 component: "frontend"
213 }
214 }
215 kind: "Deployment"
216 apiVersion: "apps/v1"
217 }
218}
219#Component: "frontend"
220daemonSet: {}
221statefulSet: {}
222configMap: {}
223service: {
224 maitred: {
225 spec: {
226 ports: [{
227 port: 7080
228 targetPort: 7080
229 name: "client"
230 protocol: "TCP"
231 }]
232 selector: {
233 app: "maitred"
234 domain: "prod"
235 component: "frontend"
236 }
237 }
238 metadata: {
239 name: "maitred"
240 labels: {
241 app: "maitred"
242 domain: "prod"
243 component: "frontend"
244 }
245 }
246 kind: "Service"
247 apiVersion: "v1"
248 }
249}
250deployment: {
251 maitred: {
252 spec: {
253 replicas: 1
254 selector: {}
255 template: {
256 metadata: {
257 labels: {
258 app: "maitred"
259 domain: "prod"
260 component: "frontend"
261 }
262 annotations: {
263 "prometheus.io.scrape": "true"
264 "prometheus.io.port": "7080"
265 }
266 }
267 spec: {
268 containers: [{
269 name: "maitred"
270 image: "gcr.io/myproj/maitred:v0.0.4"
271 args: []
272 ports: [{
273 containerPort: 7080
274 }]
275 }]
276 }
277 }
278 }
279 metadata: {
280 name: "maitred"
281 labels: {
282 component: "frontend"
283 }
284 }
285 kind: "Deployment"
286 apiVersion: "apps/v1"
287 }
288}
289#Component: "frontend"
290daemonSet: {}
291statefulSet: {}
292configMap: {}
293service: {
294 valeter: {
295 spec: {
296 ports: [{
297 name: "http"
298 port: 8080
299 protocol: "TCP"
300 targetPort: 8080
301 }]
302 selector: {
303 app: "valeter"
304 domain: "prod"
305 component: "frontend"
306 }
307 }
308 metadata: {
309 name: "valeter"
310 labels: {
311 app: "valeter"
312 domain: "prod"
313 component: "frontend"
314 }
315 }
316 kind: "Service"
317 apiVersion: "v1"
318 }
319}
320deployment: {
321 valeter: {
322 spec: {
323 replicas: 1
324 selector: {}
325 template: {
326 metadata: {
327 labels: {
328 app: "valeter"
329 domain: "prod"
330 component: "frontend"
331 }
332 annotations: {
333 "prometheus.io.scrape": "true"
334 "prometheus.io.port": "8080"
335 }
336 }
337 spec: {
338 containers: [{
339 name: "valeter"
340 image: "gcr.io/myproj/valeter:v0.0.4"
341 ports: [{
342 containerPort: 8080
343 }]
344 args: ["-http=:8080", "-etcd=etcd:2379"]
345 }]
346 }
347 }
348 }
349 metadata: {
350 name: "valeter"
351 labels: {
352 component: "frontend"
353 }
354 }
355 kind: "Deployment"
356 apiVersion: "apps/v1"
357 }
358}
359#Component: "frontend"
360daemonSet: {}
361statefulSet: {}
362configMap: {}
363service: {
364 waiter: {
365 spec: {
366 ports: [{
367 port: 7080
368 targetPort: 7080
369 name: "client"
370 protocol: "TCP"
371 }]
372 selector: {
373 app: "waiter"
374 domain: "prod"
375 component: "frontend"
376 }
377 }
378 metadata: {
379 name: "waiter"
380 labels: {
381 app: "waiter"
382 domain: "prod"
383 component: "frontend"
384 }
385 }
386 kind: "Service"
387 apiVersion: "v1"
388 }
389}
390deployment: {
391 waiter: {
392 spec: {
393 replicas: 5
394 selector: {}
395 template: {
396 metadata: {
397 labels: {
398 app: "waiter"
399 domain: "prod"
400 component: "frontend"
401 }
402 annotations: {
403 "prometheus.io.scrape": "true"
404 "prometheus.io.port": "7080"
405 }
406 }
407 spec: {
408 containers: [{
409 name: "waiter"
410 image: "gcr.io/myproj/waiter:v0.3.0"
411 ports: [{
412 containerPort: 7080
413 }]
414 }]
415 }
416 }
417 }
418 metadata: {
419 name: "waiter"
420 labels: {
421 component: "frontend"
422 }
423 }
424 kind: "Deployment"
425 apiVersion: "apps/v1"
426 }
427}
428#Component: "frontend"
429daemonSet: {}
430statefulSet: {}
431configMap: {}
432service: {
433 waterdispatcher: {
434 spec: {
435 ports: [{
436 name: "http"
437 port: 7080
438 protocol: "TCP"
439 targetPort: 7080
440 }]
441 selector: {
442 app: "waterdispatcher"
443 domain: "prod"
444 component: "frontend"
445 }
446 }
447 metadata: {
448 name: "waterdispatcher"
449 labels: {
450 app: "waterdispatcher"
451 domain: "prod"
452 component: "frontend"
453 }
454 }
455 kind: "Service"
456 apiVersion: "v1"
457 }
458}
459deployment: {
460 waterdispatcher: {
461 spec: {
462 replicas: 1
463 selector: {}
464 template: {
465 metadata: {
466 labels: {
467 app: "waterdispatcher"
468 domain: "prod"
469 component: "frontend"
470 }
471 annotations: {
472 "prometheus.io.scrape": "true"
473 "prometheus.io.port": "7080"
474 }
475 }
476 spec: {
477 containers: [{
478 name: "waterdispatcher"
479 image: "gcr.io/myproj/waterdispatcher:v0.0.48"
480 args: ["-http=:8080", "-etcd=etcd:2379"]
481 ports: [{
482 containerPort: 7080
483 }]
484 }]
485 }
486 }
487 }
488 metadata: {
489 name: "waterdispatcher"
490 labels: {
491 component: "frontend"
492 }
493 }
494 kind: "Deployment"
495 apiVersion: "apps/v1"
496 }
497}
498#Component: "frontend"
499daemonSet: {}
500statefulSet: {}
501configMap: {}
502service: {}
503deployment: {}
504#Component: "infra"
505daemonSet: {}
506statefulSet: {}
507configMap: {}
508service: {
509 download: {
510 spec: {
511 ports: [{
512 port: 7080
513 targetPort: 7080
514 name: "client"
515 protocol: "TCP"
516 }]
517 selector: {
518 app: "download"
519 domain: "prod"
520 component: "infra"
521 }
522 }
523 metadata: {
524 name: "download"
525 labels: {
526 app: "download"
527 domain: "prod"
528 component: "infra"
529 }
530 }
531 kind: "Service"
532 apiVersion: "v1"
533 }
534}
535deployment: {
536 download: {
537 spec: {
538 replicas: 1
539 selector: {}
540 template: {
541 metadata: {
542 labels: {
543 app: "download"
544 domain: "prod"
545 component: "infra"
546 }
547 }
548 spec: {
549 containers: [{
550 name: "download"
551 image: "gcr.io/myproj/download:v0.0.2"
552 ports: [{
553 containerPort: 7080
554 }]
555 }]
556 }
557 }
558 }
559 metadata: {
560 name: "download"
561 labels: {
562 component: "infra"
563 }
564 }
565 kind: "Deployment"
566 apiVersion: "apps/v1"
567 }
568}
569#Component: "infra"
570daemonSet: {}
571statefulSet: {}
572configMap: {}
573service: {
574 etcd: {
575 spec: {
576 clusterIP: "None"
577 ports: [{
578 port: 2379
579 targetPort: 2379
580 name: "client"
581 protocol: "TCP"
582 }, {
583 name: "peer"
584 port: 2380
585 protocol: "TCP"
586 targetPort: 2380
587 }]
588 selector: {
589 app: "etcd"
590 component: "infra"
591 domain: "prod"
592 }
593 }
594 metadata: {
595 name: "etcd"
596 labels: {
597 app: "etcd"
598 domain: "prod"
599 component: "infra"
600 }
601 }
602 kind: "Service"
603 apiVersion: "v1"
604 }
605}
606deployment: {}
607#Component: "infra"
608daemonSet: {}
609statefulSet: {
610 etcd: {
611 spec: {
612 serviceName: "etcd"
613 replicas: 3
614 selector: {}
615 template: {
616 metadata: {
617 labels: {
618 app: "etcd"
619 component: "infra"
620 domain: "prod"
621 }
622 annotations: {
623 "prometheus.io.scrape": "true"
624 "prometheus.io.port": "2379"
625 }
626 }
627 spec: {
628 affinity: {
629 podAntiAffinity: {
630 requiredDuringSchedulingIgnoredDuringExecution: [{
631 labelSelector: {
632 matchExpressions: [{
633 key: "app"
634 operator: "In"
635 values: ["etcd"]
636 }]
637 }
638 topologyKey: "kubernetes.io/hostname"
639 }]
640 }
641 }
642 terminationGracePeriodSeconds: 10
643 containers: [{
644 name: "etcd"
645 image: "quay.io/coreos/etcd:v3.3.10"
646 ports: [{
647 name: "client"
648 containerPort: 2379
649 }, {
650 name: "peer"
651 containerPort: 2380
652 }]
653 livenessProbe: {
654 httpGet: {
655 path: "/health"
656 port: "client"
657 }
658 initialDelaySeconds: 30
659 }
660 volumeMounts: [{
661 name: "etcd3"
662 mountPath: "/data"
663 }]
664 env: [{
665 name: "ETCDCTL_API"
666 value: "3"
667 }, {
668 name: "ETCD_AUTO_COMPACTION_RETENTION"
669 value: "4"
670 }, {
671 name: "NAME"
672 valueFrom: {
673 fieldRef: {
674 fieldPath: "metadata.name"
675 }
676 }
677 }, {
678 name: "IP"
679 valueFrom: {
680 fieldRef: {
681 fieldPath: "status.podIP"
682 }
683 }
684 }]
685 command: ["/usr/local/bin/etcd"]
686 args: ["-name", "$(NAME)", "-data-dir", "/data/etcd3", "-initial-advertise-peer-urls", "http://$(IP):2380", "-listen-peer-urls", "http://$(IP):2380", "-listen-client-urls", "http://$(IP):2379,http://127.0.0.1:2379", "-advertise-client-urls", "http://$(IP):2379", "-discovery", "https://discovery.etcd.io/xxxxxx"]
687 }]
688 }
689 }
690 volumeClaimTemplates: [{
691 metadata: {
692 name: "etcd3"
693 annotations: {
694 "volume.alpha.kubernetes.io/storage-class": "default"
695 }
696 }
697 spec: {
698 accessModes: ["ReadWriteOnce"]
699 resources: {
700 requests: {
701 storage: "10Gi"
702 }
703 }
704 }
705 }]
706 }
707 metadata: {
708 name: "etcd"
709 labels: {
710 component: "infra"
711 }
712 }
713 kind: "StatefulSet"
714 apiVersion: "apps/v1"
715 }
716}
717configMap: {}
718service: {
719 events: {
720 spec: {
721 ports: [{
722 name: "grpc"
723 port: 7788
724 protocol: "TCP"
725 targetPort: 7788
726 }]
727 selector: {
728 app: "events"
729 domain: "prod"
730 component: "infra"
731 }
732 }
733 metadata: {
734 name: "events"
735 labels: {
736 app: "events"
737 domain: "prod"
738 component: "infra"
739 }
740 }
741 kind: "Service"
742 apiVersion: "v1"
743 }
744}
745deployment: {
746 events: {
747 spec: {
748 replicas: 2
749 selector: {}
750 template: {
751 metadata: {
752 labels: {
753 app: "events"
754 domain: "prod"
755 component: "infra"
756 }
757 annotations: {
758 "prometheus.io.scrape": "true"
759 "prometheus.io.port": "7080"
760 }
761 }
762 spec: {
763 affinity: {
764 podAntiAffinity: {
765 requiredDuringSchedulingIgnoredDuringExecution: [{
766 labelSelector: {
767 matchExpressions: [{
768 key: "app"
769 operator: "In"
770 values: ["events"]
771 }]
772 }
773 topologyKey: "kubernetes.io/hostname"
774 }]
775 }
776 }
777 volumes: [{
778 name: "secret-volume"
779 secret: {
780 secretName: "biz-secrets"
781 }
782 }]
783 containers: [{
784 name: "events"
785 image: "gcr.io/myproj/events:v0.1.31"
786 ports: [{
787 containerPort: 7080
788 }, {
789 containerPort: 7788
790 }]
791 args: ["-cert=/etc/ssl/server.pem", "-key=/etc/ssl/server.key", "-grpc=:7788"]
792 volumeMounts: [{
793 mountPath: "/etc/ssl"
794 name: "secret-volume"
795 }]
796 }]
797 }
798 }
799 }
800 metadata: {
801 name: "events"
802 labels: {
803 component: "infra"
804 }
805 }
806 kind: "Deployment"
807 apiVersion: "apps/v1"
808 }
809}
810#Component: "infra"
811daemonSet: {}
812statefulSet: {}
813configMap: {}
814service: {
815 tasks: {
816 spec: {
817 type: "LoadBalancer"
818 loadBalancerIP: "1.2.3.4"
819 ports: [{
820 port: 443
821 name: "http"
822 protocol: "TCP"
823 targetPort: 7443
824 }]
825 selector: {
826 app: "tasks"
827 domain: "prod"
828 component: "infra"
829 }
830 }
831 metadata: {
832 name: "tasks"
833 labels: {
834 app: "tasks"
835 domain: "prod"
836 component: "infra"
837 }
838 }
839 kind: "Service"
840 apiVersion: "v1"
841 }
842}
843deployment: {
844 tasks: {
845 spec: {
846 replicas: 1
847 selector: {}
848 template: {
849 metadata: {
850 labels: {
851 app: "tasks"
852 domain: "prod"
853 component: "infra"
854 }
855 annotations: {
856 "prometheus.io.scrape": "true"
857 "prometheus.io.port": "7080"
858 }
859 }
860 spec: {
861 volumes: [{
862 name: "secret-volume"
863 secret: {
864 secretName: "star-example-com-secrets"
865 }
866 }]
867 containers: [{
868 name: "tasks"
869 image: "gcr.io/myproj/tasks:v0.2.6"
870 ports: [{
871 containerPort: 7080
872 }, {
873 containerPort: 7443
874 }]
875 volumeMounts: [{
876 mountPath: "/etc/ssl"
877 name: "secret-volume"
878 }]
879 }]
880 }
881 }
882 }
883 metadata: {
884 name: "tasks"
885 labels: {
886 component: "infra"
887 }
888 }
889 kind: "Deployment"
890 apiVersion: "apps/v1"
891 }
892}
893#Component: "infra"
894daemonSet: {}
895statefulSet: {}
896configMap: {}
897service: {
898 updater: {
899 spec: {
900 ports: [{
901 port: 8080
902 targetPort: 8080
903 name: "client"
904 protocol: "TCP"
905 }]
906 selector: {
907 app: "updater"
908 domain: "prod"
909 component: "infra"
910 }
911 }
912 metadata: {
913 name: "updater"
914 labels: {
915 app: "updater"
916 domain: "prod"
917 component: "infra"
918 }
919 }
920 kind: "Service"
921 apiVersion: "v1"
922 }
923}
924deployment: {
925 updater: {
926 spec: {
927 replicas: 1
928 selector: {}
929 template: {
930 metadata: {
931 labels: {
932 app: "updater"
933 domain: "prod"
934 component: "infra"
935 }
936 }
937 spec: {
938 volumes: [{
939 name: "secret-updater"
940 secret: {
941 secretName: "updater-secrets"
942 }
943 }]
944 containers: [{
945 name: "updater"
946 image: "gcr.io/myproj/updater:v0.1.0"
947 volumeMounts: [{
948 mountPath: "/etc/certs"
949 name: "secret-updater"
950 }]
951 ports: [{
952 containerPort: 8080
953 }]
954 args: ["-key=/etc/certs/updater.pem"]
955 }]
956 }
957 }
958 }
959 metadata: {
960 name: "updater"
961 labels: {
962 component: "infra"
963 }
964 }
965 kind: "Deployment"
966 apiVersion: "apps/v1"
967 }
968}
969#Component: "infra"
970daemonSet: {}
971statefulSet: {}
972configMap: {}
973service: {
974 watcher: {
975 spec: {
976 type: "LoadBalancer"
977 loadBalancerIP: "1.2.3.4."
978 ports: [{
979 name: "http"
980 port: 7788
981 protocol: "TCP"
982 targetPort: 7788
983 }]
984 selector: {
985 app: "watcher"
986 domain: "prod"
987 component: "infra"
988 }
989 }
990 metadata: {
991 name: "watcher"
992 labels: {
993 app: "watcher"
994 domain: "prod"
995 component: "infra"
996 }
997 }
998 kind: "Service"
999 apiVersion: "v1"
1000 }
1001}
1002deployment: {
1003 watcher: {
1004 spec: {
1005 replicas: 1
1006 selector: {}
1007 template: {
1008 metadata: {
1009 labels: {
1010 app: "watcher"
1011 domain: "prod"
1012 component: "infra"
1013 }
1014 }
1015 spec: {
1016 volumes: [{
1017 name: "secret-volume"
1018 secret: {
1019 secretName: "star-example-com-secrets"
1020 }
1021 }]
1022 containers: [{
1023 name: "watcher"
1024 image: "gcr.io/myproj/watcher:v0.1.0"
1025 ports: [{
1026 containerPort: 7080
1027 }, {
1028 containerPort: 7788
1029 }]
1030 volumeMounts: [{
1031 mountPath: "/etc/ssl"
1032 name: "secret-volume"
1033 }]
1034 }]
1035 }
1036 }
1037 }
1038 metadata: {
1039 name: "watcher"
1040 labels: {
1041 component: "infra"
1042 }
1043 }
1044 kind: "Deployment"
1045 apiVersion: "apps/v1"
1046 }
1047}
1048#Component: "infra"
1049daemonSet: {}
1050statefulSet: {}
1051configMap: {}
1052service: {}
1053deployment: {}
1054#Component: "kitchen"
1055daemonSet: {}
1056statefulSet: {}
1057configMap: {}
1058service: {
1059 caller: {
1060 spec: {
1061 ports: [{
1062 port: 8080
1063 targetPort: 8080
1064 name: "client"
1065 protocol: "TCP"
1066 }]
1067 selector: {
1068 app: "caller"
1069 domain: "prod"
1070 component: "kitchen"
1071 }
1072 }
1073 metadata: {
1074 name: "caller"
1075 labels: {
1076 app: "caller"
1077 domain: "prod"
1078 component: "kitchen"
1079 }
1080 }
1081 kind: "Service"
1082 apiVersion: "v1"
1083 }
1084}
1085deployment: {
1086 caller: {
1087 spec: {
1088 replicas: 3
1089 selector: {}
1090 template: {
1091 metadata: {
1092 labels: {
1093 app: "caller"
1094 domain: "prod"
1095 component: "kitchen"
1096 }
1097 annotations: {
1098 "prometheus.io.scrape": "true"
1099 }
1100 }
1101 spec: {
1102 volumes: [{
1103 name: "ssd-caller"
1104 gcePersistentDisk: {
1105 pdName: "ssd-caller"
1106 fsType: "ext4"
1107 }
1108 }, {
1109 name: "secret-caller"
1110 secret: {
1111 secretName: "caller-secrets"
1112 }
1113 }, {
1114 name: "secret-ssh-key"
1115 secret: {
1116 secretName: "secrets"
1117 }
1118 }]
1119 containers: [{
1120 name: "caller"
1121 image: "gcr.io/myproj/caller:v0.20.14"
1122 volumeMounts: [{
1123 name: "ssd-caller"
1124 mountPath: "/logs"
1125 }, {
1126 mountPath: "/etc/certs"
1127 name: "secret-caller"
1128 readOnly: true
1129 }, {
1130 mountPath: "/sslcerts"
1131 name: "secret-ssh-key"
1132 readOnly: true
1133 }]
1134 args: ["-env=prod", "-key=/etc/certs/client.key", "-cert=/etc/certs/client.pem", "-ca=/etc/certs/servfx.ca", "-ssh-tunnel-key=/sslcerts/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788"]
1135 ports: [{
1136 containerPort: 8080
1137 }]
1138 livenessProbe: {
1139 httpGet: {
1140 path: "/debug/health"
1141 port: 8080
1142 }
1143 initialDelaySeconds: 40
1144 periodSeconds: 3
1145 }
1146 }]
1147 }
1148 }
1149 }
1150 metadata: {
1151 name: "caller"
1152 labels: {
1153 component: "kitchen"
1154 }
1155 }
1156 kind: "Deployment"
1157 apiVersion: "apps/v1"
1158 }
1159}
1160#Component: "kitchen"
1161daemonSet: {}
1162statefulSet: {}
1163configMap: {}
1164service: {
1165 dishwasher: {
1166 spec: {
1167 ports: [{
1168 port: 8080
1169 targetPort: 8080
1170 name: "client"
1171 protocol: "TCP"
1172 }]
1173 selector: {
1174 app: "dishwasher"
1175 domain: "prod"
1176 component: "kitchen"
1177 }
1178 }
1179 metadata: {
1180 name: "dishwasher"
1181 labels: {
1182 app: "dishwasher"
1183 domain: "prod"
1184 component: "kitchen"
1185 }
1186 }
1187 kind: "Service"
1188 apiVersion: "v1"
1189 }
1190}
1191deployment: {
1192 dishwasher: {
1193 spec: {
1194 replicas: 5
1195 selector: {}
1196 template: {
1197 metadata: {
1198 labels: {
1199 app: "dishwasher"
1200 domain: "prod"
1201 component: "kitchen"
1202 }
1203 annotations: {
1204 "prometheus.io.scrape": "true"
1205 }
1206 }
1207 spec: {
1208 volumes: [{
1209 name: "dishwasher-disk"
1210 gcePersistentDisk: {
1211 pdName: "dishwasher-disk"
1212 fsType: "ext4"
1213 }
1214 }, {
1215 name: "secret-dishwasher"
1216 secret: {
1217 secretName: "dishwasher-secrets"
1218 }
1219 }, {
1220 name: "secret-ssh-key"
1221 secret: {
1222 secretName: "dishwasher-secrets"
1223 }
1224 }]
1225 containers: [{
1226 name: "dishwasher"
1227 image: "gcr.io/myproj/dishwasher:v0.2.13"
1228 volumeMounts: [{
1229 name: "dishwasher-disk"
1230 mountPath: "/logs"
1231 }, {
1232 mountPath: "/sslcerts"
1233 name: "secret-dishwasher"
1234 readOnly: true
1235 }, {
1236 mountPath: "/etc/certs"
1237 name: "secret-ssh-key"
1238 readOnly: true
1239 }]
1240 args: ["-env=prod", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788"]
1241 ports: [{
1242 containerPort: 8080
1243 }]
1244 livenessProbe: {
1245 httpGet: {
1246 path: "/debug/health"
1247 port: 8080
1248 }
1249 initialDelaySeconds: 40
1250 periodSeconds: 3
1251 }
1252 }]
1253 }
1254 }
1255 }
1256 metadata: {
1257 name: "dishwasher"
1258 labels: {
1259 component: "kitchen"
1260 }
1261 }
1262 kind: "Deployment"
1263 apiVersion: "apps/v1"
1264 }
1265}
1266#Component: "kitchen"
1267daemonSet: {}
1268statefulSet: {}
1269configMap: {}
1270service: {
1271 expiditer: {
1272 spec: {
1273 ports: [{
1274 port: 8080
1275 targetPort: 8080
1276 name: "client"
1277 protocol: "TCP"
1278 }]
1279 selector: {
1280 app: "expiditer"
1281 domain: "prod"
1282 component: "kitchen"
1283 }
1284 }
1285 metadata: {
1286 name: "expiditer"
1287 labels: {
1288 app: "expiditer"
1289 domain: "prod"
1290 component: "kitchen"
1291 }
1292 }
1293 kind: "Service"
1294 apiVersion: "v1"
1295 }
1296}
1297deployment: {
1298 expiditer: {
1299 spec: {
1300 replicas: 1
1301 selector: {}
1302 template: {
1303 metadata: {
1304 labels: {
1305 app: "expiditer"
1306 domain: "prod"
1307 component: "kitchen"
1308 }
1309 annotations: {
1310 "prometheus.io.scrape": "true"
1311 }
1312 }
1313 spec: {
1314 volumes: [{
1315 name: "expiditer-disk"
1316 gcePersistentDisk: {
1317 pdName: "expiditer-disk"
1318 fsType: "ext4"
1319 }
1320 }, {
1321 name: "secret-expiditer"
1322 secret: {
1323 secretName: "expiditer-secrets"
1324 }
1325 }]
1326 containers: [{
1327 name: "expiditer"
1328 image: "gcr.io/myproj/expiditer:v0.5.34"
1329 args: ["-env=prod", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788"]
1330 ports: [{
1331 containerPort: 8080
1332 }]
1333 volumeMounts: [{
1334 name: "expiditer-disk"
1335 mountPath: "/logs"
1336 }, {
1337 mountPath: "/etc/certs"
1338 name: "secret-expiditer"
1339 readOnly: true
1340 }]
1341 livenessProbe: {
1342 httpGet: {
1343 path: "/debug/health"
1344 port: 8080
1345 }
1346 initialDelaySeconds: 40
1347 periodSeconds: 3
1348 }
1349 }]
1350 }
1351 }
1352 }
1353 metadata: {
1354 name: "expiditer"
1355 labels: {
1356 component: "kitchen"
1357 }
1358 }
1359 kind: "Deployment"
1360 apiVersion: "apps/v1"
1361 }
1362}
1363#Component: "kitchen"
1364daemonSet: {}
1365statefulSet: {}
1366configMap: {}
1367service: {
1368 headchef: {
1369 spec: {
1370 ports: [{
1371 port: 8080
1372 targetPort: 8080
1373 name: "client"
1374 protocol: "TCP"
1375 }]
1376 selector: {
1377 app: "headchef"
1378 domain: "prod"
1379 component: "kitchen"
1380 }
1381 }
1382 metadata: {
1383 name: "headchef"
1384 labels: {
1385 app: "headchef"
1386 domain: "prod"
1387 component: "kitchen"
1388 }
1389 }
1390 kind: "Service"
1391 apiVersion: "v1"
1392 }
1393}
1394deployment: {
1395 headchef: {
1396 spec: {
1397 replicas: 1
1398 selector: {}
1399 template: {
1400 metadata: {
1401 labels: {
1402 app: "headchef"
1403 domain: "prod"
1404 component: "kitchen"
1405 }
1406 annotations: {
1407 "prometheus.io.scrape": "true"
1408 }
1409 }
1410 spec: {
1411 volumes: [{
1412 name: "headchef-disk"
1413 gcePersistentDisk: {
1414 pdName: "headchef-disk"
1415 fsType: "ext4"
1416 }
1417 }, {
1418 name: "secret-headchef"
1419 secret: {
1420 secretName: "headchef-secrets"
1421 }
1422 }]
1423 containers: [{
1424 name: "headchef"
1425 image: "gcr.io/myproj/headchef:v0.2.16"
1426 volumeMounts: [{
1427 name: "headchef-disk"
1428 mountPath: "/logs"
1429 }, {
1430 mountPath: "/sslcerts"
1431 name: "secret-headchef"
1432 readOnly: true
1433 }]
1434 args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788"]
1435 ports: [{
1436 containerPort: 8080
1437 }]
1438 livenessProbe: {
1439 httpGet: {
1440 path: "/debug/health"
1441 port: 8080
1442 }
1443 initialDelaySeconds: 40
1444 periodSeconds: 3
1445 }
1446 }]
1447 }
1448 }
1449 }
1450 metadata: {
1451 name: "headchef"
1452 labels: {
1453 component: "kitchen"
1454 }
1455 }
1456 kind: "Deployment"
1457 apiVersion: "apps/v1"
1458 }
1459}
1460#Component: "kitchen"
1461daemonSet: {}
1462statefulSet: {}
1463configMap: {}
1464service: {
1465 linecook: {
1466 spec: {
1467 ports: [{
1468 port: 8080
1469 targetPort: 8080
1470 name: "client"
1471 protocol: "TCP"
1472 }]
1473 selector: {
1474 app: "linecook"
1475 domain: "prod"
1476 component: "kitchen"
1477 }
1478 }
1479 metadata: {
1480 name: "linecook"
1481 labels: {
1482 app: "linecook"
1483 domain: "prod"
1484 component: "kitchen"
1485 }
1486 }
1487 kind: "Service"
1488 apiVersion: "v1"
1489 }
1490}
1491deployment: {
1492 linecook: {
1493 spec: {
1494 replicas: 1
1495 selector: {}
1496 template: {
1497 metadata: {
1498 labels: {
1499 app: "linecook"
1500 domain: "prod"
1501 component: "kitchen"
1502 }
1503 annotations: {
1504 "prometheus.io.scrape": "true"
1505 }
1506 }
1507 spec: {
1508 volumes: [{
1509 name: "linecook-disk"
1510 gcePersistentDisk: {
1511 pdName: "linecook-disk"
1512 fsType: "ext4"
1513 }
1514 }, {
1515 name: "secret-kitchen"
1516 secret: {
1517 secretName: "secrets"
1518 }
1519 }]
1520 containers: [{
1521 name: "linecook"
1522 image: "gcr.io/myproj/linecook:v0.1.42"
1523 volumeMounts: [{
1524 name: "linecook-disk"
1525 mountPath: "/logs"
1526 }, {
1527 name: "secret-kitchen"
1528 mountPath: "/etc/certs"
1529 readOnly: true
1530 }]
1531 args: ["-name=linecook", "-env=prod", "-logdir=/logs", "-event-server=events:7788", "-etcd", "etcd:2379", "-reconnect-delay", "1h", "-recovery-overlap", "100000"]
1532 ports: [{
1533 containerPort: 8080
1534 }]
1535 livenessProbe: {
1536 httpGet: {
1537 path: "/debug/health"
1538 port: 8080
1539 }
1540 initialDelaySeconds: 40
1541 periodSeconds: 3
1542 }
1543 }]
1544 }
1545 }
1546 }
1547 metadata: {
1548 name: "linecook"
1549 labels: {
1550 component: "kitchen"
1551 }
1552 }
1553 kind: "Deployment"
1554 apiVersion: "apps/v1"
1555 }
1556}
1557#Component: "kitchen"
1558daemonSet: {}
1559statefulSet: {}
1560configMap: {}
1561service: {
1562 pastrychef: {
1563 spec: {
1564 ports: [{
1565 port: 8080
1566 targetPort: 8080
1567 name: "client"
1568 protocol: "TCP"
1569 }]
1570 selector: {
1571 app: "pastrychef"
1572 domain: "prod"
1573 component: "kitchen"
1574 }
1575 }
1576 metadata: {
1577 name: "pastrychef"
1578 labels: {
1579 app: "pastrychef"
1580 domain: "prod"
1581 component: "kitchen"
1582 }
1583 }
1584 kind: "Service"
1585 apiVersion: "v1"
1586 }
1587}
1588deployment: {
1589 pastrychef: {
1590 spec: {
1591 replicas: 1
1592 selector: {}
1593 template: {
1594 metadata: {
1595 labels: {
1596 app: "pastrychef"
1597 domain: "prod"
1598 component: "kitchen"
1599 }
1600 annotations: {
1601 "prometheus.io.scrape": "true"
1602 }
1603 }
1604 spec: {
1605 volumes: [{
1606 name: "pastrychef-disk"
1607 gcePersistentDisk: {
1608 pdName: "pastrychef-disk"
1609 fsType: "ext4"
1610 }
1611 }, {
1612 name: "secret-ssh-key"
1613 secret: {
1614 secretName: "secrets"
1615 }
1616 }]
1617 containers: [{
1618 name: "pastrychef"
1619 image: "gcr.io/myproj/pastrychef:v0.1.15"
1620 volumeMounts: [{
1621 name: "pastrychef-disk"
1622 mountPath: "/logs"
1623 }, {
1624 name: "secret-ssh-key"
1625 mountPath: "/etc/certs"
1626 readOnly: true
1627 }]
1628 args: ["-env=prod", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788", "-reconnect-delay=1m", "-etcd=etcd:2379", "-recovery-overlap=10000"]
1629 ports: [{
1630 containerPort: 8080
1631 }]
1632 livenessProbe: {
1633 httpGet: {
1634 path: "/debug/health"
1635 port: 8080
1636 }
1637 initialDelaySeconds: 40
1638 periodSeconds: 3
1639 }
1640 }]
1641 }
1642 }
1643 }
1644 metadata: {
1645 name: "pastrychef"
1646 labels: {
1647 component: "kitchen"
1648 }
1649 }
1650 kind: "Deployment"
1651 apiVersion: "apps/v1"
1652 }
1653}
1654#Component: "kitchen"
1655daemonSet: {}
1656statefulSet: {}
1657configMap: {}
1658service: {
1659 souschef: {
1660 spec: {
1661 ports: [{
1662 port: 8080
1663 targetPort: 8080
1664 name: "client"
1665 protocol: "TCP"
1666 }]
1667 selector: {
1668 app: "souschef"
1669 domain: "prod"
1670 component: "kitchen"
1671 }
1672 }
1673 metadata: {
1674 name: "souschef"
1675 labels: {
1676 app: "souschef"
1677 domain: "prod"
1678 component: "kitchen"
1679 }
1680 }
1681 kind: "Service"
1682 apiVersion: "v1"
1683 }
1684}
1685deployment: {
1686 souschef: {
1687 spec: {
1688 replicas: 1
1689 selector: {}
1690 template: {
1691 metadata: {
1692 labels: {
1693 app: "souschef"
1694 domain: "prod"
1695 component: "kitchen"
1696 }
1697 annotations: {
1698 "prometheus.io.scrape": "true"
1699 }
1700 }
1701 spec: {
1702 containers: [{
1703 name: "souschef"
1704 image: "gcr.io/myproj/souschef:v0.5.3"
1705 ports: [{
1706 containerPort: 8080
1707 }]
1708 livenessProbe: {
1709 httpGet: {
1710 path: "/debug/health"
1711 port: 8080
1712 }
1713 initialDelaySeconds: 40
1714 periodSeconds: 3
1715 }
1716 }]
1717 }
1718 }
1719 }
1720 metadata: {
1721 name: "souschef"
1722 labels: {
1723 component: "kitchen"
1724 }
1725 }
1726 kind: "Deployment"
1727 apiVersion: "apps/v1"
1728 }
1729}
1730#Component: "kitchen"
1731daemonSet: {}
1732statefulSet: {}
1733configMap: {}
1734service: {}
1735deployment: {}
1736#Component: "mon"
1737daemonSet: {}
1738statefulSet: {}
1739configMap: {}
1740service: {
1741 alertmanager: {
1742 metadata: {
1743 name: "alertmanager"
1744 annotations: {
1745 "prometheus.io/scrape": "true"
1746 "prometheus.io/path": "/metrics"
1747 }
1748 labels: {
1749 app: "alertmanager"
1750 domain: "prod"
1751 component: "mon"
1752 }
1753 }
1754 spec: {
1755 ports: [{
1756 name: "main"
1757 port: 9093
1758 protocol: "TCP"
1759 targetPort: 9093
1760 }]
1761 selector: {
1762 app: "alertmanager"
1763 domain: "prod"
1764 component: "mon"
1765 }
1766 }
1767 kind: "Service"
1768 apiVersion: "v1"
1769 }
1770}
1771deployment: {
1772 alertmanager: {
1773 spec: {
1774 replicas: 1
1775 selector: {
1776 matchLabels: {
1777 app: "alertmanager"
1778 }
1779 }
1780 template: {
1781 metadata: {
1782 name: "alertmanager"
1783 labels: {
1784 app: "alertmanager"
1785 domain: "prod"
1786 component: "mon"
1787 }
1788 }
1789 spec: {
1790 containers: [{
1791 name: "alertmanager"
1792 image: "prom/alertmanager:v0.15.2"
1793 args: ["--config.file=/etc/alertmanager/alerts.yaml", "--storage.path=/alertmanager", "--web.external-url=https://alertmanager.example.com"]
1794 ports: [{
1795 name: "alertmanager"
1796 containerPort: 9093
1797 }]
1798 volumeMounts: [{
1799 name: "config-volume"
1800 mountPath: "/etc/alertmanager"
1801 }, {
1802 name: "alertmanager"
1803 mountPath: "/alertmanager"
1804 }]
1805 }]
1806 volumes: [{
1807 name: "config-volume"
1808 configMap: {
1809 name: "alertmanager"
1810 }
1811 }, {
1812 name: "alertmanager"
1813 emptyDir: {}
1814 }]
1815 }
1816 }
1817 }
1818 metadata: {
1819 name: "alertmanager"
1820 labels: {
1821 component: "mon"
1822 }
1823 }
1824 kind: "Deployment"
1825 apiVersion: "apps/v1"
1826 }
1827}
1828#Component: "mon"
1829daemonSet: {}
1830statefulSet: {}
1831configMap: {
1832 alertmanager: {
1833 apiVersion: "v1"
1834 kind: "ConfigMap"
1835 data: {
1836 "alerts.yaml": """
1837 receivers:
1838 - name: pager
1839 slack_configs:
1840 - channel: '#cloudmon'
1841 text: |-
1842 {{ range .Alerts }}{{ .Annotations.description }}
1843 {{ end }}
1844 send_resolved: true
1845 route:
1846 receiver: pager
1847 group_by:
1848 - alertname
1849 - cluster
1850
1851 """
1852 }
1853 metadata: {
1854 name: "alertmanager"
1855 labels: {
1856 component: "mon"
1857 }
1858 }
1859 }
1860}
1861service: {
1862 grafana: {
1863 spec: {
1864 ports: [{
1865 name: "grafana"
1866 port: 3000
1867 protocol: "TCP"
1868 targetPort: 3000
1869 }]
1870 selector: {
1871 app: "grafana"
1872 domain: "prod"
1873 component: "mon"
1874 }
1875 }
1876 metadata: {
1877 name: "grafana"
1878 labels: {
1879 app: "grafana"
1880 domain: "prod"
1881 component: "mon"
1882 }
1883 }
1884 kind: "Service"
1885 apiVersion: "v1"
1886 }
1887}
1888deployment: {
1889 grafana: {
1890 metadata: {
1891 name: "grafana"
1892 labels: {
1893 app: "grafana"
1894 component: "mon"
1895 }
1896 }
1897 spec: {
1898 replicas: 1
1899 selector: {}
1900 template: {
1901 metadata: {
1902 labels: {
1903 app: "grafana"
1904 domain: "prod"
1905 component: "mon"
1906 }
1907 }
1908 spec: {
1909 volumes: [{
1910 name: "grafana-volume"
1911 gcePersistentDisk: {
1912 pdName: "grafana-volume"
1913 fsType: "ext4"
1914 }
1915 }]
1916 containers: [{
1917 name: "grafana"
1918 image: "grafana/grafana:4.5.2"
1919 ports: [{
1920 containerPort: 8080
1921 }]
1922 resources: {
1923 limits: {
1924 cpu: "100m"
1925 memory: "100Mi"
1926 }
1927 requests: {
1928 cpu: "100m"
1929 memory: "100Mi"
1930 }
1931 }
1932 env: [{
1933 name: "GF_AUTH_BASIC_ENABLED"
1934 value: "false"
1935 }, {
1936 name: "GF_AUTH_ANONYMOUS_ENABLED"
1937 value: "true"
1938 }, {
1939 name: "GF_AUTH_ANONYMOUS_ORG_ROLE"
1940 value: "admin"
1941 }]
1942 volumeMounts: [{
1943 name: "grafana-volume"
1944 mountPath: "/var/lib/grafana"
1945 }]
1946 }]
1947 }
1948 }
1949 }
1950 kind: "Deployment"
1951 apiVersion: "apps/v1"
1952 }
1953}
1954#Component: "mon"
1955daemonSet: {}
1956statefulSet: {}
1957configMap: {}
1958service: {
1959 "node-exporter": {
1960 metadata: {
1961 name: "node-exporter"
1962 annotations: {
1963 "prometheus.io/scrape": "true"
1964 }
1965 labels: {
1966 app: "node-exporter"
1967 domain: "prod"
1968 component: "mon"
1969 }
1970 }
1971 spec: {
1972 type: "ClusterIP"
1973 clusterIP: "None"
1974 ports: [{
1975 name: "metrics"
1976 port: 9100
1977 protocol: "TCP"
1978 targetPort: 9100
1979 }]
1980 selector: {
1981 app: "node-exporter"
1982 component: "mon"
1983 domain: "prod"
1984 }
1985 }
1986 kind: "Service"
1987 apiVersion: "v1"
1988 }
1989}
1990deployment: {}
1991#Component: "mon"
1992daemonSet: {
1993 "node-exporter": {
1994 spec: {
1995 selector: {}
1996 template: {
1997 metadata: {
1998 name: "node-exporter"
1999 labels: {
2000 app: "node-exporter"
2001 component: "mon"
2002 domain: "prod"
2003 }
2004 }
2005 spec: {
2006 hostNetwork: true
2007 hostPID: true
2008 containers: [{
2009 name: "node-exporter"
2010 image: "quay.io/prometheus/node-exporter:v0.16.0"
2011 args: ["--path.procfs=/host/proc", "--path.sysfs=/host/sys"]
2012 ports: [{
2013 containerPort: 9100
2014 hostPort: 9100
2015 name: "scrape"
2016 }]
2017 resources: {
2018 requests: {
2019 memory: "30Mi"
2020 cpu: "100m"
2021 }
2022 limits: {
2023 memory: "50Mi"
2024 cpu: "200m"
2025 }
2026 }
2027 volumeMounts: [{
2028 name: "proc"
2029 readOnly: true
2030 mountPath: "/host/proc"
2031 }, {
2032 name: "sys"
2033 readOnly: true
2034 mountPath: "/host/sys"
2035 }]
2036 }]
2037 volumes: [{
2038 name: "proc"
2039 hostPath: {
2040 path: "/proc"
2041 }
2042 }, {
2043 name: "sys"
2044 hostPath: {
2045 path: "/sys"
2046 }
2047 }]
2048 }
2049 }
2050 }
2051 metadata: {
2052 name: "node-exporter"
2053 labels: {
2054 component: "mon"
2055 }
2056 }
2057 kind: "DaemonSet"
2058 apiVersion: "apps/v1"
2059 }
2060}
2061statefulSet: {}
2062configMap: {}
2063service: {
2064 prometheus: {
2065 metadata: {
2066 name: "prometheus"
2067 annotations: {
2068 "prometheus.io/scrape": "true"
2069 }
2070 labels: {
2071 app: "prometheus"
2072 domain: "prod"
2073 component: "mon"
2074 }
2075 }
2076 spec: {
2077 type: "NodePort"
2078 ports: [{
2079 name: "main"
2080 nodePort: 30900
2081 port: 9090
2082 protocol: "TCP"
2083 targetPort: 9090
2084 }]
2085 selector: {
2086 app: "prometheus"
2087 domain: "prod"
2088 component: "mon"
2089 }
2090 }
2091 kind: "Service"
2092 apiVersion: "v1"
2093 }
2094}
2095deployment: {
2096 prometheus: {
2097 spec: {
2098 replicas: 1
2099 strategy: {
2100 rollingUpdate: {
2101 maxSurge: 0
2102 maxUnavailable: 1
2103 }
2104 type: "RollingUpdate"
2105 }
2106 selector: {
2107 matchLabels: {
2108 app: "prometheus"
2109 }
2110 }
2111 template: {
2112 metadata: {
2113 name: "prometheus"
2114 labels: {
2115 app: "prometheus"
2116 domain: "prod"
2117 component: "mon"
2118 }
2119 annotations: {
2120 "prometheus.io.scrape": "true"
2121 }
2122 }
2123 spec: {
2124 containers: [{
2125 name: "prometheus"
2126 image: "prom/prometheus:v2.4.3"
2127 args: ["--config.file=/etc/prometheus/prometheus.yml", "--web.external-url=https://prometheus.example.com"]
2128 ports: [{
2129 name: "web"
2130 containerPort: 9090
2131 }]
2132 volumeMounts: [{
2133 name: "config-volume"
2134 mountPath: "/etc/prometheus"
2135 }]
2136 }]
2137 volumes: [{
2138 name: "config-volume"
2139 configMap: {
2140 name: "prometheus"
2141 }
2142 }]
2143 }
2144 }
2145 }
2146 metadata: {
2147 name: "prometheus"
2148 labels: {
2149 component: "mon"
2150 }
2151 }
2152 kind: "Deployment"
2153 apiVersion: "apps/v1"
2154 }
2155}
2156#Component: "mon"
2157daemonSet: {}
2158statefulSet: {}
2159configMap: {
2160 prometheus: {
2161 apiVersion: "v1"
2162 kind: "ConfigMap"
2163 data: {
2164 "alert.rules": """
2165 groups:
2166 - name: rules.yaml
2167 rules:
2168 - alert: InstanceDown
2169 expr: up == 0
2170 for: 30s
2171 labels:
2172 severity: page
2173 annotations:
2174 description: '{{$labels.app}} of job {{ $labels.job }} has been down for more than 30 seconds.'
2175 summary: Instance {{$labels.app}} down
2176 - alert: InsufficientPeers
2177 expr: count(up{job="etcd"} == 0) > (count(up{job="etcd"}) / 2 - 1)
2178 for: 3m
2179 labels:
2180 severity: page
2181 annotations:
2182 description: If one more etcd peer goes down the cluster will be unavailable
2183 summary: etcd cluster small
2184 - alert: EtcdNoMaster
2185 expr: sum(etcd_server_has_leader{app="etcd"}) == 0
2186 for: 1s
2187 labels:
2188 severity: page
2189 annotations:
2190 summary: No ETCD master elected.
2191 - alert: PodRestart
2192 expr: (max_over_time(pod_container_status_restarts_total[5m]) - min_over_time(pod_container_status_restarts_total[5m])) > 2
2193 for: 1m
2194 labels:
2195 severity: page
2196 annotations:
2197 description: '{{$labels.app}} {{ $labels.container }} resturted {{ $value }} times in 5m.'
2198 summary: Pod for {{$labels.container}} restarts too often
2199
2200 """
2201 "prometheus.yml": """
2202 global:
2203 scrape_interval: 15s
2204 rule_files:
2205 - /etc/prometheus/alert.rules
2206 alerting:
2207 alertmanagers:
2208 - scheme: http
2209 static_configs:
2210 - targets:
2211 - alertmanager:9093
2212 scrape_configs:
2213 - job_name: kubernetes-apiservers
2214 kubernetes_sd_configs:
2215 - role: endpoints
2216 scheme: https
2217 tls_config:
2218 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
2219 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
2220 relabel_configs:
2221 - source_labels:
2222 - __meta_kubernetes_namespace
2223 - __meta_kubernetes_service_name
2224 - __meta_kubernetes_endpoint_port_name
2225 action: keep
2226 regex: default;kubernetes;https
2227 - job_name: kubernetes-nodes
2228 scheme: https
2229 tls_config:
2230 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
2231 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
2232 kubernetes_sd_configs:
2233 - role: node
2234 relabel_configs:
2235 - action: labelmap
2236 regex: __meta_kubernetes_node_label_(.+)
2237 - target_label: __address__
2238 replacement: kubernetes.default.svc:443
2239 - source_labels:
2240 - __meta_kubernetes_node_name
2241 regex: (.+)
2242 target_label: __metrics_path__
2243 replacement: /api/v1/nodes/${1}/proxy/metrics
2244 - job_name: kubernetes-cadvisor
2245 scheme: https
2246 tls_config:
2247 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
2248 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
2249 kubernetes_sd_configs:
2250 - role: node
2251 relabel_configs:
2252 - action: labelmap
2253 regex: __meta_kubernetes_node_label_(.+)
2254 - target_label: __address__
2255 replacement: kubernetes.default.svc:443
2256 - source_labels:
2257 - __meta_kubernetes_node_name
2258 regex: (.+)
2259 target_label: __metrics_path__
2260 replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
2261 - job_name: kubernetes-service-endpoints
2262 kubernetes_sd_configs:
2263 - role: endpoints
2264 relabel_configs:
2265 - source_labels:
2266 - __meta_kubernetes_service_annotation_prometheus_io_scrape
2267 action: keep
2268 regex: true
2269 - source_labels:
2270 - __meta_kubernetes_service_annotation_prometheus_io_scheme
2271 action: replace
2272 target_label: __scheme__
2273 regex: (https?)
2274 - source_labels:
2275 - __meta_kubernetes_service_annotation_prometheus_io_path
2276 action: replace
2277 target_label: __metrics_path__
2278 regex: (.+)
2279 - source_labels:
2280 - __address__
2281 - __meta_kubernetes_service_annotation_prometheus_io_port
2282 action: replace
2283 target_label: __address__
2284 regex: ([^:]+)(?::\\d+)?;(\\d+)
2285 replacement: $1:$2
2286 - action: labelmap
2287 regex: __meta_kubernetes_service_label_(.+)
2288 - source_labels:
2289 - __meta_kubernetes_namespace
2290 action: replace
2291 target_label: kubernetes_namespace
2292 - source_labels:
2293 - __meta_kubernetes_service_name
2294 action: replace
2295 target_label: kubernetes_name
2296 - job_name: kubernetes-services
2297 metrics_path: /probe
2298 params:
2299 module:
2300 - http_2xx
2301 kubernetes_sd_configs:
2302 - role: service
2303 relabel_configs:
2304 - source_labels:
2305 - __meta_kubernetes_service_annotation_prometheus_io_probe
2306 action: keep
2307 regex: true
2308 - source_labels:
2309 - __address__
2310 target_label: __param_target
2311 - target_label: __address__
2312 replacement: blackbox-exporter.example.com:9115
2313 - source_labels:
2314 - __param_target
2315 target_label: app
2316 - action: labelmap
2317 regex: __meta_kubernetes_service_label_(.+)
2318 - source_labels:
2319 - __meta_kubernetes_namespace
2320 target_label: kubernetes_namespace
2321 - source_labels:
2322 - __meta_kubernetes_service_name
2323 target_label: kubernetes_name
2324 - job_name: kubernetes-ingresses
2325 metrics_path: /probe
2326 params:
2327 module:
2328 - http_2xx
2329 kubernetes_sd_configs:
2330 - role: ingress
2331 relabel_configs:
2332 - source_labels:
2333 - __meta_kubernetes_ingress_annotation_prometheus_io_probe
2334 action: keep
2335 regex: true
2336 - source_labels:
2337 - __meta_kubernetes_ingress_scheme
2338 - __address__
2339 - __meta_kubernetes_ingress_path
2340 regex: (.+);(.+);(.+)
2341 replacement: ${1}://${2}${3}
2342 target_label: __param_target
2343 - target_label: __address__
2344 replacement: blackbox-exporter.example.com:9115
2345 - source_labels:
2346 - __param_target
2347 target_label: app
2348 - action: labelmap
2349 regex: __meta_kubernetes_ingress_label_(.+)
2350 - source_labels:
2351 - __meta_kubernetes_namespace
2352 target_label: kubernetes_namespace
2353 - source_labels:
2354 - __meta_kubernetes_ingress_name
2355 target_label: kubernetes_name
2356 - job_name: kubernetes-pods
2357 kubernetes_sd_configs:
2358 - role: pod
2359 relabel_configs:
2360 - source_labels:
2361 - __meta_kubernetes_pod_annotation_prometheus_io_scrape
2362 action: keep
2363 regex: true
2364 - source_labels:
2365 - __meta_kubernetes_pod_annotation_prometheus_io_path
2366 action: replace
2367 target_label: __metrics_path__
2368 regex: (.+)
2369 - source_labels:
2370 - __address__
2371 - __meta_kubernetes_pod_annotation_prometheus_io_port
2372 action: replace
2373 regex: ([^:]+)(?::\\d+)?;(\\d+)
2374 replacement: $1:$2
2375 target_label: __address__
2376 - action: labelmap
2377 regex: __meta_kubernetes_pod_label_(.+)
2378 - source_labels:
2379 - __meta_kubernetes_namespace
2380 action: replace
2381 target_label: kubernetes_namespace
2382 - source_labels:
2383 - __meta_kubernetes_pod_name
2384 action: replace
2385 target_label: kubernetes_pod_name
2386
2387 """
2388 }
2389 metadata: {
2390 name: "prometheus"
2391 labels: {
2392 component: "mon"
2393 }
2394 }
2395 }
2396}
2397service: {}
2398deployment: {}
2399#Component: "proxy"
2400daemonSet: {}
2401statefulSet: {}
2402configMap: {}
2403service: {
2404 authproxy: {
2405 spec: {
2406 ports: [{
2407 port: 4180
2408 targetPort: 4180
2409 name: "client"
2410 protocol: "TCP"
2411 }]
2412 selector: {
2413 app: "authproxy"
2414 domain: "prod"
2415 component: "proxy"
2416 }
2417 }
2418 metadata: {
2419 name: "authproxy"
2420 labels: {
2421 app: "authproxy"
2422 domain: "prod"
2423 component: "proxy"
2424 }
2425 }
2426 kind: "Service"
2427 apiVersion: "v1"
2428 }
2429}
2430deployment: {
2431 authproxy: {
2432 spec: {
2433 replicas: 1
2434 selector: {}
2435 template: {
2436 metadata: {
2437 labels: {
2438 app: "authproxy"
2439 domain: "prod"
2440 component: "proxy"
2441 }
2442 }
2443 spec: {
2444 containers: [{
2445 name: "authproxy"
2446 image: "skippy/oauth2_proxy:2.0.1"
2447 ports: [{
2448 containerPort: 4180
2449 }]
2450 args: ["--config=/etc/authproxy/authproxy.cfg"]
2451 volumeMounts: [{
2452 name: "config-volume"
2453 mountPath: "/etc/authproxy"
2454 }]
2455 }]
2456 volumes: [{
2457 name: "config-volume"
2458 configMap: {
2459 name: "authproxy"
2460 }
2461 }]
2462 }
2463 }
2464 }
2465 metadata: {
2466 name: "authproxy"
2467 labels: {
2468 component: "proxy"
2469 }
2470 }
2471 kind: "Deployment"
2472 apiVersion: "apps/v1"
2473 }
2474}
2475#Component: "proxy"
2476daemonSet: {}
2477statefulSet: {}
2478configMap: {
2479 authproxy: {
2480 apiVersion: "v1"
2481 kind: "ConfigMap"
2482 data: {
2483 "authproxy.cfg": """
2484 # Google Auth Proxy Config File
2485 ## https://github.com/bitly/google_auth_proxy
2486
2487 ## <addr>:<port> to listen on for HTTP clients
2488 http_address = "0.0.0.0:4180"
2489
2490 ## the OAuth Redirect URL.
2491 redirect_url = "https://auth.example.com/oauth2/callback"
2492
2493 ## the http url(s) of the upstream endpoint. If multiple, routing is based on path
2494 upstreams = [
2495 # frontend
2496 "http://frontend-waiter:7080/dpr/",
2497 "http://frontend-maitred:7080/ui/",
2498 "http://frontend-maitred:7080/ui",
2499 "http://frontend-maitred:7080/report/",
2500 "http://frontend-maitred:7080/report",
2501 "http://frontend-maitred:7080/static/",
2502 # kitchen
2503 "http://kitchen-chef:8080/visit",
2504 # infrastructure
2505 "http://download:7080/file/",
2506 "http://download:7080/archive",
2507 "http://tasks:7080/tasks",
2508 "http://tasks:7080/tasks/",
2509 ]
2510
2511 ## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
2512 pass_basic_auth = true
2513 request_logging = true
2514
2515 ## Google Apps Domains to allow authentication for
2516 google_apps_domains = [
2517 "mod.test",
2518 ]
2519
2520 email_domains = [
2521 "mod.test",
2522 ]
2523
2524 ## The Google OAuth Client ID, Secret
2525 client_id = "---"
2526 client_secret = "---"
2527
2528 ## Cookie Settings
2529 ## Secret - the seed string for secure cookies
2530 ## Domain - optional cookie domain to force cookies to (ie: .yourcompany.com)
2531 ## Expire - expire timeframe for cookie
2532 cookie_secret = "won't tell you"
2533 cookie_domain = ".example.com"
2534 cookie_https_only = true
2535 """
2536 }
2537 metadata: {
2538 name: "authproxy"
2539 labels: {
2540 component: "proxy"
2541 }
2542 }
2543 }
2544}
2545service: {
2546 goget: {
2547 spec: {
2548 type: "LoadBalancer"
2549 loadBalancerIP: "1.3.5.7"
2550 ports: [{
2551 port: 443
2552 name: "https"
2553 protocol: "TCP"
2554 targetPort: 7443
2555 }]
2556 selector: {
2557 app: "goget"
2558 domain: "prod"
2559 component: "proxy"
2560 }
2561 }
2562 metadata: {
2563 name: "goget"
2564 labels: {
2565 app: "goget"
2566 domain: "prod"
2567 component: "proxy"
2568 }
2569 }
2570 kind: "Service"
2571 apiVersion: "v1"
2572 }
2573}
2574deployment: {
2575 goget: {
2576 spec: {
2577 replicas: 1
2578 selector: {}
2579 template: {
2580 metadata: {
2581 labels: {
2582 app: "goget"
2583 domain: "prod"
2584 component: "proxy"
2585 }
2586 }
2587 spec: {
2588 volumes: [{
2589 name: "secret-volume"
2590 secret: {
2591 secretName: "goget-secrets"
2592 }
2593 }]
2594 containers: [{
2595 name: "goget"
2596 image: "gcr.io/myproj/goget:v0.5.1"
2597 ports: [{
2598 containerPort: 7443
2599 }]
2600 volumeMounts: [{
2601 mountPath: "/etc/ssl"
2602 name: "secret-volume"
2603 }]
2604 }]
2605 }
2606 }
2607 }
2608 metadata: {
2609 name: "goget"
2610 labels: {
2611 component: "proxy"
2612 }
2613 }
2614 kind: "Deployment"
2615 apiVersion: "apps/v1"
2616 }
2617}
2618#Component: "proxy"
2619daemonSet: {}
2620statefulSet: {}
2621configMap: {}
2622service: {
2623 nginx: {
2624 spec: {
2625 type: "LoadBalancer"
2626 loadBalancerIP: "1.3.4.5"
2627 ports: [{
2628 name: "http"
2629 port: 80
2630 protocol: "TCP"
2631 targetPort: 80
2632 }, {
2633 name: "https"
2634 port: 443
2635 protocol: "TCP"
2636 targetPort: 443
2637 }]
2638 selector: {
2639 app: "nginx"
2640 domain: "prod"
2641 component: "proxy"
2642 }
2643 }
2644 metadata: {
2645 name: "nginx"
2646 labels: {
2647 app: "nginx"
2648 domain: "prod"
2649 component: "proxy"
2650 }
2651 }
2652 kind: "Service"
2653 apiVersion: "v1"
2654 }
2655}
2656deployment: {
2657 nginx: {
2658 spec: {
2659 replicas: 1
2660 selector: {}
2661 template: {
2662 metadata: {
2663 labels: {
2664 app: "nginx"
2665 domain: "prod"
2666 component: "proxy"
2667 }
2668 }
2669 spec: {
2670 volumes: [{
2671 name: "secret-volume"
2672 secret: {
2673 secretName: "proxy-secrets"
2674 }
2675 }, {
2676 name: "config-volume"
2677 configMap: {
2678 name: "nginx"
2679 }
2680 }]
2681 containers: [{
2682 name: "nginx"
2683 image: "nginx:1.11.10-alpine"
2684 ports: [{
2685 containerPort: 80
2686 }, {
2687 containerPort: 443
2688 }]
2689 volumeMounts: [{
2690 mountPath: "/etc/ssl"
2691 name: "secret-volume"
2692 }, {
2693 name: "config-volume"
2694 mountPath: "/etc/nginx/nginx.conf"
2695 subPath: "nginx.conf"
2696 }]
2697 }]
2698 }
2699 }
2700 }
2701 metadata: {
2702 name: "nginx"
2703 labels: {
2704 component: "proxy"
2705 }
2706 }
2707 kind: "Deployment"
2708 apiVersion: "apps/v1"
2709 }
2710}
2711#Component: "proxy"
2712daemonSet: {}
2713statefulSet: {}
2714configMap: {
2715 nginx: {
2716 apiVersion: "v1"
2717 kind: "ConfigMap"
2718 data: {
2719 "nginx.conf": """
2720 events {
2721 worker_connections 768;
2722 }
2723 http {
2724 sendfile on;
2725 tcp_nopush on;
2726 tcp_nodelay on;
2727 # needs to be high for some download jobs.
2728 keepalive_timeout 400;
2729 # proxy_connect_timeout 300;
2730 proxy_send_timeout 300;
2731 proxy_read_timeout 300;
2732 send_timeout 300;
2733
2734 types_hash_max_size 2048;
2735
2736 include /etc/nginx/mime.types;
2737 default_type application/octet-stream;
2738
2739 access_log /dev/stdout;
2740 error_log /dev/stdout;
2741
2742 # Disable POST body size constraints. We often deal with large
2743 # files. Especially docker containers may be large.
2744 client_max_body_size 0;
2745
2746 upstream goget {
2747 server localhost:7070;
2748 }
2749
2750 # Redirect incoming Google Cloud Storage notifications:
2751 server {
2752 listen 443 ssl;
2753 server_name notify.example.com notify2.example.com;
2754
2755 ssl_certificate /etc/ssl/server.crt;
2756 ssl_certificate_key /etc/ssl/server.key;
2757
2758 # Security enhancements to deal with poodles and the like.
2759 # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
2760 # ssl_ciphers 'AES256+EECDH:AES256+EDH';
2761 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
2762
2763 # We don't like poodles.
2764 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
2765 ssl_session_cache shared:SSL:10m;
2766
2767 # Enable Forward secrecy.
2768 ssl_dhparam /etc/ssl/dhparam.pem;
2769 ssl_prefer_server_ciphers on;
2770
2771 # Enable HTST.
2772 add_header Strict-Transport-Security max-age=1209600;
2773
2774 # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
2775 chunked_transfer_encoding on;
2776
2777 location / {
2778 proxy_pass http://tasks:7080;
2779 proxy_connect_timeout 1;
2780 }
2781 }
2782
2783 server {
2784 listen 80;
2785 listen 443 ssl;
2786 server_name x.example.com example.io;
2787
2788 location ~ "(/[^/]+)(/.*)?" {
2789 set $myhost $host;
2790 if ($arg_go-get = "1") {
2791 set $myhost "goget";
2792 }
2793 proxy_pass http://$myhost$1;
2794 proxy_set_header Host $host;
2795 proxy_set_header X-Real-IP $remote_addr;
2796 proxy_set_header X-Scheme $scheme;
2797 proxy_connect_timeout 1;
2798 }
2799
2800 location / {
2801 set $myhost $host;
2802 if ($arg_go-get = "1") {
2803 set $myhost "goget";
2804 }
2805 proxy_pass http://$myhost;
2806 proxy_set_header Host $host;
2807 proxy_set_header X-Real-IP $remote_addr;
2808 proxy_set_header X-Scheme $scheme;
2809 proxy_connect_timeout 1;
2810 }
2811 }
2812
2813 server {
2814 listen 80;
2815 server_name www.example.com w.example.com;
2816
2817 resolver 8.8.8.8;
2818
2819 location / {
2820 proxy_set_header X-Forwarded-Host $host;
2821 proxy_set_header X-Forwarded-Server $host;
2822 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
2823 proxy_set_header X-Real-IP $remote_addr;
2824
2825 proxy_pass http://$host.default.example.appspot.com/$request_uri;
2826 proxy_redirect http://$host.default.example.appspot.com/ /;
2827 }
2828 }
2829
2830 server {
2831 # We could add the following line and the connection would still be SSL,
2832 # but it doesn't appear to be necessary. Seems saver this way.
2833 listen 80;
2834 listen 443 default ssl;
2835 server_name ~^(?<sub>.*)\\.example\\.com$;
2836
2837 ssl_certificate /etc/ssl/server.crt;
2838 ssl_certificate_key /etc/ssl/server.key;
2839
2840 # Security enhancements to deal with poodles and the like.
2841 # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
2842 # ssl_ciphers 'AES256+EECDH:AES256+EDH';
2843 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
2844
2845 # We don't like poodles.
2846 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
2847 ssl_session_cache shared:SSL:10m;
2848
2849 # Enable Forward secrecy.
2850 ssl_dhparam /etc/ssl/dhparam.pem;
2851 ssl_prefer_server_ciphers on;
2852
2853 # Enable HTST.
2854 add_header Strict-Transport-Security max-age=1209600;
2855
2856 if ($ssl_protocol = "") {
2857 rewrite ^ https://$host$request_uri? permanent;
2858 }
2859
2860 # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
2861 chunked_transfer_encoding on;
2862
2863 location / {
2864 proxy_pass http://authproxy:4180;
2865 proxy_set_header Host $host;
2866 proxy_set_header X-Real-IP $remote_addr;
2867 proxy_set_header X-Scheme $scheme;
2868 proxy_connect_timeout 1;
2869 }
2870 }
2871 }
2872 """
2873 }
2874 metadata: {
2875 name: "nginx"
2876 labels: {
2877 component: "proxy"
2878 }
2879 }
2880 }
2881}View as plain text