1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: ctlfish
5spec:
6 replicas: 1
7 selector:
8 matchLabels:
9 platform.edge.ncr.com/component: ctlfish
10 template:
11 metadata:
12 labels:
13 platform.edge.ncr.com/component: ctlfish
14 spec:
15 serviceAccountName: ctlfish
16 priorityClassName: edge-p4-operability-services
17 containers:
18 - name: ctlfish
19 image: bzl://cmd/edge/ctlfish:container_push
20 ports:
21 - name: http-metrics
22 containerPort: 5001
23 envFrom:
24 - secretRef:
25 name: ldkey
26 resources:
27 limits:
28 cpu: "500m"
29 memory: "512Mi"
30 requests:
31 cpu: "10m"
32 memory: "256Mi"
33 volumeMounts:
34 - name: config-volume
35 mountPath: /opt
36 imagePullPolicy: IfNotPresent
37 volumes:
38 - name: config-volume
39 configMap:
40 name: ctlfish-config
41 affinity:
42 nodeAffinity:
43 preferredDuringSchedulingIgnoredDuringExecution:
44 - preference:
45 matchExpressions:
46 - key: node.ncr.com/class
47 operator: In
48 values:
49 - server
50 weight: 100
51---
52apiVersion: v1
53kind: ServiceAccount
54metadata:
55 name: ctlfish
56imagePullSecrets:
57- name: edge-docker-pull-secret
58---
59apiVersion: policy.linkerd.io/v1beta1
60kind: Server
61metadata:
62 name: http-metrics
63spec:
64 port: http-metrics
65 podSelector:
66 matchLabels:
67 platform.edge.ncr.com/component: ctlfish
68 proxyProtocol: HTTP/1
69---
70apiVersion: policy.linkerd.io/v1beta1
71kind: ServerAuthorization
72metadata:
73 name: http-metrics-auth
74spec:
75 client:
76 meshTLS:
77 serviceAccounts:
78 - name: prometheus
79 namespace: prometheus
80 server:
81 name: http-metrics
82---
83apiVersion: v1
84kind: Service
85metadata:
86 name: ctlfish-service
87spec:
88 selector:
89 platform.edge.ncr.com/component: ctlfish
90 ports:
91 - name: metrics
92 port: 8080
93 targetPort: 5001
94 clusterIP: None
95---
96apiVersion: monitoring.coreos.com/v1
97kind: ServiceMonitor
98metadata:
99 name: ctlfish-monitoring
100 annotations:
101 monitoring.edge.ncr.com/allowed-metrics: |
102 ctlfish_resource_creations
103 ctlfish_resource_deletions
104 ctlfish_resource_updates
105spec:
106 selector:
107 matchLabels:
108 platform.edge.ncr.com/component: ctlfish
109 endpoints:
110 - port: metrics
111---
112apiVersion: v1
113kind: Namespace
114metadata:
115 name: ctlfish
116 labels:
117 workload.edge.ncr.com: 'platform'
118---
119apiVersion: rbac.authorization.k8s.io/v1
120kind: ClusterRole
121metadata:
122 name: metrics-admin
123rules:
124- resources:
125 - "*"
126 apiGroups:
127 - "*"
128 verbs:
129 - "*"
130---
131apiVersion: rbac.authorization.k8s.io/v1
132kind: ClusterRoleBinding
133metadata:
134 name: metrics-admins
135roleRef:
136 name: metrics-admin
137 kind: ClusterRole
138 apiGroup: rbac.authorization.k8s.io
139subjects:
140- name: ctlfish
141 namespace: ctlfish
142 kind: ServiceAccount
143---
144apiVersion: external-secrets.io/v1beta1
145kind: ExternalSecret
146metadata:
147 name: ldkey
148spec:
149 data:
150 - remoteRef:
151 key: edge-backend-launch-darkly-sdk-key
152 secretKey: LD_KEY
153 refreshInterval: 1m
154 secretStoreRef:
155 name: gcp-provider
156 kind: ClusterSecretStore
157 target:
158 name: ldkey
159 creationPolicy: Owner
160---
161apiVersion: iam.cnrm.cloud.google.com/v1beta1
162kind: IAMPolicyMember
163metadata:
164 name: essa-edge-backend-launch-darkly-sdk-key
165spec:
166 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
167 resourceRef:
168 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
169 kind: SecretManagerSecret
170 external: projects/${gcp_project_id}/secrets/edge-backend-launch-darkly-sdk-key
171 role: roles/secretmanager.secretAccessor
View as plain text