...

Text file src/edge-infra.dev/config/pallets/sds/securedelivery/rekor/generic/trillian/deployment.yaml

Documentation: edge-infra.dev/config/pallets/sds/securedelivery/rekor/generic/trillian

     1apiVersion: apps/v1
     2kind: Deployment
     3metadata:
     4  name: trillian
     5  namespace: rekor
     6spec:
     7  selector:
     8    matchLabels:
     9      app-service: trillian-internal
    10  template:
    11    metadata:
    12      labels:
    13        app-service: trillian-internal
    14    spec:
    15      serviceAccountName: trillian-service-account
    16      initContainers:
    17      - name: create-secret
    18        image: bzl://hack/deps:kubectl_container_push
    19        command:
    20        - "/bin/sh"
    21        - "-c"
    22        args:
    23        - if kubectl get -n rekor secret credentials; then kubectl delete -n rekor secret credentials; fi; kubectl get -n database secret credentials -o yaml | yq '.metadata.namespace = "rekor" | del(.metadata["creationTimestamp", "annotations"])' | kubectl apply -f -
    24      - name: create-table
    25        image: bzl://third_party/k8s/chainguard:sigstore_scaffolding_trillian_createdb_container_push
    26        args:
    27        - --mysql_uri=$(DB_USER):$(DB_PWD)@tcp(db-internal.database:3306)
    28        - --db_name=$(DB_NAME)
    29        env:
    30        - name: DB_NAME
    31          valueFrom:
    32            secretKeyRef:
    33              name: credentials
    34              key: name
    35        - name: DB_USER
    36          valueFrom:
    37            secretKeyRef:
    38              name: credentials
    39              key: user
    40        - name: DB_PWD
    41          valueFrom:
    42            secretKeyRef:
    43              name: credentials
    44              key: password
    45      containers:
    46      - name: server
    47        image: bzl://third_party/k8s/chainguard:trillian_logserver_container_push
    48        args:
    49        - "--mysql_uri=$(DB_USER):$(DB_PWD)@tcp(db-internal.database:3306)/$(DB_NAME)"
    50        - "--logtostderr"
    51        - "--rpc_endpoint=0.0.0.0:8090"
    52        - "--http_endpoint=0.0.0.0:8091"
    53        - "..."
    54        ports:
    55        - name: rpc-server
    56          containerPort: 8090
    57        - name: http-server
    58          containerPort: 8091
    59        env:
    60        - name: DB_NAME
    61          valueFrom:
    62            secretKeyRef:
    63              name: credentials
    64              key: name
    65        - name: DB_USER
    66          valueFrom:
    67            secretKeyRef:
    68              name: credentials
    69              key: user
    70        - name: DB_PWD
    71          valueFrom:
    72            secretKeyRef:
    73              name: credentials
    74              key: password
    75        resources:
    76          limits:
    77            cpu: "100m"
    78            memory: 64Mi
    79          requests:
    80            cpu: "1m"
    81            memory: "8Mi"
    82      - name: signer
    83        image: bzl://third_party/k8s/chainguard:trillian_logsigner_container_push
    84        args:
    85        - "--mysql_uri=$(DB_USER):$(DB_PWD)@tcp(db-internal.database:3306)/$(DB_NAME)"
    86        - "--logtostderr"
    87        - "--rpc_endpoint=0.0.0.0:8190"
    88        - "--http_endpoint=0.0.0.0:8191"
    89        - "--force_master"
    90        - "--batch_size=1000"
    91        - "--sequencer_guard_window=0"
    92        - "--sequencer_interval=200ms"
    93        ports:
    94        - name: rpc-signer
    95          containerPort: 8190
    96        - name: http-signer
    97          containerPort: 8191
    98        env:
    99        - name: DB_NAME
   100          valueFrom:
   101            secretKeyRef:
   102              name: credentials
   103              key: name
   104        - name: DB_USER
   105          valueFrom:
   106            secretKeyRef:
   107              name: credentials
   108              key: user
   109        - name: DB_PWD
   110          valueFrom:
   111            secretKeyRef:
   112              name: credentials
   113              key: password
   114        resources:
   115          limits:
   116            cpu: "100m"
   117            memory: 128Mi
   118          requests:
   119            cpu: "10m"
   120            memory: "16Mi"

View as plain text