1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: trillian
5 namespace: rekor
6spec:
7 selector:
8 matchLabels:
9 app-service: trillian-internal
10 template:
11 metadata:
12 labels:
13 app-service: trillian-internal
14 spec:
15 serviceAccountName: trillian-service-account
16 initContainers:
17 - name: create-secret
18 image: bzl://hack/deps:kubectl_container_push
19 command:
20 - "/bin/sh"
21 - "-c"
22 args:
23 - if kubectl get -n rekor secret credentials; then kubectl delete -n rekor secret credentials; fi; kubectl get -n database secret credentials -o yaml | yq '.metadata.namespace = "rekor" | del(.metadata["creationTimestamp", "annotations"])' | kubectl apply -f -
24 - name: create-table
25 image: bzl://third_party/k8s/chainguard:sigstore_scaffolding_trillian_createdb_container_push
26 args:
27 - --mysql_uri=$(DB_USER):$(DB_PWD)@tcp(db-internal.database:3306)
28 - --db_name=$(DB_NAME)
29 env:
30 - name: DB_NAME
31 valueFrom:
32 secretKeyRef:
33 name: credentials
34 key: name
35 - name: DB_USER
36 valueFrom:
37 secretKeyRef:
38 name: credentials
39 key: user
40 - name: DB_PWD
41 valueFrom:
42 secretKeyRef:
43 name: credentials
44 key: password
45 containers:
46 - name: server
47 image: bzl://third_party/k8s/chainguard:trillian_logserver_container_push
48 args:
49 - "--mysql_uri=$(DB_USER):$(DB_PWD)@tcp(db-internal.database:3306)/$(DB_NAME)"
50 - "--logtostderr"
51 - "--rpc_endpoint=0.0.0.0:8090"
52 - "--http_endpoint=0.0.0.0:8091"
53 - "..."
54 ports:
55 - name: rpc-server
56 containerPort: 8090
57 - name: http-server
58 containerPort: 8091
59 env:
60 - name: DB_NAME
61 valueFrom:
62 secretKeyRef:
63 name: credentials
64 key: name
65 - name: DB_USER
66 valueFrom:
67 secretKeyRef:
68 name: credentials
69 key: user
70 - name: DB_PWD
71 valueFrom:
72 secretKeyRef:
73 name: credentials
74 key: password
75 resources:
76 limits:
77 cpu: "100m"
78 memory: 64Mi
79 requests:
80 cpu: "1m"
81 memory: "8Mi"
82 - name: signer
83 image: bzl://third_party/k8s/chainguard:trillian_logsigner_container_push
84 args:
85 - "--mysql_uri=$(DB_USER):$(DB_PWD)@tcp(db-internal.database:3306)/$(DB_NAME)"
86 - "--logtostderr"
87 - "--rpc_endpoint=0.0.0.0:8190"
88 - "--http_endpoint=0.0.0.0:8191"
89 - "--force_master"
90 - "--batch_size=1000"
91 - "--sequencer_guard_window=0"
92 - "--sequencer_interval=200ms"
93 ports:
94 - name: rpc-signer
95 containerPort: 8190
96 - name: http-signer
97 containerPort: 8191
98 env:
99 - name: DB_NAME
100 valueFrom:
101 secretKeyRef:
102 name: credentials
103 key: name
104 - name: DB_USER
105 valueFrom:
106 secretKeyRef:
107 name: credentials
108 key: user
109 - name: DB_PWD
110 valueFrom:
111 secretKeyRef:
112 name: credentials
113 key: password
114 resources:
115 limits:
116 cpu: "100m"
117 memory: 128Mi
118 requests:
119 cpu: "10m"
120 memory: "16Mi"
View as plain text