1#
2# Copyright 2021 The Sigstore Authors.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16apiVersion: v1
17kind: Namespace
18metadata:
19 name: rekor-system
20 labels:
21 name: rekor-system
22---
23apiVersion: apps/v1
24kind: Deployment
25metadata:
26 namespace: rekor-system
27 name: rekor-server
28 labels:
29 app: rekor-server
30spec:
31 replicas: 3
32 selector:
33 matchLabels:
34 app: rekor-server
35 template:
36 metadata:
37 labels:
38 app: rekor-server
39 annotations:
40 prometheus.io/scrape: "true"
41 prometheus.io/path: /metrics
42 prometheus.io/port: "2112"
43 spec:
44 containers:
45 - name: rekor-server
46 image: ko://github.com/sigstore/rekor/cmd/rekor-server
47 ports:
48 - containerPort: 3000
49 - containerPort: 2112 # metrics
50 args: [
51 "serve",
52 "--trillian_log_server.address=trillian-server",
53 "--trillian_log_server.port=8090",
54 "--rekor_server.address=0.0.0.0",
55 "--redis_server.address=10.234.175.59",
56 "--redis_server.port=6379",
57 "--trillian_log_server.tlog_id=3904496407287907110",
58 "--log_type=prod",
59 "--rekor_server.signer=$(KMS)",
60 "--trillian_log_server.sharding_config=/sharding/sharding-config.yaml",
61 "--enable_attestation_storage=$(ENABLE_ATTESTATION_STORAGE)",
62 "--attestation_storage_bucket=$(ATTESTATION_BUCKET)"
63 ]
64 volumeMounts:
65 - name: sharding-config
66 mountPath: /sharding
67 env:
68 - name: KMS
69 valueFrom:
70 configMapKeyRef:
71 name: rekor-config
72 key: kms
73 - name: ENABLE_ATTESTATION_STORAGE
74 valueFrom:
75 configMapKeyRef:
76 name: rekor-config
77 key: enable_attestation_storage
78 - name: ATTESTATION_BUCKET
79 valueFrom:
80 configMapKeyRef:
81 name: rekor-config
82 key: attestation_bucket
83 resources:
84 requests:
85 memory: "1G"
86 cpu: ".5"
87 securityContext:
88 readOnlyRootFilesystem: true
89 runAsNonRoot: true
90 capabilities:
91 drop:
92 - all
93 volumes:
94 - name: sharding-config
95 configMap:
96 name: sharding-config
97---
98apiVersion: v1
99kind: Service
100metadata:
101 namespace: rekor-system
102 name: rekor-server
103spec:
104 selector:
105 app: rekor-server
106 type: LoadBalancer
107 ports:
108 - protocol: TCP
109 port: 80
110 targetPort: 3000
111---
112apiVersion: v1
113kind: ConfigMap
114metadata:
115 name: sharding-config
116 namespace: rekor-system
117data:
118 sharding-config.yaml: ""
119---
View as plain text