# Copyright 2019 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: ledgerwriter spec: selector: matchLabels: app: ledgerwriter template: metadata: labels: app: ledgerwriter spec: serviceAccountName: boa-ksa terminationGracePeriodSeconds: 5 containers: - name: ledgerwriter image: gcr.io/bank-of-anthos-ci/ledgerwriter:v0.5.11@sha256:35a610bba642516bc5deee963f76ac013c791a1be08c3a50d5cc839a69f13a19 volumeMounts: - name: publickey mountPath: "/root/.ssh" readOnly: true env: - name: VERSION value: "v0.5.11" - name: PORT value: "8080" - name: ENABLE_TRACING value: "true" - name: ENABLE_METRICS value: "true" # tell Java to obey container memory limits - name: JVM_OPTS value: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap" # service level override of log level - name: LOG_LEVEL value: "info" - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace envFrom: - configMapRef: name: environment-config - configMapRef: name: service-api-config # add ledger-db credentials from ConfigMap - configMapRef: name: ledger-db-config resources: requests: cpu: 100m memory: 512Mi limits: cpu: 500m memory: 1Gi readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 60 periodSeconds: 5 timeoutSeconds: 10 - name: cloudsql-proxy resources: limits: cpu: "200m" memory: "100Mi" image: gcr.io/cloudsql-docker/gce-proxy:1.33.12@sha256:89530a19852370b176e91cfef02a24646019fcbffc7a5332cf2c9423bd5e910f env: - name: CONNECTION_NAME valueFrom: secretKeyRef: name: cloud-sql-admin key: connectionName command: ["/cloud_sql_proxy", "-instances=$(CONNECTION_NAME)=tcp:5432"] securityContext: runAsNonRoot: true volumes: - name: publickey secret: secretName: jwt-key items: - key: jwtRS256.key.pub path: publickey --- apiVersion: v1 kind: Service metadata: name: ledgerwriter spec: type: ClusterIP selector: app: ledgerwriter ports: - name: http port: 8080 targetPort: 8080