# Copyright 2019 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- apiVersion: apps/v1 kind: Deployment metadata: name: balancereader spec: selector: matchLabels: app: balancereader template: metadata: labels: app: balancereader spec: serviceAccountName: default terminationGracePeriodSeconds: 5 securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 containers: - name: balancereader securityContext: allowPrivilegeEscalation: false capabilities: drop: - all privileged: false readOnlyRootFilesystem: true image: gcr.io/bank-of-anthos-ci/balancereader:v0.5.11@sha256:4d48c9ab8abe3da595f5f11005045068dcb9068deb42e04c06c9f7b15c96e89b volumeMounts: - name: publickey mountPath: "/tmp/.ssh" readOnly: true - mountPath: /tmp name: tmp env: - name: VERSION value: "v0.5.9" - name: PORT value: "8080" # toggle Cloud Trace export - name: ENABLE_TRACING value: "true" - name: ENABLE_METRICS value: "true" - name: POLL_MS value: "100" - name: CACHE_SIZE value: "1000000" # tell Java to obey container memory limits - name: JVM_OPTS value: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m" # Valid levels are debug, info, warn, error, fatal. # If no valid level is set, will default to info. - name: LOG_LEVEL value: "info" - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace envFrom: - configMapRef: name: environment-config # add ledger-db credentials from ConfigMap - secretRef: name: ledger-db-config resources: requests: cpu: 250m memory: 512Mi ephemeral-storage: 1Gi limits: cpu: 250m memory: 512Mi ephemeral-storage: 1Gi readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 60 periodSeconds: 5 timeoutSeconds: 10 livenessProbe: httpGet: path: /healthy port: 8080 initialDelaySeconds: 120 periodSeconds: 5 timeoutSeconds: 10 startupProbe: httpGet: path: /healthy port: 8080 failureThreshold: 30 periodSeconds: 10 volumes: - name: publickey secret: secretName: jwt-key items: - key: jwtRS256.key.pub path: publickey - emptyDir: {} name: tmp --- apiVersion: v1 kind: Service metadata: name: balancereader spec: type: ClusterIP selector: app: balancereader ports: - name: http port: 8080 targetPort: 8080