| --- |
| apiVersion: cert-manager.io/v1alpha2 |
| kind: Certificate |
| metadata: |
| name: zookeeper-client |
| namespace: zuul |
| spec: |
| keyEncoding: pkcs8 |
| secretName: zookeeper-client-tls |
| commonName: client |
| usages: |
| - digital signature |
| - key encipherment |
| - server auth |
| - client auth |
| issuerRef: |
| name: ca-issuer |
| kind: ClusterIssuer |
| --- |
| apiVersion: cloud.google.com/v1beta1 |
| kind: BackendConfig |
| metadata: |
| namespace: zuul |
| name: zuul-web-backendconfig |
| spec: |
| timeoutSec: 3600 |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| namespace: zuul |
| name: zuul-executor |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-executor |
| spec: |
| type: ClusterIP |
| clusterIP: None |
| ports: |
| - name: logs |
| port: 7900 |
| protocol: TCP |
| targetPort: logs |
| selector: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-executor |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| namespace: zuul |
| name: zuul-gearman |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-scheduler |
| spec: |
| type: ClusterIP |
| ports: |
| - name: gearman |
| port: 4730 |
| protocol: TCP |
| targetPort: gearman |
| selector: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-scheduler |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| namespace: zuul |
| name: zuul-web |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-web |
| annotations: |
| beta.cloud.google.com/backend-config: '{"ports": {"9000":"zuul-web-backendconfig"}}' |
| spec: |
| type: NodePort |
| ports: |
| - name: zuul-web |
| port: 9000 |
| protocol: TCP |
| targetPort: zuul-web |
| selector: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-web |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| namespace: zuul |
| name: zuul-merger |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-merger |
| spec: |
| replicas: 0 |
| selector: |
| matchLabels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-merger |
| template: |
| metadata: |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-merger |
| spec: |
| containers: |
| - name: merger |
| image: zuul/zuul-merger:latest |
| args: |
| - /usr/local/bin/zuul-merger |
| - -d |
| volumeMounts: |
| - name: zuul-config |
| mountPath: /etc/zuul |
| - name: zookeeper-client-tls |
| mountPath: /tls/client |
| readOnly: true |
| volumes: |
| - name: zuul-config |
| secret: |
| secretName: zuul-config |
| - name: zookeeper-client-tls |
| secret: |
| secretName: zookeeper-client-tls |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| namespace: zuul |
| name: zuul-web |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-web |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-web |
| template: |
| metadata: |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-web |
| spec: |
| containers: |
| - name: web |
| image: zuul/zuul-web:latest |
| args: |
| - /usr/local/bin/zuul-web |
| - -d |
| ports: |
| - name: zuul-web |
| containerPort: 9000 |
| volumeMounts: |
| - name: zuul-config |
| mountPath: /etc/zuul |
| - name: zookeeper-client-tls |
| mountPath: /tls/client |
| readOnly: true |
| volumes: |
| - name: zuul-config |
| secret: |
| secretName: zuul-config |
| - name: zookeeper-client-tls |
| secret: |
| secretName: zookeeper-client-tls |
| --- |
| apiVersion: apps/v1 |
| kind: StatefulSet |
| metadata: |
| namespace: zuul |
| name: zuul-executor |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-executor |
| spec: |
| serviceName: zuul-executor |
| replicas: 1 |
| selector: |
| matchLabels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-executor |
| template: |
| metadata: |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-executor |
| spec: |
| securityContext: |
| runAsUser: 10001 |
| runAsGroup: 10001 |
| containers: |
| - name: executor |
| image: zuul/zuul-executor:latest |
| args: |
| - /usr/local/bin/zuul-executor |
| - -d |
| ports: |
| - name: logs |
| containerPort: 7900 |
| volumeMounts: |
| - name: zuul-config |
| mountPath: /etc/zuul |
| - name: authdaemon |
| mountPath: /authdaemon |
| - name: zuul-var |
| mountPath: /var/lib/zuul |
| - name: nodepool-private-key |
| mountPath: /var/lib/zuul/ssh |
| - name: zookeeper-client-tls |
| mountPath: /tls/client |
| readOnly: true |
| securityContext: |
| privileged: true |
| volumes: |
| - name: zuul-var |
| emptyDir: {} |
| - name: zuul-config |
| secret: |
| secretName: zuul-config |
| - name: authdaemon |
| hostPath: |
| path: /var/authdaemon/executor |
| type: DirectoryOrCreate |
| - name: nodepool-private-key |
| secret: |
| secretName: nodepool-private-key |
| - name: zookeeper-client-tls |
| secret: |
| secretName: zookeeper-client-tls |
| --- |
| apiVersion: apps/v1 |
| kind: StatefulSet |
| metadata: |
| namespace: zuul |
| name: zuul-scheduler |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-scheduler |
| spec: |
| replicas: 1 |
| serviceName: zuul-scheduler |
| selector: |
| matchLabels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-scheduler |
| template: |
| metadata: |
| labels: |
| app.kubernetes.io/name: zuul |
| app.kubernetes.io/instance: zuul |
| app.kubernetes.io/part-of: zuul |
| app.kubernetes.io/component: zuul-scheduler |
| spec: |
| containers: |
| - name: scheduler |
| image: zuul/zuul-scheduler:latest |
| args: |
| - /usr/local/bin/zuul-scheduler |
| - -d |
| ports: |
| - name: gearman |
| containerPort: 4730 |
| volumeMounts: |
| - name: zuul-config |
| mountPath: /etc/zuul |
| - name: zuul-tenant-config |
| mountPath: /etc/zuul/tenant |
| - name: zuul-scheduler |
| mountPath: /var/lib/zuul |
| - name: zookeeper-client-tls |
| mountPath: /tls/client |
| readOnly: true |
| volumes: |
| - name: zuul-config |
| secret: |
| secretName: zuul-config |
| - name: zuul-tenant-config |
| secret: |
| secretName: zuul-tenant-config |
| - name: zookeeper-client-tls |
| secret: |
| secretName: zookeeper-client-tls |
| serviceAccountName: zuul |
| volumeClaimTemplates: |
| - metadata: |
| name: zuul-scheduler |
| spec: |
| accessModes: |
| - ReadWriteOnce |
| resources: |
| requests: |
| storage: 80Gi |
| --- |
| apiVersion: networking.gke.io/v1beta1 |
| kind: ManagedCertificate |
| metadata: |
| name: ci-gerritcodereview-com |
| namespace: zuul |
| spec: |
| domains: |
| - ci.gerritcodereview.com |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Ingress |
| metadata: |
| name: zuul-web |
| namespace: zuul |
| annotations: |
| kubernetes.io/ingress.global-static-ip-name: "zuul-static-ip" |
| networking.gke.io/managed-certificates: "ci-gerritcodereview-com" |
| spec: |
| rules: |
| - host: ci.gerritcodereview.com |
| http: |
| paths: |
| - backend: |
| serviceName: zuul-web |
| servicePort: 9000 |
| path: /* |