96 lines
2.1 KiB
Plaintext
96 lines
2.1 KiB
Plaintext
local resfdeploy = import 'ci/resfdeploy.jsonnet';
|
|
local db = import 'ci/db.jsonnet';
|
|
local kubernetes = import 'ci/kubernetes.jsonnet';
|
|
local temporal = import 'ci/temporal.jsonnet';
|
|
local utils = import 'ci/utils.jsonnet';
|
|
|
|
resfdeploy.new({
|
|
name: 'keykeeper',
|
|
replicas: if kubernetes.prod() then 3 else 1,
|
|
dbname: 'peridot',
|
|
backend: true,
|
|
migrate: true,
|
|
fsUser: 0,
|
|
fsGroup: 0,
|
|
migrate_command: ['/bin/sh'],
|
|
migrate_args: ['-c', 'exit 0'],
|
|
legacyDb: true,
|
|
command: '/bundle/keykeeper',
|
|
image: kubernetes.tag('keykeeper'),
|
|
tag: kubernetes.version,
|
|
service_account_options: {
|
|
annotations: {
|
|
'eks.amazonaws.com/role-arn': 'arn:aws:iam::893168113496:role/peridot_k8s_role',
|
|
}
|
|
},
|
|
dsn: {
|
|
name: 'KEYKEEPER_DATABASE_URL',
|
|
value: db.dsn_legacy('peridot', false, 'keykeeper'),
|
|
},
|
|
requests: if kubernetes.prod() then {
|
|
cpu: '0.25',
|
|
memory: '1G',
|
|
},
|
|
limits: if kubernetes.prod() then {
|
|
cpu: '20',
|
|
memory: '128G',
|
|
},
|
|
ports: [
|
|
{
|
|
name: 'http',
|
|
containerPort: 46002,
|
|
protocol: 'TCP',
|
|
expose: kubernetes.dev(),
|
|
},
|
|
{
|
|
name: 'grpc',
|
|
containerPort: 46003,
|
|
protocol: 'TCP',
|
|
expose: true,
|
|
},
|
|
],
|
|
health: {
|
|
port: 46002,
|
|
},
|
|
volumes(metadata): [
|
|
{
|
|
name: 'urandom',
|
|
path: '/dev/random',
|
|
hostPath: {
|
|
path: '/dev/random',
|
|
},
|
|
}
|
|
],
|
|
env: [
|
|
{
|
|
name: 'KEYKEEPER_PRODUCTION',
|
|
value: if kubernetes.dev() then 'false' else 'true',
|
|
},
|
|
if utils.local_image then {
|
|
name: 'KEYKEEPER_S3_ENDPOINT',
|
|
value: 'minio.default.svc.cluster.local:9000'
|
|
},
|
|
if utils.local_image then {
|
|
name: 'KEYKEEPER_S3_DISABLE_SSL',
|
|
value: 'true'
|
|
},
|
|
if utils.local_image then {
|
|
name: 'KEYKEEPER_S3_FORCE_PATH_STYLE',
|
|
value: 'true'
|
|
},
|
|
{
|
|
name: 'KEYKEEPER_AWSSM_PREFIX',
|
|
value: 'keykeeper_',
|
|
},
|
|
if kubernetes.prod() then {
|
|
name: 'KEYKEEPER_S3_REGION',
|
|
value: 'us-east-2',
|
|
},
|
|
if kubernetes.prod() then {
|
|
name: 'KEYKEEPER_S3_BUCKET',
|
|
value: 'resf-peridot-prod',
|
|
},
|
|
$.dsn,
|
|
] + temporal.kube_env('KEYKEEPER'),
|
|
})
|