apiVersion: apps/v1 kind: Deployment metadata: name: vqa-c-plane labels: run: app spec: replicas: 3 # To test availability, set the number of pod to '3' selector: matchLabels: run: app strategy: type: RollingUpdate rollingUpdate: maxSurge: 25% maxUnavailable: 25% template: metadata: labels: run: app annotations: prometheus.io/port: "9102" prometheus.io/scrape: "true" spec: # Below setting enables pods deploy to multi-AZs evenly. affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: # A user should specify a node hostname where you want to deploy pods - vqa-peter-test-vbsnodepl-jjfxj containers: - name: vqa-test-node image: vcr-platform.linecorp.com/vqa/vqa-test-node:peter securityContext: runAsUser: 0 allowPrivilegeEscalation: true imagePullPolicy: Always ports: - containerPort: 10345 resources: limits: memory: "128Mi" cpu: "500m" volumeMounts: - name: pv-for-log mountPath: /var/log - name: verda-common-proxy image: vcr-platform.linecorp.com/vks/verda-common-proxy:latest ports: - containerPort: 9102 protocol: TCP resources: limits: memory: "128Mi" cpu: "500m" volumeMounts: - name: config mountPath: /app/configs/config.yml subPath: config.yml - name: auditlog-volume mountPath: /var/tmp/ - name: fluentd image: harbor.linecorp.com/vks/fluentd-kubernetes-daemonset:latest imagePullPolicy: Always env: - name: FLUENTD_CONF value: fluentd.conf - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name volumeMounts: - name: fluentd-config mountPath: /fluentd/etc - name: auditlog-volume mountPath: /var/tmp/ initContainers: - name: init-container image: vcr-platform.linecorp.com/vks/init-container:latest args: - "80" # redirect from application port - "8080" # to proxy port securityContext: capabilities: add: - NET_ADMIN volumes: - name: config configMap: name: verda-common-proxy-config - name: fluentd-config configMap: name: fluentd-config - name: auditlog-volume emptyDir: {} - name: pv-for-log persistentVolumeClaim: claimName: ssd-auto-vbs --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: ssd-auto-vbs spec: accessModes: - ReadWriteOnce # VBS based PV only supports ReadWriteOnce resources: requests: storage: 10Gi # size must be multiple of 10Gi storageClassName: "ssd-auto" # provisioned to nova AZ --- apiVersion: v1 kind: ConfigMap metadata: name: verda-common-proxy-config data: config.yml: |- # config example server: listenPort: "8080" # proxy port forwardURL: "http://localhost:3000" # app host:port loglevel: "debug" # debug, info, warn, error metricsPort: "9102" # matches routes to pipeline routes: - path: "/v1/" methods: pipeline: vks-gw-api - path: "/k8s" methods: pipeline: k8s # matches pipeline to sequence of middlewares pipelines: vks-gw-api: - init - logging - auditlog - keystone - headers k8s: - init - logging public: - init - logging # contains configs for middleswares middlewares: keystone: endpoint: "https://verda-masterdev-api.linecorp.com:5000/v3" headers: renameHeaders: X-RenameFrom: "X-RenameTo" auditlog: auditLogFilepath: "/var/tmp/auditlog.log" auditLogMethodsWhitelist: - POST - PUT - PATCH - DELETE auditLogMaskedRequestHeaders: - Authorization - X-Auth-Token auditLogMaskedResponseHeaders: - X-Subject-Token auditLogMaskedRequestBodyKeys: - token auditLogMaskedResponseBodyKeys: - password --- apiVersion: v1 kind: ConfigMap metadata: name: fluentd-config data: fluentd.conf: |- @type tail path /var/tmp/auditlog.log pos_file /var/tmp/auditlog.pos time_format %Y-%m-%dT%H:%M:%S.%L tag auditlog format json @type elasticsearch host auditlog-api-vksmansur.line-ves-dev.com port 12000 user auditlog-1 password 3B4lb2xHdMWwq1AU scheme https ssl_verify false ssl_version TLSv1_2 logstash_format true reload_connections false reconnect_on_error true reload_on_failure true @type file path /var/log/fluentd-es.buffer flush_at_shutdown true flush_mode interval flush_interval 60s chunk_limit_size 10MB chunk_limit_records 10000 flatten_hashes true flatten_hashes_separator _ @log_level debug --- apiVersion: v1 kind: Service metadata: name: metrics-service spec: type: NodePort selector: run: app ports: - name: "metrics" port: 5080 targetPort: 9102 --- apiVersion: v1 kind: Service metadata: name: vqa-test-node-service spec: type: NodePort selector: run: app ports: - name: "vqa-test-node" targetPort: 10345 port: 7080 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: vqa-test-node-ingress spec: ingressClassName: fabriclb tls: - hosts: - vqa-test-node-vbs.vqa-fabriclb.line-apps.com rules: - host: vqa-test-node-vbs.vqa-fabriclb.line-apps.com # You should customize this hostname http: paths: - path: /metrics pathType: Prefix backend: service: name: metrics-service port: name: "metrics" - path: / pathType: Prefix backend: service: name: vqa-test-node-service port: name: "vqa-test-node"