apiVersion: apps/v1 kind: Deployment metadata: namespace: prod name: coordinator-deployment spec: selector: matchLabels: app: coordinator template: metadata: labels: app: coordinator annotations: container.seccomp.security.alpha.kubernetes.io/coordinator: docker/default container.apparmor.security.beta.kubernetes.io/coordinator: runtime/default spec: serviceAccountName: coordinator containers: - name: coordinator image: gcr.io/symbolic-datum-552/coordinator:latest imagePullPolicy: Always command: ["/coordinator", "-listen-http=:80", "-listen-https-autocert=:443", "-autocert-bucket=farmer-golang-org-autocert-cache", "-listen-https-selfsigned=:444"] ports: - containerPort: 80 - containerPort: 443 - containerPort: 444 - containerPort: 2222 # ssh proxy port - containerPort: 8123 # module proxy port (internal, not accessible directly from public) resources: requests: cpu: "4" memory: "6Gi" limits: cpu: "6" memory: "8Gi" --- apiVersion: v1 kind: Service metadata: namespace: prod name: coordinator spec: ports: - port: 80 targetPort: 80 name: http - port: 443 targetPort: 443 name: https - port: 2222 targetPort: 2222 name: ssh selector: app: coordinator type: LoadBalancer loadBalancerIP: 107.178.219.46 externalTrafficPolicy: Local --- apiVersion: v1 kind: Service metadata: namespace: prod name: coordinator-internal-iap annotations: beta.cloud.google.com/backend-config: '{"default": "build-ingress-iap-backend"}' cloud.google.com/neg: '{"ingress": false}' cloud.google.com/app-protocols: '{"https":"HTTP2"}' spec: ports: - port: 444 targetPort: 444 name: https selector: app: coordinator type: NodePort --- apiVersion: v1 kind: Service metadata: namespace: prod name: coordinator-internal annotations: cloud.google.com/neg: '{"ingress": false}' cloud.google.com/app-protocols: '{"https":"HTTP2"}' spec: ports: - port: 444 targetPort: 444 name: https selector: app: coordinator type: NodePort