Skip to content
This repository was archived by the owner on Oct 11, 2024. It is now read-only.

Monitor: kubernets config and deploy script #787

Closed
liamsi wants to merge 1 commit into from
Closed

Monitor: kubernets config and deploy script #787

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 56 additions & 1 deletion deploy/kubernetes/keytransparency-deployment.yml.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,4 +155,59 @@ spec:
imagePullPolicy: Always
ports:
- containerPort: 9090
name: prometheus
name: prometheus

---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: kt-monitor
spec:
strategy:
type: Recreate
template:
metadata:
labels:
run: kt-monitor
spec:
volumes:
- name: secrets-volume
secret:
secretName: kt-monitor-secrets
containers:
- name: kt-monitor
image: us.gcr.io/key-transparency/keytransparency-monitor
imagePullPolicy: Always
volumeMounts:
- name: secrets-volume
readOnly: true
mountPath: "/secrets"
ports:
- containerPort: 8080
name: json-grpc
args: ["--addr=0.0.0.0:8099",
"--kt-url=kt-server:8080",
# TODO(ismail): generate TLS key-pairs for the monitor:
"--tls-key=/secrets/server.key",
"--tls-cert=/secrets/server.crt",
"--poll-period=5s",
"--sign-key=/secrets/monitor_sign-key.pem",
"--password=towel",
"--alsologtostderr",
"--v=3"]
---
apiVersion: v1
kind: Service
metadata:
name: kt-monitor
labels:
run: kt-monitor
spec:
type: NodePort
ports:
- port: 8081
targetPort: 8081
name: metrics
selector:
run: kt-monitor
---
6 changes: 5 additions & 1 deletion scripts/deploy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,13 +145,17 @@ function checkCmdsAvailable()

function prepareSecrets()
{
local EXISTS=0
# if kt-secrets does not exist, create it:
kubectl get secret kt-secrets
# kubectl exits with 1 if kt-secret does not exist
if [ $? -ne 0 ]; then
kubectl create secret generic kt-secrets --from-file=genfiles/server.crt --from-file=genfiles/server.key --from-file=genfiles/vrf-key.pem
fi
# if monitor-secrets does not exist, create it, too:
kubectl get secret kt-monitor-secrets
if [ $? -ne 0 ]; then
kubectl create secret generic kt-monitor-secrets --from-file=genfiles/monitor_sign-key.pem
fi
}

# Run everything:
Expand Down