-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathneubot.jsonnet
92 lines (89 loc) · 2.54 KB
/
neubot.jsonnet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
local datatypes = ['dash'];
local exp = import '../templates.jsonnet';
local expName = 'neubot';
local services = [
'neubot/dash=https:///negotiate/dash',
];
// List of ports that need to be opened in the pod network namespace.
local ports = ['80/TCP', '443/TCP'];
[
exp.Experiment(expName, 10, 'pusher-' + std.extVar('PROJECT_ID'), "none", datatypes, []) + {
spec+: {
template+: {
metadata+: {
annotations+: {
"secret.reloader.stakater.com/reload": "measurement-lab-org-tls",
},
},
spec+: {
serviceAccountName: 'heartbeat-experiment',
containers+: [
{
name: 'dash',
image: 'measurementlab/dash:v0.4.3',
args: [
'-datadir=/var/spool/' + expName,
'-prometheusx.listen-address=$(PRIVATE_IP):9990',
'-http-listen-address=:80',
'-https-listen-address=:443',
'-tls-cert=/certs/tls.crt',
'-tls-key=/certs/tls.key',
],
env: [
{
name: 'PRIVATE_IP',
valueFrom: {
fieldRef: {
fieldPath: 'status.podIP',
},
},
},
],
securityContext: {
capabilities: {
drop: [
'all',
],
},
},
volumeMounts: [
{
mountPath: '/certs',
name: 'measurement-lab-org-tls',
readOnly: true,
},
] + [
exp.VolumeMount(expName + '/' + d) for d in datatypes
],
ports: [
{
containerPort: 9990,
},
],
livenessProbe+: {
httpGet: {
path: '/metrics',
port: 9990,
},
initialDelaySeconds: 5,
periodSeconds: 30,
},
},
] + std.flattenArrays([
exp.Heartbeat(expName, false, services),
]),
volumes+: [
{
name: 'measurement-lab-org-tls',
secret: {
secretName: 'measurement-lab-org-tls',
},
},
exp.Metadata.volume,
],
},
},
},
},
exp.MultiNetworkPolicy(expName, 10, ports),
]