This repository has been archived by the owner on Mar 22, 2023. It is now read-only.
/
config-k8s.edn
82 lines (66 loc) · 4.2 KB
/
config-k8s.edn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
{
; ---------- Cluster ----------
:waiter-principal "waiter@example.com"
:zookeeper {;; Use an in-process ZK (not for production use):
:connect-string :in-process}
; ---------- Metrics - Internal ----------
:metrics-config {
:codahale-reporters {
:graphite {
:factory-fn waiter.reporter/graphite-reporter
:filter-regex #config/regex "^jvm.*|^waiter.*"
:host "localhost"
:period-ms 6000
:pickled? true
:prefix "waiter-internal"
:port #config/env-int "GRAPHITE_SERVER_PORT"}}}
; ---------- Network ----------
;; Set the bind address to a specific IP:
:host "127.0.0.1"
;; Set the port:
:port #config/env-int "WAITER_PORT"
; ---------- Security ----------
:authenticator-config {:jwt {:http-options {:conn-timeout 10000
:socket-timeout 10000
:spnego-auth false}
:issuer "test.com"
:jwks-url #config/env "JWKS_SERVER_URL"
:oidc-authorize-uri #config/env "OIDC_AUTHORIZE_URL"
:oidc-token-uri #config/env "OIDC_TOKEN_URL"
:subject-key :sub
:supported-algorithms #{:eddsa :rs256}
:token-type "JWT"
:update-interval-ms 60000}
:kind :one-user
:one-user {;; The user account used to launch services:
:run-as-user #config/env "WAITER_AUTH_RUN_AS_USER"}}
; ---------- Scheduling ----------
:scheduler-config {:kind :kubernetes
:kubernetes {:authenticate-health-checks? true
:authorizer {:kind :sanity-check
:sanity-check {:factory-fn waiter.authorization/sanity-check-authorizer}}
:container-running-grace-secs 90
:fileserver {:port 591}
:log-bucket-sync-secs 5
:log-bucket-url #config/env-default ["WAITER_S3_BUCKET" nil]
:pod-sigkill-delay-secs 1
:replicaset-spec-builder {:default-container-image "twosigma/waiter-test-apps"
:default-namespace "waiter"
:image-aliases {"alias/integration" "twosigma/integration"}}
:restart-expiry-threshold 2
:restart-kill-threshold 8
:raven-sidecar {:cmd ["/opt/waiter/raven/bin/raven-start"]
:image "twosigma/waiter-raven"
:env-vars {:flags ["RAVEN_ENABLED"]
:tls-flags ["RAVEN_FORCE_INGRESS_TLS"]}
;; default to Raven with strict tls (always on) in raven downstream
;; for opt-out (no strict tls), use waiter.scheduler.kubernetes/raven-sidecar-opt-out?
;; for opt-in, use waiter.scheduler.kubernetes/raven-sidecar-opt-out?
:predicate-fn waiter.scheduler.kubernetes/raven-sidecar-strict-tls-opt-out?
:resources {:cpu 0.1 :mem 256}}
:url "http://localhost:8001"}}
; ---------- Error Handling ----------
:deployment-error-config {:min-hosts 1}
:scheduler-gc-config {:broken-service-min-hosts 1}
; ---------- CORS ----------
:cors-config {:kind :allow-all}}