-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
Copy pathactivator.yaml
162 lines (153 loc) · 4.67 KB
/
activator.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: activator
namespace: knative-serving
labels:
app.kubernetes.io/component: activator
app.kubernetes.io/version: devel
app.kubernetes.io/name: knative-serving
spec:
selector:
matchLabels:
app: activator
role: activator
template:
metadata:
labels:
app: activator
role: activator
app.kubernetes.io/component: activator
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: devel
spec:
# To avoid node becoming SPOF, spread our replicas to different nodes.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: activator
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: activator
containers:
- name: activator
# This is the Go import path for the binary that is containerized
# and substituted here.
image: ko://knative.dev/serving/cmd/activator
# The numbers are based on performance test results from
# https://github.com/knative/serving/issues/1625#issuecomment-511930023
resources:
requests:
cpu: 300m
memory: 60Mi
limits:
cpu: 1000m
memory: 600Mi
env:
# Run Activator with GC collection when newly generated memory is 500%.
- name: GOGC
value: "500"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONFIG_LOGGING_NAME
value: config-logging
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability
# TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
- name: METRICS_DOMAIN
value: knative.dev/internal/serving
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
ports:
- name: metrics
containerPort: 9090
- name: profiling
containerPort: 8008
- name: http1
containerPort: 8012
- name: h2c
containerPort: 8013
readinessProbe:
httpGet:
port: 8012
periodSeconds: 5
failureThreshold: 5
livenessProbe:
httpGet:
port: 8012
periodSeconds: 10
failureThreshold: 12
initialDelaySeconds: 15
# The activator (often) sits on the dataplane, and may proxy long (e.g.
# streaming, websockets) requests. We give a long grace period for the
# activator to "lame duck" and drain outstanding requests before we
# forcibly terminate the pod (and outstanding connections). This value
# should be at least as large as the upper bound on the Revision's
# timeoutSeconds property to avoid servicing events disrupting
# connections.
terminationGracePeriodSeconds: 600
---
apiVersion: v1
kind: Service
metadata:
name: activator-service
namespace: knative-serving
labels:
app: activator
app.kubernetes.io/component: activator
app.kubernetes.io/version: devel
app.kubernetes.io/name: knative-serving
spec:
selector:
app: activator
ports:
# Define metrics and profiling for them to be accessible within service meshes.
- name: http-metrics
port: 9090
targetPort: 9090
- name: http-profiling
port: 8008
targetPort: 8008
- name: http
port: 80
targetPort: 8012
- name: http2
port: 81
targetPort: 8013
- name: https
port: 443
targetPort: 8112
type: ClusterIP