-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathwebcache.jsonnet
128 lines (124 loc) · 4.17 KB
/
webcache.jsonnet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
local kube = import "kube.libsonnet";
local utils = import "utils.libsonnet";
{
namespace:: {metadata+: {namespace: "webcache"}},
ns: kube.Namespace($.namespace.metadata.namespace),
svc: kube.Service("proxy") + $.namespace {
target_pod: $.deploy.spec.template,
port: 80,
spec+: {
type: "LoadBalancer",
ports: [
{ name: "proxy", port: 80, targetPort: "proxy" }, // moving to this
{ name: "squid", port: 3128, targetPort: "proxy" }, // deprecated
],
},
},
config: utils.HashedConfigMap("squid") + $.namespace {
data: {
"squid.conf": |||
acl localnet src 192.168.0.0/16
acl localnet src 10.0.0.0/8
acl localnet src fc00::/7
acl localnet src fe80::/10
acl localnet src 2001:44b8:3185:9c00::/56 # my IPv6 subnet
http_access allow localhost manager
http_access deny manager
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
maximum_object_size 300 MB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern \.u?deb$ 0 100% 129600
refresh_pattern \/(Packages|Sources)(\.(bz2|gz|xz))?$ 0 0% 0 refresh-ims
refresh_pattern \/Release(\.gpg)?$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(\.(bz2|gz|xz))?$ 0 0% 0 refresh-ims
|||,
},
},
deploy: kube.Deployment("squid") + $.namespace {
spec+: {
template+: {
metadata+: {
annotations+: {
"prometheus.io/scrape": "true",
"prometheus.io/port": "9301",
"prometheus.io/path": "/metrics",
},
},
spec+: {
nodeSelector+: utils.archSelector("amd64"),
automountServiceAccountToken: false,
volumes_+: {
data: kube.EmptyDirVolume(), // NB: non-persistent cache
conf: kube.ConfigMapVolume($.config),
},
default_container: "squid",
containers_+: {
squid: kube.Container("squid") {
image: "sameersbn/squid:3.5.27", // renovate
ports_+: {
proxy: {containerPort: 3128},
},
volumeMounts_+: {
conf: {mountPath: "/etc/squid", readOnly: true},
data: {mountPath: "/var/spool/squid"},
},
readinessProbe: {
tcpSocket: {port: "proxy"},
timeoutSeconds: 10,
successThreshold: 1,
periodSeconds: 10,
},
livenessProbe: self.readinessProbe {
failureThreshold: 3,
},
startupProbe: self.livenessProbe {
failureThreshold: std.ceil(300 / self.periodSeconds),
},
resources+: {
requests: {
cpu: "10m",
memory: "280Mi",
"ephemeral-storage": "10Gi",
},
},
},
metrics: kube.Container("squid-exporter") {
image: "boynux/squid-exporter:v1.9", // renovate
args_+: {
listen: ":9301",
},
ports_+: {
metrics: {containerPort: 9301},
},
readinessProbe: {
httpGet: {path: "/", port: "metrics"},
periodSeconds: 30,
timeoutSeconds: 10,
},
livenessProbe: self.readinessProbe {
failureThreshold: 3,
},
startupProbe: self.livenessProbe {
failureThreshold: std.ceil(300 / self.periodSeconds),
},
resources+: {
requests: {
cpu: "10m",
memory: "20Mi",
},
},
},
},
},
},
},
},
}