configMap: {}
service: {}
deployment: {}
daemonSet: {}
statefulSet: {}
Component :: string
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: string
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: string
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {}
deployment: {}
daemonSet: {}
statefulSet: {}
Component :: "frontend"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "frontend"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "frontend"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    bartender: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "bartender"
            labels: {
                component: "frontend"
                app:       "bartender"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "frontend"
                app:       "bartender"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       7080
                targetPort: 7080
            }]
        }
    }
}
deployment: {
    bartender: {
        Name ::     "bartender"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "bartender"
            labels: {
                component: "frontend"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "frontend"
                        app:       "bartender"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                        "prometheus.io.port":   "7080"
                    }
                }
                spec: {
                    containers: [{
                        name:  "bartender"
                        image: "gcr.io/myproj/bartender:v0.1.34"
                        args: []
                        ports: [{
                            containerPort: 7080
                            _export:       true
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "frontend"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "frontend"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "frontend"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    breaddispatcher: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "breaddispatcher"
            labels: {
                component: "frontend"
                app:       "breaddispatcher"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "frontend"
                app:       "breaddispatcher"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       7080
                targetPort: 7080
            }]
        }
    }
}
deployment: {
    breaddispatcher: {
        Name ::     "breaddispatcher"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "breaddispatcher"
            labels: {
                component: "frontend"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "frontend"
                        app:       "breaddispatcher"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                        "prometheus.io.port":   "7080"
                    }
                }
                spec: {
                    containers: [{
                        name:  "breaddispatcher"
                        image: "gcr.io/myproj/breaddispatcher:v0.3.24"
                        args: ["-etcd=etcd:2379", "-event-server=events:7788"]
                        ports: [{
                            containerPort: 7080
                            _export:       true
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "frontend"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "frontend"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "frontend"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    host: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "host"
            labels: {
                component: "frontend"
                app:       "host"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "frontend"
                app:       "host"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       7080
                targetPort: 7080
            }]
        }
    }
}
deployment: {
    host: {
        Name ::     "host"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "host"
            labels: {
                component: "frontend"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "frontend"
                        app:       "host"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                        "prometheus.io.port":   "7080"
                    }
                }
                spec: {
                    containers: [{
                        name:  "host"
                        image: "gcr.io/myproj/host:v0.1.10"
                        args: []
                        ports: [{
                            containerPort: 7080
                            _export:       true
                        }]
                    }]
                }
            }
            replicas: 2
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "frontend"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "frontend"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "frontend"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    maitred: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "maitred"
            labels: {
                component: "frontend"
                app:       "maitred"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "frontend"
                app:       "maitred"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       7080
                targetPort: 7080
            }]
        }
    }
}
deployment: {
    maitred: {
        Name ::     "maitred"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "maitred"
            labels: {
                component: "frontend"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "frontend"
                        app:       "maitred"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                        "prometheus.io.port":   "7080"
                    }
                }
                spec: {
                    containers: [{
                        name:  "maitred"
                        image: "gcr.io/myproj/maitred:v0.0.4"
                        args: []
                        ports: [{
                            containerPort: 7080
                            _export:       true
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "frontend"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "frontend"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "frontend"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    valeter: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "valeter"
            labels: {
                component: "frontend"
                app:       "valeter"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "frontend"
                app:       "valeter"
                domain:    "prod"
            }
            ports: [{
                name:       "http"
                protocol:   "TCP"
                port:       8080
                targetPort: 8080
            }]
        }
    }
}
deployment: {
    valeter: {
        Name ::     "valeter"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "valeter"
            labels: {
                component: "frontend"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "frontend"
                        app:       "valeter"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                        "prometheus.io.port":   "8080"
                    }
                }
                spec: {
                    containers: [{
                        name:  "valeter"
                        image: "gcr.io/myproj/valeter:v0.0.4"
                        args: ["-http=:8080", "-etcd=etcd:2379"]
                        ports: [{
                            containerPort: 8080
                            _export:       true
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "frontend"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "frontend"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "frontend"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    waiter: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "waiter"
            labels: {
                component: "frontend"
                app:       "waiter"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "frontend"
                app:       "waiter"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       7080
                targetPort: 7080
            }]
        }
    }
}
deployment: {
    waiter: {
        Name ::     "waiter"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "waiter"
            labels: {
                component: "frontend"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "frontend"
                        app:       "waiter"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                        "prometheus.io.port":   "7080"
                    }
                }
                spec: {
                    containers: [{
                        name:  "waiter"
                        image: "gcr.io/myproj/waiter:v0.3.0"
                        ports: [{
                            containerPort: 7080
                            _export:       true
                        }]
                    }]
                }
            }
            replicas: 5
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "frontend"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "frontend"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "frontend"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    waterdispatcher: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "waterdispatcher"
            labels: {
                component: "frontend"
                app:       "waterdispatcher"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "frontend"
                app:       "waterdispatcher"
                domain:    "prod"
            }
            ports: [{
                name:       "http"
                protocol:   "TCP"
                port:       7080
                targetPort: 7080
            }]
        }
    }
}
deployment: {
    waterdispatcher: {
        Name ::     "waterdispatcher"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "waterdispatcher"
            labels: {
                component: "frontend"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "frontend"
                        app:       "waterdispatcher"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                        "prometheus.io.port":   "7080"
                    }
                }
                spec: {
                    containers: [{
                        name:  "waterdispatcher"
                        image: "gcr.io/myproj/waterdispatcher:v0.0.48"
                        args: ["-http=:8080", "-etcd=etcd:2379"]
                        ports: [{
                            containerPort: 7080
                            _export:       true
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "frontend"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "frontend"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "frontend"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {}
deployment: {}
daemonSet: {}
statefulSet: {}
Component :: "infra"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "infra"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "infra"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    download: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "download"
            labels: {
                component: "infra"
                app:       "download"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "infra"
                app:       "download"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       7080
                targetPort: 7080
            }]
        }
    }
}
deployment: {
    download: {
        Name ::     "download"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "download"
            labels: {
                component: "infra"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "infra"
                        app:       "download"
                        domain:    "prod"
                    }
                }
                spec: {
                    containers: [{
                        name:  "download"
                        image: "gcr.io/myproj/download:v0.0.2"
                        ports: [{
                            containerPort: 7080
                            _export:       true
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "infra"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "infra"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "infra"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    etcd: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "etcd"
            labels: {
                component: "infra"
                app:       "etcd"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "infra"
                app:       "etcd"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       2379
                targetPort: 2379
            }, {
                name:       "peer"
                protocol:   "TCP"
                port:       2380
                targetPort: 2380
            }]
            clusterIP: "None"
        }
    }
}
deployment: {}
daemonSet: {}
statefulSet: {
    etcd: {
        Name ::     "etcd"
        kind:       "StatefulSet"
        apiVersion: "apps/v1"
        metadata: {
            name: "etcd"
            labels: {
                component: "infra"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "infra"
                        app:       "etcd"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                        "prometheus.io.port":   "2379"
                    }
                }
                spec: {
                    containers: [{
                        name: "etcd"
                        env: [{
                            name:  "ETCDCTL_API"
                            value: "3"
                        }, {
                            name:  "ETCD_AUTO_COMPACTION_RETENTION"
                            value: "4"
                        }, {
                            name: "NAME"
                            valueFrom: {
                                fieldRef: {
                                    fieldPath: "metadata.name"
                                }
                            }
                        }, {
                            name: "IP"
                            valueFrom: {
                                fieldRef: {
                                    fieldPath: "status.podIP"
                                }
                            }
                        }]
                        image: "quay.io/coreos/etcd:v3.3.10"
                        command: ["/usr/local/bin/etcd"]
                        args: ["-name", "$(NAME)", "-data-dir", "/data/etcd3", "-initial-advertise-peer-urls", "http://$(IP):2380", "-listen-peer-urls", "http://$(IP):2380", "-listen-client-urls", "http://$(IP):2379,http://127.0.0.1:2379", "-advertise-client-urls", "http://$(IP):2379", "-discovery", "https://discovery.etcd.io/xxxxxx"]
                        ports: [{
                            name:          "client"
                            containerPort: 2379
                            _export:       true
                        }, {
                            name:          "peer"
                            containerPort: 2380
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "etcd3"
                            mountPath: "/data"
                        }]
                        livenessProbe: {
                            initialDelaySeconds: 30
                            httpGet: {
                                path: "/health"
                                port: "client"
                            }
                        }
                    }]
                    terminationGracePeriodSeconds: 10
                    affinity: {
                        podAntiAffinity: {
                            requiredDuringSchedulingIgnoredDuringExecution: [{
                                labelSelector: {
                                    matchExpressions: [{
                                        key:      "app"
                                        operator: "In"
                                        values: ["etcd"]
                                    }]
                                }
                                topologyKey: "kubernetes.io/hostname"
                            }]
                        }
                    }
                }
            }
            replicas: 3
            volumeClaimTemplates: [{
                metadata: {
                    name: "etcd3"
                    annotations: {
                        "volume.alpha.kubernetes.io/storage-class": "default"
                    }
                }
                spec: {
                    resources: {
                        requests: {
                            storage: "10Gi"
                        }
                    }
                    accessModes: ["ReadWriteOnce"]
                }
            }]
            serviceName: "etcd"
        }
    }
}
Component :: "infra"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "infra"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "infra"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    events: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "events"
            labels: {
                component: "infra"
                app:       "events"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "infra"
                app:       "events"
                domain:    "prod"
            }
            ports: [{
                name:       "grpc"
                protocol:   "TCP"
                port:       7788
                targetPort: 7788
            }]
        }
    }
}
deployment: {
    events: {
        Name ::     "events"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "events"
            labels: {
                component: "infra"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "infra"
                        app:       "events"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                        "prometheus.io.port":   "7080"
                    }
                }
                spec: {
                    volumes: [{
                        name: "secret-volume"
                        secret: {
                            secretName: "biz-secrets"
                        }
                    }]
                    containers: [{
                        name:  "events"
                        image: "gcr.io/myproj/events:v0.1.31"
                        args: ["-cert=/etc/ssl/server.pem", "-key=/etc/ssl/server.key", "-grpc=:7788"]
                        ports: [{
                            containerPort: 7080
                            _export:       false
                        }, {
                            containerPort: 7788
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "secret-volume"
                            mountPath: "/etc/ssl"
                        }]
                    }]
                    affinity: {
                        podAntiAffinity: {
                            requiredDuringSchedulingIgnoredDuringExecution: [{
                                labelSelector: {
                                    matchExpressions: [{
                                        key:      "app"
                                        operator: "In"
                                        values: ["events"]
                                    }]
                                }
                                topologyKey: "kubernetes.io/hostname"
                            }]
                        }
                    }
                }
            }
            replicas: 2
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "infra"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "infra"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "infra"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    tasks: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "tasks"
            labels: {
                component: "infra"
                app:       "tasks"
                domain:    "prod"
            }
        }
        spec: {
            type: "LoadBalancer"
            selector: {
                component: "infra"
                app:       "tasks"
                domain:    "prod"
            }
            ports: [{
                name:       "http"
                protocol:   "TCP"
                port:       443
                targetPort: 7443
            }]
            loadBalancerIP: "1.2.3.4"
        }
    }
}
deployment: {
    tasks: {
        Name ::     "tasks"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "tasks"
            labels: {
                component: "infra"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "infra"
                        app:       "tasks"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                        "prometheus.io.port":   "7080"
                    }
                }
                spec: {
                    volumes: [{
                        name: "secret-volume"
                        secret: {
                            secretName: "star-example-com-secrets"
                        }
                    }]
                    containers: [{
                        name:  "tasks"
                        image: "gcr.io/myproj/tasks:v0.2.6"
                        ports: [{
                            containerPort: 7080
                            _export:       false
                        }, {
                            containerPort: 7443
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "secret-volume"
                            mountPath: "/etc/ssl"
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "infra"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "infra"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "infra"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    updater: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "updater"
            labels: {
                component: "infra"
                app:       "updater"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "infra"
                app:       "updater"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       8080
                targetPort: 8080
            }]
        }
    }
}
deployment: {
    updater: {
        Name ::     "updater"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "updater"
            labels: {
                component: "infra"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "infra"
                        app:       "updater"
                        domain:    "prod"
                    }
                }
                spec: {
                    volumes: [{
                        name: "secret-updater"
                        secret: {
                            secretName: "updater-secrets"
                        }
                    }]
                    containers: [{
                        name:  "updater"
                        image: "gcr.io/myproj/updater:v0.1.0"
                        args: ["-key=/etc/certs/updater.pem"]
                        ports: [{
                            containerPort: 8080
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "secret-updater"
                            mountPath: "/etc/certs"
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "infra"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "infra"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "infra"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    watcher: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "watcher"
            labels: {
                component: "infra"
                app:       "watcher"
                domain:    "prod"
            }
        }
        spec: {
            type: "LoadBalancer"
            selector: {
                component: "infra"
                app:       "watcher"
                domain:    "prod"
            }
            ports: [{
                name:       "http"
                protocol:   "TCP"
                port:       7788
                targetPort: 7788
            }]
            loadBalancerIP: "1.2.3.4."
        }
    }
}
deployment: {
    watcher: {
        Name ::     "watcher"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "watcher"
            labels: {
                component: "infra"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "infra"
                        app:       "watcher"
                        domain:    "prod"
                    }
                }
                spec: {
                    volumes: [{
                        name: "secret-volume"
                        secret: {
                            secretName: "star-example-com-secrets"
                        }
                    }]
                    containers: [{
                        name:  "watcher"
                        image: "gcr.io/myproj/watcher:v0.1.0"
                        ports: [{
                            containerPort: 7080
                            _export:       false
                        }, {
                            containerPort: 7788
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "secret-volume"
                            mountPath: "/etc/ssl"
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "infra"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "infra"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "infra"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {}
deployment: {}
daemonSet: {}
statefulSet: {}
Component :: "kitchen"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "kitchen"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "kitchen"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    caller: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "caller"
            labels: {
                component: "kitchen"
                app:       "caller"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "kitchen"
                app:       "caller"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       8080
                targetPort: 8080
            }]
        }
    }
}
deployment: {
    caller: {
        Name ::     "caller"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "caller"
            labels: {
                component: "kitchen"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "kitchen"
                        app:       "caller"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                    }
                }
                spec: {
                    volumes: [{
                        name: "ssd-caller"
                        gcePersistentDisk: {
                            fsType: "ext4"
                            pdName: "ssd-caller"
                        }
                    }, {
                        name: "secret-caller"
                        secret: {
                            secretName: "caller-secrets"
                        }
                    }, {
                        name: "secret-ssh-key"
                        secret: {
                            secretName: "secrets"
                        }
                    }]
                    containers: [{
                        name:  "caller"
                        image: "gcr.io/myproj/caller:v0.20.14"
                        args: ["-env=prod", "-key=/etc/certs/client.key", "-cert=/etc/certs/client.pem", "-ca=/etc/certs/servfx.ca", "-ssh-tunnel-key=/sslcerts/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788"]
                        ports: [{
                            containerPort: 8080
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "ssd-caller"
                            mountPath: "/logs"
                        }, {
                            name:      "secret-caller"
                            readOnly:  true
                            mountPath: "/etc/certs"
                        }, {
                            name:      "secret-ssh-key"
                            readOnly:  true
                            mountPath: "/sslcerts"
                        }]
                        livenessProbe: {
                            initialDelaySeconds: 40
                            periodSeconds:       3
                            httpGet: {
                                path: "/debug/health"
                                port: 8080
                            }
                        }
                    }]
                    hasDisks :: true
                }
            }
            replicas: 3
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "kitchen"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "kitchen"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "kitchen"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    dishwasher: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "dishwasher"
            labels: {
                component: "kitchen"
                app:       "dishwasher"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "kitchen"
                app:       "dishwasher"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       8080
                targetPort: 8080
            }]
        }
    }
}
deployment: {
    dishwasher: {
        Name ::     "dishwasher"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "dishwasher"
            labels: {
                component: "kitchen"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "kitchen"
                        app:       "dishwasher"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                    }
                }
                spec: {
                    volumes: [{
                        name: "dishwasher-disk"
                        gcePersistentDisk: {
                            fsType: "ext4"
                            pdName: "dishwasher-disk"
                        }
                    }, {
                        name: "secret-dishwasher"
                        secret: {
                            secretName: "dishwasher-secrets"
                        }
                    }, {
                        name: "secret-ssh-key"
                        secret: {
                            secretName: "dishwasher-secrets"
                        }
                    }]
                    containers: [{
                        name:  "dishwasher"
                        image: "gcr.io/myproj/dishwasher:v0.2.13"
                        args: ["-env=prod", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788"]
                        ports: [{
                            containerPort: 8080
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "dishwasher-disk"
                            mountPath: "/logs"
                        }, {
                            name:      "secret-dishwasher"
                            readOnly:  true
                            mountPath: "/sslcerts"
                        }, {
                            name:      "secret-ssh-key"
                            readOnly:  true
                            mountPath: "/etc/certs"
                        }]
                        livenessProbe: {
                            initialDelaySeconds: 40
                            periodSeconds:       3
                            httpGet: {
                                path: "/debug/health"
                                port: 8080
                            }
                        }
                    }]
                    hasDisks :: true
                }
            }
            replicas: 5
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "kitchen"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "kitchen"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "kitchen"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    expiditer: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "expiditer"
            labels: {
                component: "kitchen"
                app:       "expiditer"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "kitchen"
                app:       "expiditer"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       8080
                targetPort: 8080
            }]
        }
    }
}
deployment: {
    expiditer: {
        Name ::     "expiditer"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "expiditer"
            labels: {
                component: "kitchen"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "kitchen"
                        app:       "expiditer"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                    }
                }
                spec: {
                    volumes: [{
                        name: "expiditer-disk"
                        gcePersistentDisk: {
                            fsType: "ext4"
                            pdName: "expiditer-disk"
                        }
                    }, {
                        name: "secret-expiditer"
                        secret: {
                            secretName: "expiditer-secrets"
                        }
                    }]
                    containers: [{
                        name:  "expiditer"
                        image: "gcr.io/myproj/expiditer:v0.5.34"
                        args: ["-env=prod", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788"]
                        ports: [{
                            containerPort: 8080
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "expiditer-disk"
                            mountPath: "/logs"
                        }, {
                            name:      "secret-expiditer"
                            readOnly:  true
                            mountPath: "/etc/certs"
                        }]
                        livenessProbe: {
                            initialDelaySeconds: 40
                            periodSeconds:       3
                            httpGet: {
                                path: "/debug/health"
                                port: 8080
                            }
                        }
                    }]
                    hasDisks :: true
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "kitchen"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "kitchen"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "kitchen"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    headchef: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "headchef"
            labels: {
                component: "kitchen"
                app:       "headchef"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "kitchen"
                app:       "headchef"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       8080
                targetPort: 8080
            }]
        }
    }
}
deployment: {
    headchef: {
        Name ::     "headchef"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "headchef"
            labels: {
                component: "kitchen"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "kitchen"
                        app:       "headchef"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                    }
                }
                spec: {
                    volumes: [{
                        name: "headchef-disk"
                        gcePersistentDisk: {
                            fsType: "ext4"
                            pdName: "headchef-disk"
                        }
                    }, {
                        name: "secret-headchef"
                        secret: {
                            secretName: "headchef-secrets"
                        }
                    }]
                    containers: [{
                        name:  "headchef"
                        image: "gcr.io/myproj/headchef:v0.2.16"
                        args: ["-env=prod", "-logdir=/logs", "-event-server=events:7788"]
                        ports: [{
                            containerPort: 8080
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "headchef-disk"
                            mountPath: "/logs"
                        }, {
                            name:      "secret-headchef"
                            readOnly:  true
                            mountPath: "/sslcerts"
                        }]
                        livenessProbe: {
                            initialDelaySeconds: 40
                            periodSeconds:       3
                            httpGet: {
                                path: "/debug/health"
                                port: 8080
                            }
                        }
                    }]
                    hasDisks :: true
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "kitchen"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "kitchen"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "kitchen"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    linecook: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "linecook"
            labels: {
                component: "kitchen"
                app:       "linecook"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "kitchen"
                app:       "linecook"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       8080
                targetPort: 8080
            }]
        }
    }
}
deployment: {
    linecook: {
        Name ::     "linecook"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "linecook"
            labels: {
                component: "kitchen"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "kitchen"
                        app:       "linecook"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                    }
                }
                spec: {
                    volumes: [{
                        name: "linecook-disk"
                        gcePersistentDisk: {
                            fsType: "ext4"
                            pdName: "linecook-disk"
                        }
                    }, {
                        name: "secret-kitchen"
                        secret: {
                            secretName: "secrets"
                        }
                    }]
                    containers: [{
                        name:  "linecook"
                        image: "gcr.io/myproj/linecook:v0.1.42"
                        args: ["-name=linecook", "-env=prod", "-logdir=/logs", "-event-server=events:7788", "-etcd", "etcd:2379", "-reconnect-delay", "1h", "-recovery-overlap", "100000"]
                        ports: [{
                            containerPort: 8080
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "linecook-disk"
                            mountPath: "/logs"
                        }, {
                            name:      "secret-kitchen"
                            readOnly:  true
                            mountPath: "/etc/certs"
                        }]
                        livenessProbe: {
                            initialDelaySeconds: 40
                            periodSeconds:       3
                            httpGet: {
                                path: "/debug/health"
                                port: 8080
                            }
                        }
                    }]
                    hasDisks :: true
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "kitchen"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "kitchen"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "kitchen"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    pastrychef: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "pastrychef"
            labels: {
                component: "kitchen"
                app:       "pastrychef"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "kitchen"
                app:       "pastrychef"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       8080
                targetPort: 8080
            }]
        }
    }
}
deployment: {
    pastrychef: {
        Name ::     "pastrychef"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "pastrychef"
            labels: {
                component: "kitchen"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "kitchen"
                        app:       "pastrychef"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                    }
                }
                spec: {
                    volumes: [{
                        name: "pastrychef-disk"
                        gcePersistentDisk: {
                            fsType: "ext4"
                            pdName: "pastrychef-disk"
                        }
                    }, {
                        name: "secret-ssh-key"
                        secret: {
                            secretName: "secrets"
                        }
                    }]
                    containers: [{
                        name:  "pastrychef"
                        image: "gcr.io/myproj/pastrychef:v0.1.15"
                        args: ["-env=prod", "-ssh-tunnel-key=/etc/certs/tunnel-private.pem", "-logdir=/logs", "-event-server=events:7788", "-reconnect-delay=1m", "-etcd=etcd:2379", "-recovery-overlap=10000"]
                        ports: [{
                            containerPort: 8080
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "pastrychef-disk"
                            mountPath: "/logs"
                        }, {
                            name:      "secret-ssh-key"
                            readOnly:  true
                            mountPath: "/etc/certs"
                        }]
                        livenessProbe: {
                            initialDelaySeconds: 40
                            periodSeconds:       3
                            httpGet: {
                                path: "/debug/health"
                                port: 8080
                            }
                        }
                    }]
                    hasDisks :: true
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "kitchen"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "kitchen"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "kitchen"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    souschef: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "souschef"
            labels: {
                component: "kitchen"
                app:       "souschef"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "kitchen"
                app:       "souschef"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       8080
                targetPort: 8080
            }]
        }
    }
}
deployment: {
    souschef: {
        Name ::     "souschef"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "souschef"
            labels: {
                component: "kitchen"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "kitchen"
                        app:       "souschef"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                    }
                }
                spec: {
                    containers: [{
                        name:  "souschef"
                        image: "gcr.io/myproj/souschef:v0.5.3"
                        ports: [{
                            containerPort: 8080
                            _export:       true
                        }]
                        livenessProbe: {
                            initialDelaySeconds: 40
                            periodSeconds:       3
                            httpGet: {
                                path: "/debug/health"
                                port: 8080
                            }
                        }
                    }]
                    hasDisks :: false
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "kitchen"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "kitchen"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "kitchen"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {}
deployment: {}
daemonSet: {}
statefulSet: {}
Component :: "mon"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "mon"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "mon"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {
    alertmanager: {
        kind:       "ConfigMap"
        apiVersion: "v1"
        metadata: {
            name: "alertmanager"
            labels: {
                component: "mon"
            }
        }
        data: {
            "alerts.yaml": """
        receivers:
          - name: pager
            slack_configs:
              - text: |-
                    {{ range .Alerts }}{{ .Annotations.description }}
                    {{ end }}
                channel: '#cloudmon'
                send_resolved: true
        route:
            receiver: pager
            group_by:
              - alertname
              - cluster
        
        """
        }
    }
}
service: {
    alertmanager: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "alertmanager"
            labels: {
                name:      "alertmanager"
                component: "mon"
                app:       "alertmanager"
                domain:    "prod"
            }
            annotations: {
                "prometheus.io/scrape": "true"
                "prometheus.io/path":   "/metrics"
            }
        }
        spec: {
            selector: {
                name:      "alertmanager"
                component: "mon"
                app:       "alertmanager"
                domain:    "prod"
            }
            ports: [{
                name:       "main"
                protocol:   "TCP"
                port:       9093
                targetPort: 9093
            }]
        }
    }
}
deployment: {
    alertmanager: {
        Name ::     "alertmanager"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "alertmanager"
            labels: {
                component: "mon"
            }
        }
        spec: {
            selector: {
                matchLabels: {
                    app: "alertmanager"
                }
            }
            template: {
                metadata: {
                    name: "alertmanager"
                    labels: {
                        component: "mon"
                        app:       "alertmanager"
                        domain:    "prod"
                    }
                }
                spec: {
                    volumes: [{
                        name: "config-volume"
                        configMap: {
                            name: "alertmanager"
                        }
                    }, {
                        name: "alertmanager"
                        emptyDir: {}
                    }]
                    containers: [{
                        name:  "alertmanager"
                        image: "prom/alertmanager:v0.15.2"
                        args: ["--config.file=/etc/alertmanager/alerts.yaml", "--storage.path=/alertmanager", "--web.external-url=https://alertmanager.example.com"]
                        ports: [{
                            name:          "alertmanager"
                            containerPort: 9093
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "config-volume"
                            mountPath: "/etc/alertmanager"
                        }, {
                            name:      "alertmanager"
                            mountPath: "/alertmanager"
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "mon"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "mon"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "mon"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    grafana: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "grafana"
            labels: {
                component: "mon"
                app:       "grafana"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "mon"
                app:       "grafana"
                domain:    "prod"
            }
            ports: [{
                name:       "grafana"
                protocol:   "TCP"
                port:       3000
                targetPort: 3000
            }]
        }
    }
}
deployment: {
    grafana: {
        Name ::     "grafana"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "grafana"
            labels: {
                component: "mon"
                app:       "grafana"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "mon"
                        app:       "grafana"
                        domain:    "prod"
                    }
                }
                spec: {
                    volumes: [{
                        name: "grafana-volume"
                        gcePersistentDisk: {
                            fsType: "ext4"
                            pdName: "grafana-volume"
                        }
                    }]
                    containers: [{
                        name: "grafana"
                        env: [{
                            name:  "GF_AUTH_BASIC_ENABLED"
                            value: "false"
                        }, {
                            name:  "GF_AUTH_ANONYMOUS_ENABLED"
                            value: "true"
                        }, {
                            name:  "GF_AUTH_ANONYMOUS_ORG_ROLE"
                            value: "admin"
                        }]
                        resources: {
                            limits: {
                                cpu:    "100m"
                                memory: "100Mi"
                            }
                            requests: {
                                cpu:    "100m"
                                memory: "100Mi"
                            }
                        }
                        image: "grafana/grafana:4.5.2"
                        ports: [{
                            containerPort: 8080
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "grafana-volume"
                            mountPath: "/var/lib/grafana"
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "mon"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "mon"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "mon"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    "node-exporter": {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "node-exporter"
            labels: {
                component: "mon"
                app:       "node-exporter"
                domain:    "prod"
            }
            annotations: {
                "prometheus.io/scrape": "true"
            }
        }
        spec: {
            type: "ClusterIP"
            selector: {
                component: "mon"
                app:       "node-exporter"
                domain:    "prod"
            }
            ports: [{
                name:       "metrics"
                protocol:   "TCP"
                port:       9100
                targetPort: 9100
            }]
            clusterIP: "None"
        }
    }
}
deployment: {}
daemonSet: {
    "node-exporter": {
        Name ::     "node-exporter"
        kind:       "DaemonSet"
        apiVersion: "apps/v1"
        metadata: {
            name: "node-exporter"
            labels: {
                component: "mon"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    name: "node-exporter"
                    labels: {
                        component: "mon"
                        app:       "node-exporter"
                        domain:    "prod"
                    }
                }
                spec: {
                    volumes: [{
                        name: "proc"
                        hostPath: {
                            path: "/proc"
                        }
                    }, {
                        name: "sys"
                        hostPath: {
                            path: "/sys"
                        }
                    }]
                    containers: [{
                        name: "node-exporter"
                        resources: {
                            limits: {
                                cpu:    "200m"
                                memory: "50Mi"
                            }
                            requests: {
                                cpu:    "100m"
                                memory: "30Mi"
                            }
                        }
                        image: "quay.io/prometheus/node-exporter:v0.16.0"
                        args: ["--path.procfs=/host/proc", "--path.sysfs=/host/sys"]
                        ports: [{
                            name:          "scrape"
                            hostPort:      9100
                            containerPort: 9100
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "proc"
                            readOnly:  true
                            mountPath: "/host/proc"
                        }, {
                            name:      "sys"
                            readOnly:  true
                            mountPath: "/host/sys"
                        }]
                    }]
                    hostNetwork: true
                    hostPID:     true
                }
            }
        }
    }
}
statefulSet: {}
Component :: "mon"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "mon"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "mon"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {
    prometheus: {
        kind:       "ConfigMap"
        apiVersion: "v1"
        metadata: {
            name: "prometheus"
            labels: {
                component: "mon"
            }
        }
        data: {
            "alert.rules": """
        groups:
          - name: rules.yaml
            rules:
              - labels:
                    severity: page
                annotations:
                    description: '{{$labels.app}} of job {{ $labels.job }} has been down for
                        more than 30 seconds.'
                    summary: Instance {{$labels.app}} down
                alert: InstanceDown
                expr: up == 0
                for: 30s
              - labels:
                    severity: page
                annotations:
                    description: If one more etcd peer goes down the cluster will be unavailable
                    summary: etcd cluster small
                alert: InsufficientPeers
                expr: count(up{job=\"etcd\"} == 0) > (count(up{job=\"etcd\"}) / 2 - 1)
                for: 3m
              - labels:
                    severity: page
                annotations:
                    summary: No ETCD master elected.
                alert: EtcdNoMaster
                expr: sum(etcd_server_has_leader{app=\"etcd\"}) == 0
                for: 1s
              - labels:
                    severity: page
                annotations:
                    description: '{{$labels.app}} {{ $labels.container }} resturted {{ $value
                        }} times in 5m.'
                    summary: Pod for {{$labels.container}} restarts too often
                alert: PodRestart
                expr: (max_over_time(pod_container_status_restarts_total[5m]) - min_over_time(pod_container_status_restarts_total[5m]))
                    > 2
                for: 1m
        
        """
            "prometheus.yml": """
        global:
            scrape_interval: 15s
        rule_files:
          - /etc/prometheus/alert.rules
        alerting:
            alertmanagers:
              - scheme: http
                static_configs:
                  - targets:
                      - alertmanager:9093
        scrape_configs:
          - scheme: https
            job_name: kubernetes-apiservers
            kubernetes_sd_configs:
              - role: endpoints
            tls_config:
                ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
            bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
            relabel_configs:
              - action: keep
                source_labels:
                  - __meta_kubernetes_namespace
                  - __meta_kubernetes_service_name
                  - __meta_kubernetes_endpoint_port_name
                regex: default;kubernetes;https
          - scheme: https
            job_name: kubernetes-nodes
            kubernetes_sd_configs:
              - role: node
            tls_config:
                ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
            bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
            relabel_configs:
              - action: labelmap
                regex: __meta_kubernetes_node_label_(.+)
              - target_label: __address__
                replacement: kubernetes.default.svc:443
              - source_labels:
                  - __meta_kubernetes_node_name
                regex: (.+)
                target_label: __metrics_path__
                replacement: /api/v1/nodes/${1}/proxy/metrics
          - scheme: https
            job_name: kubernetes-cadvisor
            kubernetes_sd_configs:
              - role: node
            tls_config:
                ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
            bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
            relabel_configs:
              - action: labelmap
                regex: __meta_kubernetes_node_label_(.+)
              - target_label: __address__
                replacement: kubernetes.default.svc:443
              - source_labels:
                  - __meta_kubernetes_node_name
                regex: (.+)
                target_label: __metrics_path__
                replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
          - job_name: kubernetes-service-endpoints
            kubernetes_sd_configs:
              - role: endpoints
            relabel_configs:
              - action: keep
                source_labels:
                  - __meta_kubernetes_service_annotation_prometheus_io_scrape
                regex: true
              - action: replace
                source_labels:
                  - __meta_kubernetes_service_annotation_prometheus_io_scheme
                regex: (https?)
                target_label: __scheme__
              - action: replace
                source_labels:
                  - __meta_kubernetes_service_annotation_prometheus_io_path
                regex: (.+)
                target_label: __metrics_path__
              - action: replace
                source_labels:
                  - __address__
                  - __meta_kubernetes_service_annotation_prometheus_io_port
                regex: ([^:]+)(?::\\d+)?;(\\d+)
                target_label: __address__
                replacement: $1:$2
              - action: labelmap
                regex: __meta_kubernetes_service_label_(.+)
              - action: replace
                source_labels:
                  - __meta_kubernetes_namespace
                target_label: kubernetes_namespace
              - action: replace
                source_labels:
                  - __meta_kubernetes_service_name
                target_label: kubernetes_name
          - job_name: kubernetes-services
            kubernetes_sd_configs:
              - role: service
            relabel_configs:
              - action: keep
                source_labels:
                  - __meta_kubernetes_service_annotation_prometheus_io_probe
                regex: true
              - source_labels:
                  - __address__
                target_label: __param_target
              - target_label: __address__
                replacement: blackbox-exporter.example.com:9115
              - source_labels:
                  - __param_target
                target_label: app
              - action: labelmap
                regex: __meta_kubernetes_service_label_(.+)
              - source_labels:
                  - __meta_kubernetes_namespace
                target_label: kubernetes_namespace
              - source_labels:
                  - __meta_kubernetes_service_name
                target_label: kubernetes_name
            metrics_path: /probe
            params:
                module:
                  - http_2xx
          - job_name: kubernetes-ingresses
            kubernetes_sd_configs:
              - role: ingress
            relabel_configs:
              - action: keep
                source_labels:
                  - __meta_kubernetes_ingress_annotation_prometheus_io_probe
                regex: true
              - source_labels:
                  - __meta_kubernetes_ingress_scheme
                  - __address__
                  - __meta_kubernetes_ingress_path
                regex: (.+);(.+);(.+)
                target_label: __param_target
                replacement: ${1}://${2}${3}
              - target_label: __address__
                replacement: blackbox-exporter.example.com:9115
              - source_labels:
                  - __param_target
                target_label: app
              - action: labelmap
                regex: __meta_kubernetes_ingress_label_(.+)
              - source_labels:
                  - __meta_kubernetes_namespace
                target_label: kubernetes_namespace
              - source_labels:
                  - __meta_kubernetes_ingress_name
                target_label: kubernetes_name
            metrics_path: /probe
            params:
                module:
                  - http_2xx
          - job_name: kubernetes-pods
            kubernetes_sd_configs:
              - role: pod
            relabel_configs:
              - action: keep
                source_labels:
                  - __meta_kubernetes_pod_annotation_prometheus_io_scrape
                regex: true
              - action: replace
                source_labels:
                  - __meta_kubernetes_pod_annotation_prometheus_io_path
                regex: (.+)
                target_label: __metrics_path__
              - action: replace
                source_labels:
                  - __address__
                  - __meta_kubernetes_pod_annotation_prometheus_io_port
                regex: ([^:]+)(?::\\d+)?;(\\d+)
                target_label: __address__
                replacement: $1:$2
              - action: labelmap
                regex: __meta_kubernetes_pod_label_(.+)
              - action: replace
                source_labels:
                  - __meta_kubernetes_namespace
                target_label: kubernetes_namespace
              - action: replace
                source_labels:
                  - __meta_kubernetes_pod_name
                target_label: kubernetes_pod_name
        
        """
        }
    }
}
service: {
    prometheus: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "prometheus"
            labels: {
                name:      "prometheus"
                component: "mon"
                app:       "prometheus"
                domain:    "prod"
            }
            annotations: {
                "prometheus.io/scrape": "true"
            }
        }
        spec: {
            type: "NodePort"
            selector: {
                name:      "prometheus"
                component: "mon"
                app:       "prometheus"
                domain:    "prod"
            }
            ports: [{
                name:       "main"
                protocol:   "TCP"
                port:       9090
                targetPort: 9090
                nodePort:   30900
            }]
        }
    }
}
deployment: {
    prometheus: {
        Name ::     "prometheus"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "prometheus"
            labels: {
                component: "mon"
            }
        }
        spec: {
            selector: {
                matchLabels: {
                    app: "prometheus"
                }
            }
            template: {
                metadata: {
                    name: "prometheus"
                    labels: {
                        component: "mon"
                        app:       "prometheus"
                        domain:    "prod"
                    }
                    annotations: {
                        "prometheus.io.scrape": "true"
                    }
                }
                spec: {
                    volumes: [{
                        name: "config-volume"
                        configMap: {
                            name: "prometheus"
                        }
                    }]
                    containers: [{
                        name:  "prometheus"
                        image: "prom/prometheus:v2.4.3"
                        args: ["--config.file=/etc/prometheus/prometheus.yml", "--web.external-url=https://prometheus.example.com"]
                        ports: [{
                            name:          "web"
                            containerPort: 9090
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "config-volume"
                            mountPath: "/etc/prometheus"
                        }]
                    }]
                }
            }
            replicas: 1
            strategy: {
                type: "RollingUpdate"
                rollingUpdate: {
                    maxUnavailable: 1
                    maxSurge:       0
                }
            }
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "mon"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "mon"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "mon"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {}
deployment: {}
daemonSet: {}
statefulSet: {}
Component :: "proxy"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "proxy"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "proxy"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {
    authproxy: {
        kind:       "ConfigMap"
        apiVersion: "v1"
        metadata: {
            name: "authproxy"
            labels: {
                component: "proxy"
            }
        }
        data: {
            "authproxy.cfg": """
        # Google Auth Proxy Config File
        ## https://github.com/bitly/google_auth_proxy
        
        ## <addr>:<port> to listen on for HTTP clients
        http_address = \"0.0.0.0:4180\"
        
        ## the OAuth Redirect URL.
        redirect_url = \"https://auth.example.com/oauth2/callback\"
        
        ## the http url(s) of the upstream endpoint. If multiple, routing is based on path
        upstreams = [
            # frontend
            \"http://frontend-waiter:7080/dpr/\",
            \"http://frontend-maitred:7080/ui/\",
            \"http://frontend-maitred:7080/ui\",
            \"http://frontend-maitred:7080/report/\",
            \"http://frontend-maitred:7080/report\",
            \"http://frontend-maitred:7080/static/\",
            # kitchen
            \"http://kitchen-chef:8080/visit\",
            # infrastructure
            \"http://download:7080/file/\",
            \"http://download:7080/archive\",
            \"http://tasks:7080/tasks\",
            \"http://tasks:7080/tasks/\",
        ]
        
        ## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
        pass_basic_auth = true
        request_logging = true
        
        ## Google Apps Domains to allow authentication for
        google_apps_domains = [
            \"example.com\",
        ]
        
        email_domains = [
            \"example.com\",
        ]
        
        ## The Google OAuth Client ID, Secret
        client_id = \"---\"
        client_secret = \"---\"
        
        ## Cookie Settings
        ## Secret - the seed string for secure cookies
        ## Domain - optional cookie domain to force cookies to (ie: .yourcompany.com)
        ## Expire - expire timeframe for cookie
        cookie_secret = \"won't tell you\"
        cookie_domain = \".example.com\"
        cookie_https_only = true
        """
        }
    }
}
service: {
    authproxy: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "authproxy"
            labels: {
                component: "proxy"
                app:       "authproxy"
                domain:    "prod"
            }
        }
        spec: {
            selector: {
                component: "proxy"
                app:       "authproxy"
                domain:    "prod"
            }
            ports: [{
                name:       "client"
                protocol:   "TCP"
                port:       4180
                targetPort: 4180
            }]
        }
    }
}
deployment: {
    authproxy: {
        Name ::     "authproxy"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "authproxy"
            labels: {
                component: "proxy"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "proxy"
                        app:       "authproxy"
                        domain:    "prod"
                    }
                }
                spec: {
                    volumes: [{
                        name: "config-volume"
                        configMap: {
                            name: "authproxy"
                        }
                    }]
                    containers: [{
                        name:  "authproxy"
                        image: "skippy/oauth2_proxy:2.0.1"
                        args: ["--config=/etc/authproxy/authproxy.cfg"]
                        ports: [{
                            containerPort: 4180
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "config-volume"
                            mountPath: "/etc/authproxy"
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "proxy"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "proxy"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "proxy"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {}
service: {
    goget: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "goget"
            labels: {
                component: "proxy"
                app:       "goget"
                domain:    "prod"
            }
        }
        spec: {
            type: "LoadBalancer"
            selector: {
                component: "proxy"
                app:       "goget"
                domain:    "prod"
            }
            ports: [{
                name:       "https"
                protocol:   "TCP"
                port:       443
                targetPort: 7443
            }]
            loadBalancerIP: "1.3.5.7"
        }
    }
}
deployment: {
    goget: {
        Name ::     "goget"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "goget"
            labels: {
                component: "proxy"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "proxy"
                        app:       "goget"
                        domain:    "prod"
                    }
                }
                spec: {
                    volumes: [{
                        name: "secret-volume"
                        secret: {
                            secretName: "goget-secrets"
                        }
                    }]
                    containers: [{
                        name:  "goget"
                        image: "gcr.io/myproj/goget:v0.5.1"
                        ports: [{
                            containerPort: 7443
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "secret-volume"
                            mountPath: "/etc/ssl"
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "proxy"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "proxy"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "proxy"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}
configMap: {
    nginx: {
        kind:       "ConfigMap"
        apiVersion: "v1"
        metadata: {
            name: "nginx"
            labels: {
                component: "proxy"
            }
        }
        data: {
            "nginx.conf": """
        events {
            worker_connections 768;
        }
        http {
            sendfile on;
            tcp_nopush on;
            tcp_nodelay on;
            # needs to be high for some download jobs.
            keepalive_timeout 400;
            # proxy_connect_timeout  300;
            proxy_send_timeout       300;
            proxy_read_timeout       300;
            send_timeout             300;
        
            types_hash_max_size 2048;
        
            include /etc/nginx/mime.types;
            default_type application/octet-stream;
        
            access_log /dev/stdout;
            error_log  /dev/stdout;
        
            # Disable POST body size constraints. We often deal with large
            # files. Especially docker containers may be large.
            client_max_body_size 0;
        
            upstream goget {
                server localhost:7070;
            }
        
            # Redirect incoming Google Cloud Storage notifications:
           server {
                listen 443 ssl;
                server_name notify.example.com notify2.example.com;
        
                ssl_certificate /etc/ssl/server.crt;
                ssl_certificate_key /etc/ssl/server.key;
        
                # Security enhancements to deal with poodles and the like.
                # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
                # ssl_ciphers 'AES256+EECDH:AES256+EDH';
                ssl_ciphers \"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4\";
        
                # We don't like poodles.
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_session_cache shared:SSL:10m;
        
                # Enable Forward secrecy.
                ssl_dhparam /etc/ssl/dhparam.pem;
                ssl_prefer_server_ciphers on;
        
                # Enable HTST.
                add_header Strict-Transport-Security max-age=1209600;
        
                # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
                chunked_transfer_encoding on;
        
                location / {
                    proxy_pass http://tasks:7080;
                    proxy_connect_timeout 1;
                }
            }
        
            server {
                listen 80;
                listen 443 ssl;
                server_name x.example.com example.io;
        
                location ~ \"(/[^/]+)(/.*)?\" {
                    set $myhost $host;
                    if ($arg_go-get = \"1\") {
                        set $myhost \"goget\";
                    }
                    proxy_pass http://$myhost$1;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Scheme $scheme;
                    proxy_connect_timeout 1;
                }
        
                location / {
                    set $myhost $host;
                    if ($arg_go-get = \"1\") {
                        set $myhost \"goget\";
                    }
                    proxy_pass http://$myhost;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Scheme $scheme;
                    proxy_connect_timeout 1;
                }
            }
        
            server {
                listen 80;
                server_name www.example.com w.example.com;
        
                resolver 8.8.8.8;
        
                location / {
                    proxy_set_header X-Forwarded-Host $host;
                    proxy_set_header X-Forwarded-Server $host;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Real-IP $remote_addr;
        
                    proxy_pass http://$host.default.example.appspot.com/$request_uri;
                    proxy_redirect http://$host.default.example.appspot.com/ /;
                }
            }
        
            server {
                # We could add the following line and the connection would still be SSL,
                # but it doesn't appear to be necessary. Seems saver this way.
                listen 80;
                listen 443 default ssl;
                server_name ~^(?<sub>.*)\\.example\\.com$;
        
                ssl_certificate /etc/ssl/server.crt;
                ssl_certificate_key /etc/ssl/server.key;
        
                # Security enhancements to deal with poodles and the like.
                # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
                # ssl_ciphers 'AES256+EECDH:AES256+EDH';
                ssl_ciphers \"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4\";
        
                # We don't like poodles.
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_session_cache shared:SSL:10m;
        
                # Enable Forward secrecy.
                ssl_dhparam /etc/ssl/dhparam.pem;
                ssl_prefer_server_ciphers on;
        
                # Enable HTST.
                add_header Strict-Transport-Security max-age=1209600;
        
                if ($ssl_protocol = \"\") {
                    rewrite ^   https://$host$request_uri? permanent;
                }
        
                # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
                chunked_transfer_encoding on;
        
                location / {
                    proxy_pass http://authproxy:4180;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Scheme $scheme;
                    proxy_connect_timeout 1;
                }
            }
        }
        """
        }
    }
}
service: {
    nginx: {
        kind:       "Service"
        apiVersion: "v1"
        metadata: {
            name: "nginx"
            labels: {
                component: "proxy"
                app:       "nginx"
                domain:    "prod"
            }
        }
        spec: {
            type: "LoadBalancer"
            selector: {
                component: "proxy"
                app:       "nginx"
                domain:    "prod"
            }
            ports: [{
                name:       "http"
                protocol:   "TCP"
                port:       80
                targetPort: 80
            }, {
                name:       "https"
                protocol:   "TCP"
                port:       443
                targetPort: 443
            }]
            loadBalancerIP: "1.3.4.5"
        }
    }
}
deployment: {
    nginx: {
        Name ::     "nginx"
        kind:       "Deployment"
        apiVersion: "apps/v1"
        metadata: {
            name: "nginx"
            labels: {
                component: "proxy"
            }
        }
        spec: {
            selector: {}
            template: {
                metadata: {
                    labels: {
                        component: "proxy"
                        app:       "nginx"
                        domain:    "prod"
                    }
                }
                spec: {
                    volumes: [{
                        name: "secret-volume"
                        secret: {
                            secretName: "proxy-secrets"
                        }
                    }, {
                        name: "config-volume"
                        configMap: {
                            name: "nginx"
                        }
                    }]
                    containers: [{
                        name:  "nginx"
                        image: "nginx:1.11.10-alpine"
                        ports: [{
                            containerPort: 80
                            _export:       true
                        }, {
                            containerPort: 443
                            _export:       true
                        }]
                        volumeMounts: [{
                            name:      "secret-volume"
                            mountPath: "/etc/ssl"
                        }, {
                            name:      "config-volume"
                            mountPath: "/etc/nginx/nginx.conf"
                            subPath:   "nginx.conf"
                        }]
                    }]
                }
            }
            replicas: 1
        }
    }
}
daemonSet: {}
statefulSet: {}
Component :: "proxy"
_spec: {
    Name :: string
    metadata: {
        name: string
        labels: {
            component: "proxy"
        }
    }
    spec: {
        selector: {}
        template: {
            metadata: {
                labels: {
                    component: "proxy"
                    app:       string
                    domain:    "prod"
                }
            }
            spec: {
                containers: [{
                    name: string
                    ports: []
                }]
            }
        }
    }
}