graphql-engine/install-manifests/google-cloud-k8s-sql/deployment.yaml

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

82 lines
2.7 KiB
YAML
Raw Permalink Normal View History

apiVersion: apps/v1
kind: Deployment
metadata:
name: hasura
labels:
app: hasura
spec:
replicas: 1
selector:
matchLabels:
app: hasura
template:
metadata:
labels:
app: hasura
spec:
containers:
- name: graphql-engine
image: hasura/graphql-engine:v2.42.0
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /healthz
port: 8080
# The following environment variables will contain the database host,
# user and password to connect to the PostgreSQL instance.
command:
- graphql-engine
- --database-url
- "postgres://$(POSTGRES_DB_USER):$(POSTGRES_DB_PASSWORD)@$(POSTGRES_DB_HOST)/postgres"
- serve
env:
# [START Hasura config variables]
## enable the console served by server
- name: HASURA_GRAPHQL_ENABLE_CONSOLE
value: "true"
## enable debugging mode. It is recommended to disable this in production
- name: HASURA_GRAPHQL_DEV_MODE
value: "true"
# [END Hasura config variables]
- name: POSTGRES_DB_HOST
value: 127.0.0.1:5432
# [START cloudsql_secrets]
- name: POSTGRES_DB_USER
valueFrom:
secretKeyRef:
name: cloudsql-db-credentials
key: username
- name: POSTGRES_DB_PASSWORD
valueFrom:
secretKeyRef:
name: cloudsql-db-credentials
key: password
# [END cloudsql_secrets]
# Change [INSTANCE_CONNECTION_NAME] here to include your GCP
# project, the region of your Cloud SQL instance and the name
# of your Cloud SQL instance. The format is
# $PROJECT:$REGION:$INSTANCE
# [START proxy_container]
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.11
command: ["/cloud_sql_proxy",
"-instances=[INSTANCE_CONNECTION_NAME]=tcp:5432",
"-credential_file=/secrets/cloudsql/credentials.json"]
# [START cloudsql_security_context]
securityContext:
runAsUser: 2 # non-root user
allowPrivilegeEscalation: false
# [END cloudsql_security_context]
volumeMounts:
- name: cloudsql-instance-credentials
mountPath: /secrets/cloudsql
readOnly: true
# [END proxy_container]
# [START volumes]
volumes:
- name: cloudsql-instance-credentials
secret:
secretName: cloudsql-instance-credentials
# [END volumes]