apiVersion: apps/v1 kind: Deployment metadata: name: hasura labels: app: hasura spec: replicas: 1 selector: matchLabels: app: hasura template: metadata: labels: app: hasura spec: containers: - name: graphql-engine image: hasura/graphql-engine:v2.0.5 ports: - containerPort: 8080 readinessProbe: httpGet: path: /healthz port: 8080 # The following environment variables will contain the database host, # user and password to connect to the PostgreSQL instance. command: - graphql-engine - --database-url - "postgres://$(POSTGRES_DB_USER):$(POSTGRES_DB_PASSWORD)@$(POSTGRES_DB_HOST)/postgres" - serve env: # [START Hasura config variables] ## enable the console served by server - name: HASURA_GRAPHQL_ENABLE_CONSOLE value: "true" ## enable debugging mode. It is recommended to disable this in production - name: HASURA_GRAPHQL_DEV_MODE value: "true" # [END Hasura config variables] - name: POSTGRES_DB_HOST value: 127.0.0.1:5432 # [START cloudsql_secrets] - name: POSTGRES_DB_USER valueFrom: secretKeyRef: name: cloudsql-db-credentials key: username - name: POSTGRES_DB_PASSWORD valueFrom: secretKeyRef: name: cloudsql-db-credentials key: password # [END cloudsql_secrets] # Change [INSTANCE_CONNECTION_NAME] here to include your GCP # project, the region of your Cloud SQL instance and the name # of your Cloud SQL instance. The format is # $PROJECT:$REGION:$INSTANCE # [START proxy_container] - name: cloudsql-proxy image: gcr.io/cloudsql-docker/gce-proxy:1.11 command: ["/cloud_sql_proxy", "-instances=[INSTANCE_CONNECTION_NAME]=tcp:5432", "-credential_file=/secrets/cloudsql/credentials.json"] # [START cloudsql_security_context] securityContext: runAsUser: 2 # non-root user allowPrivilegeEscalation: false # [END cloudsql_security_context] volumeMounts: - name: cloudsql-instance-credentials mountPath: /secrets/cloudsql readOnly: true # [END proxy_container] # [START volumes] volumes: - name: cloudsql-instance-credentials secret: secretName: cloudsql-instance-credentials # [END volumes]