mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-15 09:22:43 +03:00
f4007596fb
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3558 GitOrigin-RevId: b4ba6830be191aac6ce9e8e5bef974bd5322260d
82 lines
2.7 KiB
YAML
82 lines
2.7 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: hasura
|
|
labels:
|
|
app: hasura
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: hasura
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: hasura
|
|
spec:
|
|
containers:
|
|
- name: graphql-engine
|
|
image: hasura/graphql-engine:v2.2.0
|
|
ports:
|
|
- containerPort: 8080
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8080
|
|
# The following environment variables will contain the database host,
|
|
# user and password to connect to the PostgreSQL instance.
|
|
command:
|
|
- graphql-engine
|
|
- --database-url
|
|
- "postgres://$(POSTGRES_DB_USER):$(POSTGRES_DB_PASSWORD)@$(POSTGRES_DB_HOST)/postgres"
|
|
- serve
|
|
env:
|
|
# [START Hasura config variables]
|
|
## enable the console served by server
|
|
- name: HASURA_GRAPHQL_ENABLE_CONSOLE
|
|
value: "true"
|
|
## enable debugging mode. It is recommended to disable this in production
|
|
- name: HASURA_GRAPHQL_DEV_MODE
|
|
value: "true"
|
|
# [END Hasura config variables]
|
|
- name: POSTGRES_DB_HOST
|
|
value: 127.0.0.1:5432
|
|
# [START cloudsql_secrets]
|
|
- name: POSTGRES_DB_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: cloudsql-db-credentials
|
|
key: username
|
|
- name: POSTGRES_DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: cloudsql-db-credentials
|
|
key: password
|
|
# [END cloudsql_secrets]
|
|
# Change [INSTANCE_CONNECTION_NAME] here to include your GCP
|
|
# project, the region of your Cloud SQL instance and the name
|
|
# of your Cloud SQL instance. The format is
|
|
# $PROJECT:$REGION:$INSTANCE
|
|
# [START proxy_container]
|
|
- name: cloudsql-proxy
|
|
image: gcr.io/cloudsql-docker/gce-proxy:1.11
|
|
command: ["/cloud_sql_proxy",
|
|
"-instances=[INSTANCE_CONNECTION_NAME]=tcp:5432",
|
|
"-credential_file=/secrets/cloudsql/credentials.json"]
|
|
# [START cloudsql_security_context]
|
|
securityContext:
|
|
runAsUser: 2 # non-root user
|
|
allowPrivilegeEscalation: false
|
|
# [END cloudsql_security_context]
|
|
volumeMounts:
|
|
- name: cloudsql-instance-credentials
|
|
mountPath: /secrets/cloudsql
|
|
readOnly: true
|
|
# [END proxy_container]
|
|
# [START volumes]
|
|
volumes:
|
|
- name: cloudsql-instance-credentials
|
|
secret:
|
|
secretName: cloudsql-instance-credentials
|
|
# [END volumes]
|