Last active
November 24, 2018 18:32
-
-
Save dalmarcogd/1c8ea43fd19dd2ea44ce10712defd1a7 to your computer and use it in GitHub Desktop.
Deploy GWA Auth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: gwa-auth | |
labels: | |
app: gwa-auth | |
spec: | |
selector: | |
matchLabels: | |
app: gwa-auth | |
template: | |
metadata: | |
labels: | |
app: gwa-auth | |
spec: | |
containers: | |
- name: gwa-auth-app | |
image: gcr.io/gym-app-gd/gwa-auth-app:latest | |
ports: | |
- containerPort: 80 | |
# The following environment variables will contain the database host, | |
# user and password to connect to the PostgreSQL instance. | |
env: | |
- name: POSTGRES_DB_HOST | |
value: 127.0.0.1:5432 | |
# [START cloudsql_secrets] | |
- name: POSTGRES_DB_USER | |
valueFrom: | |
secretKeyRef: | |
name: cloudsql-db-credentials | |
key: username | |
- name: POSTGRES_DB_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: cloudsql-db-credentials | |
key: password | |
# [END cloudsql_secrets] | |
# Change <INSTANCE_CONNECTION_NAME> here to include your GCP | |
# project, the region of your Cloud SQL instance and the name | |
# of your Cloud SQL instance. The format is | |
# $PROJECT:$REGION:$INSTANCE | |
# [START proxy_container] | |
- name: cloudsql-proxy | |
image: gcr.io/cloudsql-docker/gce-proxy:1.11 | |
command: ["/cloud_sql_proxy", | |
"-instances=gym-app-gd:us-central1:gwa-db-hml=tcp:5432", | |
"-credential_file=/secrets/cloudsql/credentials.json"] | |
# [START cloudsql_security_context] | |
securityContext: | |
runAsUser: 2 # non-root user | |
allowPrivilegeEscalation: false | |
# [END cloudsql_security_context] | |
volumeMounts: | |
- name: cloudsql-instance-credentials | |
mountPath: /secrets/cloudsql | |
readOnly: true | |
# [END proxy_container] | |
# [START volumes] | |
volumes: | |
- name: cloudsql-instance-credentials | |
secret: | |
secretName: cloudsql-instance-credentials | |
# [END volumes] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment