1apiVersion: apps/v1
2kind: StatefulSet
3metadata:
4 name: database
5spec:
6 selector:
7 matchLabels:
8 app-service: db-internal
9 template:
10 metadata:
11 labels:
12 app-service: db-internal
13 spec:
14 serviceAccountName: mariadb-service-account
15 initContainers:
16 - name: create-secret
17 image: bzl://hack/deps:kubectl_container_push
18 command:
19 - "/bin/sh"
20 - "-c"
21 args:
22 - if ! kubectl get -n database secret credentials; then kubectl create -n database secret generic credentials --from-literal=name="database" --from-literal=user="user" --from-literal=password="$(tr -dc 'A-Za-z0-9!?%=' < /dev/urandom | head -c 16)" --from-literal=root_password="$(tr -dc 'A-Za-z0-9!?%=' < /dev/urandom | head -c 16)"; fi
23 containers:
24 - name: mariadb
25 image: bzl://hack/deps:mariadb_container_push
26 args:
27 - --bind-address=0.0.0.0
28 ports:
29 - name: db-port
30 containerPort: 3306
31 env:
32 - name: MARIADB_DATABASE
33 valueFrom:
34 secretKeyRef:
35 name: credentials
36 key: name
37 - name: MARIADB_USER
38 valueFrom:
39 secretKeyRef:
40 name: credentials
41 key: user
42 - name: MARIADB_PASSWORD
43 valueFrom:
44 secretKeyRef:
45 name: credentials
46 key: password
47 - name: MARIADB_ROOT_PASSWORD
48 valueFrom:
49 secretKeyRef:
50 name: credentials
51 key: root_password
52 resources:
53 limits:
54 cpu: "500m"
55 memory: 256Mi
56 requests:
57 cpu: "10m"
58 memory: 64Mi
59 volumeMounts:
60 - name: db-data
61 mountPath: "/var/lib/mysql"
62 volumeClaimTemplates:
63 - metadata:
64 name: db-data
65 spec:
66 resources:
67 requests:
68 storage: 5Gi
69 accessModes: ["ReadWriteOncePod"]
70 serviceName: db-internal
View as plain text