Text file src/github.com/GoogleCloudPlatform/cloudsql-proxy/examples/k8s-service/pgbouncer_deployment.yaml

Documentation: github.com/GoogleCloudPlatform/cloudsql-proxy/examples/k8s-service

     1# Copyright 2021 Google LLC
     2#
     3# Licensed under the Apache License, Version 2.0 (the "License");
     4# you may not use this file except in compliance with the License.
     5# You may obtain a copy of the License at
     6#
     7#      http://www.apache.org/licenses/LICENSE-2.0
     8#
     9# Unless required by applicable law or agreed to in writing, software
    10# distributed under the License is distributed on an "AS IS" BASIS,
    11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12# See the License for the specific language governing permissions and
    13# limitations under the License.
    14
    15apiVersion: apps/v1
    16kind: Deployment
    17metadata:
    18  name: <YOUR-PGBOUNCER-DEPLOYMENT-NAME>
    19spec:
    20  selector:
    21    matchLabels:
    22      app: <YOUR-PGBOUNCER-NAME>
    23  template:
    24    metadata:
    25      labels:
    26        app: <YOUR-PGBOUNCER-NAME>
    27    spec:
    28      serviceAccountName: <YOUR-KSA-NAME>
    29      volumes:
    30      - name: cacert
    31        secret:
    32          secretName: <YOUR-CA-SECRET>
    33          items:
    34          - key: tls.crt
    35            path: cert.pem
    36      - name: servercert
    37        secret:
    38          secretName: <YOUR-SERVER-CERT-SECRET>
    39          items:
    40          - key: tls.crt
    41            path: cert.pem
    42          - key: tls.key
    43            path: key.pem
    44      containers:
    45      - name: pgbouncer
    46        image: <PG-BOUNCER-CONTAINER>
    47        ports:
    48        - containerPort: 5432
    49        volumeMounts:
    50        - name: cacert
    51          mountPath: "/etc/ca"
    52          readOnly: true
    53        - name: servercert
    54          mountPath: "/etc/server"
    55          readOnly: true
    56        env:
    57        - name: DB_HOST
    58          value: "127.0.0.1"
    59        - name: DB_USER
    60          valueFrom:
    61            secretKeyRef:
    62              name: <YOUR-DB-SECRET>
    63              key: username
    64        - name: DB_PASSWORD
    65          valueFrom:
    66            secretKeyRef:
    67              name: <YOUR-DB-SECRET>
    68              key: password
    69        - name: DB_NAME
    70          valueFrom:
    71            secretKeyRef:
    72              name: <YOUR-DB-SECRET>
    73              key: database
    74        - name: DB_PORT
    75          value: "5431"
    76        - name: CLIENT_TLS_SSLMODE
    77          value: "require"
    78        - name: CLIENT_TLS_CA_FILE
    79          value: "/etc/ca/cert.pem"
    80        - name: CLIENT_TLS_KEY_FILE
    81          value: "/etc/server/key.pem"
    82        - name: CLIENT_TLS_CERT_FILE
    83          value: "/etc/server/cert.pem"
    84      - name: cloud-sql-proxy
    85        image: gcr.io/cloudsql-docker/gce-proxy:1.22.0 # make sure to use the latest version
    86        command:
    87          - "/cloud_sql_proxy"
    88          - "-instances=<INSTANCE_CONNECTION_NAME>=tcp:5431"
    89        securityContext:
    90          runAsNonRoot: true

View as plain text