# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: spec: selector: matchLabels: app: template: metadata: labels: app: spec: serviceAccountName: volumes: - name: cacert secret: secretName: items: - key: tls.crt path: cert.pem - name: servercert secret: secretName: items: - key: tls.crt path: cert.pem - key: tls.key path: key.pem containers: - name: pgbouncer image: ports: - containerPort: 5432 volumeMounts: - name: cacert mountPath: "/etc/ca" readOnly: true - name: servercert mountPath: "/etc/server" readOnly: true env: - name: DB_HOST value: "127.0.0.1" - name: DB_USER valueFrom: secretKeyRef: name: key: username - name: DB_PASSWORD valueFrom: secretKeyRef: name: key: password - name: DB_NAME valueFrom: secretKeyRef: name: key: database - name: DB_PORT value: "5431" - name: CLIENT_TLS_SSLMODE value: "require" - name: CLIENT_TLS_CA_FILE value: "/etc/ca/cert.pem" - name: CLIENT_TLS_KEY_FILE value: "/etc/server/key.pem" - name: CLIENT_TLS_CERT_FILE value: "/etc/server/cert.pem" - name: cloud-sql-proxy image: gcr.io/cloudsql-docker/gce-proxy:1.22.0 # make sure to use the latest version command: - "/cloud_sql_proxy" - "-instances==tcp:5431" securityContext: runAsNonRoot: true