1# Copyright 2021 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apps/v1
16kind: Deployment
17metadata:
18 name: <YOUR-DEPLOYMENT-NAME>
19spec:
20 selector:
21 matchLabels:
22 app: <YOUR-APPLICATION-NAME>
23 template:
24 metadata:
25 labels:
26 app: <YOUR-APPLICATION-NAME>
27 spec:
28 containers:
29 - name: <YOUR-APPLICATION-NAME>
30 # ... other container configuration
31 env:
32 - name: DB_USER
33 valueFrom:
34 secretKeyRef:
35 name: <YOUR-DB-SECRET>
36 key: username
37 - name: DB_PASS
38 valueFrom:
39 secretKeyRef:
40 name: <YOUR-DB-SECRET>
41 key: password
42 - name: DB_NAME
43 valueFrom:
44 secretKeyRef:
45 name: <YOUR-DB-SECRET>
46 key: database
47 - name: cloud-sql-proxy
48 # It is recommended to use the latest version of the Cloud SQL proxy
49 # Make sure to update on a regular schedule!
50 image: gcr.io/cloudsql-docker/gce-proxy:1.17
51 command:
52 - "/cloud_sql_proxy"
53
54 # If connecting from a VPC-native GKE cluster, you can use the
55 # following flag to have the proxy connect over private IP
56 # - "-ip_address_types=PRIVATE"
57
58 # Replace DB_PORT with the port the proxy should listen on
59 # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433
60 - "-instances=<INSTANCE_CONNECTION_NAME>=tcp:<DB_PORT>"
61
62 # [START cloud_sql_proxy_k8s_volume_mount]
63 # This flag specifies where the service account key can be found
64 - "-credential_file=/secrets/service_account.json"
65 securityContext:
66 # The default Cloud SQL proxy image runs as the
67 # "nonroot" user and group (uid: 65532) by default.
68 runAsNonRoot: true
69 volumeMounts:
70 - name: <YOUR-SA-SECRET-VOLUME>
71 mountPath: /secrets/
72 readOnly: true
73 # [END cloud_sql_proxy_k8s_volume_mount]
74 # Resource configuration depends on an application's requirements. You
75 # should adjust the following values based on what your application
76 # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
77 resources:
78 requests:
79 # The proxy's memory use scales linearly with the number of active
80 # connections. Fewer open connections will use less memory. Adjust
81 # this value based on your application's requirements.
82 memory: "2Gi"
83 # The proxy's CPU use scales linearly with the amount of IO between
84 # the database and the application. Adjust this value based on your
85 # application's requirements.
86 cpu: "1"
87 # [START cloud_sql_proxy_k8s_volume_secret]
88 volumes:
89 - name: <YOUR-SA-SECRET-VOLUME>
90 secret:
91 secretName: <YOUR-SA-SECRET>
92 # [END cloud_sql_proxy_k8s_volume_secret]
View as plain text