1# Copyright 2021 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# [START cloud_sql_proxy_k8s_sa]
16apiVersion: apps/v1
17kind: Deployment
18metadata:
19 name: <YOUR-DEPLOYMENT-NAME>
20spec:
21 selector:
22 matchLabels:
23 app: <YOUR-APPLICATION-NAME>
24 template:
25 metadata:
26 labels:
27 app: <YOUR-APPLICATION-NAME>
28 spec:
29 serviceAccountName: <YOUR-KSA-NAME>
30 # [END cloud_sql_proxy_k8s_sa]
31 # [START cloud_sql_proxy_k8s_secrets]
32 containers:
33 - name: <YOUR-APPLICATION-NAME>
34 # ... other container configuration
35 env:
36 - name: DB_USER
37 valueFrom:
38 secretKeyRef:
39 name: <YOUR-DB-SECRET>
40 key: username
41 - name: DB_PASS
42 valueFrom:
43 secretKeyRef:
44 name: <YOUR-DB-SECRET>
45 key: password
46 - name: DB_NAME
47 valueFrom:
48 secretKeyRef:
49 name: <YOUR-DB-SECRET>
50 key: database
51 # [END cloud_sql_proxy_k8s_secrets]
52 # [START cloud_sql_proxy_k8s_container]
53 - name: cloud-sql-proxy
54 # It is recommended to use the latest version of the Cloud SQL proxy
55 # Make sure to update on a regular schedule!
56 image: gcr.io/cloudsql-docker/gce-proxy:1.17
57 command:
58 - "/cloud_sql_proxy"
59
60 # If connecting from a VPC-native GKE cluster, you can use the
61 # following flag to have the proxy connect over private IP
62 # - "-ip_address_types=PRIVATE"
63
64 # Replace DB_PORT with the port the proxy should listen on
65 # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433
66 - "-instances=<INSTANCE_CONNECTION_NAME>=tcp:<DB_PORT>"
67 securityContext:
68 # The default Cloud SQL proxy image runs as the
69 # "nonroot" user and group (uid: 65532) by default.
70 runAsNonRoot: true
71 # You should use resource requests/limits as a best practice to prevent
72 # pods from consuming too many resources and affecting the execution of
73 # other pods. You should adjust the following values based on what your
74 # application needs. For details, see
75 # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
76 resources:
77 requests:
78 # The proxy's memory use scales linearly with the number of active
79 # connections. Fewer open connections will use less memory. Adjust
80 # this value based on your application's requirements.
81 memory: "2Gi"
82 # The proxy's CPU use scales linearly with the amount of IO between
83 # the database and the application. Adjust this value based on your
84 # application's requirements.
85 cpu: "1"
86 # [END cloud_sql_proxy_k8s_container]
View as plain text