locals { deploy-envs = merge({}, } resource "kubectl_manifest" "deploy" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: "${var.component}-${var.instance}" namespace: "${var.namespace}" labels: ${jsonencode(local.common-labels)} spec: replicas: 1 selector: matchLabels: ${jsonencode(local.common-labels)} template: metadata: labels: ${jsonencode(local.common-labels)} spec: securityContext: fsGroup: 1000 runAsGroup: 1000 runAsUser: 0 containers: - name: dbgate securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: false runAsUser: 0 envFrom: - secretRef: name: "${var.component}-${var.instance}" - configMapRef: name: "${var.component}-${var.instance}" env: - name: CONNECTIONS value: ${local.connections} - name: OAUTH_CLIENT_ID valueFrom: secretKeyRef: name: "${var.component}-${var.instance}-id" key: client-id - name: OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: name: "${var.component}-${var.instance}-secret" key: client-secret command: - "/bin/bash" - "/start.sh" image: "${var.images.dbgate.registry}/${var.images.dbgate.repository}:${var.images.dbgate.tag}" imagePullPolicy: "${var.images.dbgate.pullPolicy}" ports: - containerPort: 3000 name: http protocol: TCP livenessProbe: failureThreshold: 3 httpGet: path: / port: http scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: / port: http scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 volumeMounts: - name: certs mountPath: /etc/local-ca readOnly: true - name: data mountPath: /home/node/.dbgate - name: init mountPath: "/start.sh" subPath: "start.sh" restartPolicy: Always volumes: - name: certs secret: secretName: "${var.instance}-cert" defaultMode: 0444 - name: data persistentVolumeClaim: claimName: "${var.component}-${var.instance}" - name: run emptyDir: {} - name: init configMap: name: "${var.component}-${var.instance}-init" defaultMode: 0777 EOF }