51 lines
1.6 KiB
HCL
51 lines
1.6 KiB
HCL
resource "kubectl_manifest" "deploy" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: "${var.instance}-${var.component}"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.common_labels)}
|
|
annotations:
|
|
configmap.reloader.stakater.com/reload: "${kubectl_manifest.config.name}"
|
|
secret.reloader.stakater.com/reload: "${kubectl_manifest.secret.name}"
|
|
spec:
|
|
replicas: ${var.replicas}
|
|
selector:
|
|
matchLabels: ${jsonencode(local.common_labels)}
|
|
template:
|
|
metadata:
|
|
labels: ${jsonencode(local.common_labels)}
|
|
spec:
|
|
containers:
|
|
- name: infisical-backend
|
|
image: "${var.images.infisical.registry}/${var.images.infisical.repository}:${var.images.infisical.tag}"
|
|
imagePullPolicy: "${var.images.infisical.pull_policy}"
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /api/status
|
|
port: 8080
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
protocol: TCP
|
|
envFrom:
|
|
- configMapRef:
|
|
name: "${kubectl_manifest.config.name}"
|
|
- secretRef:
|
|
name: "${kubectl_manifest.secret.name}"
|
|
volumeMounts:
|
|
- name: certs
|
|
mountPath: /etc/local-ca
|
|
readOnly: true
|
|
restartPolicy: Always
|
|
volumes:
|
|
- name: certs
|
|
secret:
|
|
secretName: "${module.ingress.sercret_name}"
|
|
defaultMode: 0444
|
|
EOF
|
|
}
|