locals { deploy-envs = [{ "name" = "CONNECTIONS" "value" = local.connections },{ "name" = "OAUTH_CLIENT_ID" "valueFrom" = { "secretKeyRef" = { "name" = "${var.component}-${var.instance}-id" "key" = "client-id" } } },{ "name" = "OAUTH_CLIENT_SECRET" "valueFrom" = { "secretKeyRef" = { "name" = "${var.component}-${var.instance}-secret" "key" = "client-secret" } } }] } resource "kubectl_manifest" "deploy" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: "${var.component}-${var.instance}" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} annotations: configmap.reloader.stakater.com/reload: "${var.component}-${var.instance}" secret.reloader.stakater.com/reload: "${var.component}-${var.instance}" spec: replicas: 1 selector: matchLabels: ${jsonencode(local.common_labels)} template: metadata: labels: ${jsonencode(local.common_labels)} spec: securityContext: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 containers: - name: dbgate securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 envFrom: - secretRef: name: "${var.component}-${var.instance}" - configMapRef: name: "${var.component}-${var.instance}" env: ${jsonencode(local.deploy-envs)} image: "${var.images.dbgate.registry}/${var.images.dbgate.repository}:${var.images.dbgate.tag}" imagePullPolicy: "${var.images.dbgate.pull_policy}" ports: - containerPort: 3000 name: http protocol: TCP livenessProbe: failureThreshold: 3 httpGet: path: / port: http scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: / port: http scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 volumeMounts: - name: certs mountPath: /etc/local-ca readOnly: true - name: data mountPath: /home/node/.dbgate restartPolicy: Always volumes: - name: certs secret: secretName: "${var.instance}-cert" defaultMode: 0444 - name: data persistentVolumeClaim: claimName: "${var.component}-${var.instance}" - name: run emptyDir: {} EOF }