resource "kubectl_manifest" "deploy" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: "${var.component}-${var.instance}" namespace: "${var.namespace}" labels: ${jsonencode(local.common-labels)} spec: replicas: 1 selector: matchLabels: ${jsonencode(local.common-labels)} template: metadata: labels: ${jsonencode(local.common-labels)} spec: securityContext: fsGroup: 1000 runAsGroup: 1000 containers: - name: dbgate securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 envFrom: - secretRef: name: "${var.component}-${var.instance}" - configMapRef: name: "${var.component}-${var.instance}" env: - name: CONNECTIONS value: ${local.connections} - name: OAUTH_CLIENT_ID valueFrom: secretKeyRef: name: "${var.component}-${var.instance}-id" key: client-id - name: OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: name: "${var.component}-${var.instance}-secret" key: client-secret image: "${var.images.dbgate.registry}/${var.images.dbgate.repository}:${var.images.dbgate.tag}" imagePullPolicy: "${var.images.dbgate.pullPolicy}" ports: - containerPort: 3000 name: http protocol: TCP livenessProbe: failureThreshold: 3 httpGet: path: / port: http scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: / port: http scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 volumeMounts: - name: data mountPath: /home/node/.dbgate restartPolicy: Always securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 volumes: - name: data persistentVolumeClaim: claimName: "${var.component}-${var.instance}" - name: run emptyDir: {} EOF }