domain/apps/dbgate/deploy.tf

locals {
   deploy-envs = merge({},
}

resource "kubectl_manifest" "deploy" {
  yaml_body  = <<-EOF
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: "${var.component}-${var.instance}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      replicas: 1
      selector:
        matchLabels: ${jsonencode(local.common-labels)}
      template:
        metadata:
          labels: ${jsonencode(local.common-labels)}
        spec:
          securityContext:
            fsGroup: 1000
            runAsGroup: 1000
            runAsUser: 0
          containers:
          - name: dbgate
            securityContext:
              fsGroup: 1000
              runAsGroup: 1000
              runAsNonRoot: false
              runAsUser: 0
            envFrom:
            - secretRef:
                name: "${var.component}-${var.instance}"
            - configMapRef:
                name: "${var.component}-${var.instance}"
            env:
            - name: CONNECTIONS
              value: ${local.connections}
            - name: OAUTH_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "${var.component}-${var.instance}-id"
                  key: client-id
            - name: OAUTH_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "${var.component}-${var.instance}-secret"
                  key: client-secret
            command:
            - "/bin/bash"
            - "/start.sh"
            image: "${var.images.dbgate.registry}/${var.images.dbgate.repository}:${var.images.dbgate.tag}"
            imagePullPolicy: "${var.images.dbgate.pullPolicy}"
            ports:
            - containerPort: 3000
              name: http
              protocol: TCP
            livenessProbe:
              failureThreshold: 3
              httpGet:
                path: /
                port: http
                scheme: HTTP
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 1
            readinessProbe:
              failureThreshold: 3
              httpGet:
                path: /
                port: http
                scheme: HTTP
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 1
            volumeMounts:
            - name: certs
              mountPath: /etc/local-ca
              readOnly: true
            - name: data
              mountPath: /home/node/.dbgate
            - name: init
              mountPath: "/start.sh"
              subPath: "start.sh"
          restartPolicy: Always
          volumes:
          - name: certs
            secret:
              secretName: "${var.instance}-cert"
              defaultMode: 0444
          - name: data
            persistentVolumeClaim:
              claimName: "${var.component}-${var.instance}"
          - name: run
            emptyDir: {}
          - name: init
            configMap:
              name: "${var.component}-${var.instance}-init"
              defaultMode: 0777
  EOF
}