k8s.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: fuzzly-backend
spec:
  replicas: 1
  selector:
    matchLabels:
      app: fuzzly-backend
  template:
    metadata:
      labels:
        app: fuzzly-backend
    spec:
      containers:
      - name: fuzzly-backend
        image: us-central1-docker.pkg.dev/kheinacom/fuzzly-repo/fuzzly-backend@sha256:314b48c1d1928f6f329bbcf138f40e02a5450daca6cb573ae48ee9f16dd605fe
        env:
        - name: pod_ip
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: pod_name
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: pod_host
          value: "*.fuzz.ly"
        - name: kh_aes
          valueFrom:
            secretKeyRef:
              name: kh-aes
              key: value
        - name: kh_ed25519
          valueFrom:
            secretKeyRef:
              name: kh-ed25519
              key: value
        volumeMounts:
        - name: fuzzly-credentials
          mountPath: /credentials/
          readOnly: true
        - name: cert
          mountPath: /etc/certs/
          readOnly: true
        resources:
          limits:
            cpu: "1"
            memory: 4Gi
          requests:
            cpu: "1"
            memory: 2Gi
        livenessProbe:
          httpGet:
            path: /health/liveness
            port: 443
            scheme: HTTPS
          initialDelaySeconds: 15
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /health/readiness
            port: 443
            scheme: HTTPS
          initialDelaySeconds: 15
          periodSeconds: 30
      - name: cloud-sql-proxy
        # It is recommended to use the latest version of the Cloud SQL Auth Proxy
        # Make sure to update on a regular schedule!
        image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.11.4
        args:
          # If connecting from a VPC-native GKE cluster, you can use the
          # following flag to have the proxy connect over private IP
          # - "--private-ip"

          # Enable structured logging with LogEntry format:
          - "--structured-logs"


          # Replace DB_PORT with the port the proxy should listen on
          - "--port=5432"
          - "kheinacom:us-east1:kheina-1"

          # This flag specifies where the service account key can be found
          - "--credentials-file=/secrets/service_account.json"
        securityContext:
          # The default Cloud SQL Auth Proxy image runs as the
          # "nonroot" user and group (uid: 65532) by default.
          runAsNonRoot: true
        volumeMounts:
        - name: sqlsa
          mountPath: /secrets/
          readOnly: true
        # Resource configuration depends on an application's requirements. You
        # should adjust the following values based on what your application
        # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
        resources:
          requests:
            # The proxy's memory use scales linearly with the number of active
            # connections. Fewer open connections will use less memory. Adjust
            # this value based on your application's requirements.
            memory: "1Gi"
            # The proxy's CPU use scales linearly with the amount of IO between
            # the database and the application. Adjust this value based on your
            # application's requirements.
            cpu: "1"
      volumes:
      - name: sqlsa
        secret:
          secretName: sql-service-account
      - name: fuzzly-credentials
        secret:
          secretName: credentials
      - name: cert
        secret:
          secretName: cert