2022-10-30 08:18:01 +00:00
|
|
|
local resfdeploy = import 'ci/resfdeploy.jsonnet';
|
2022-07-07 20:11:50 +00:00
|
|
|
local db = import 'ci/db.jsonnet';
|
|
|
|
local kubernetes = import 'ci/kubernetes.jsonnet';
|
|
|
|
local common = import 'hydra/deploy/common.jsonnet';
|
|
|
|
|
2022-10-30 08:18:01 +00:00
|
|
|
resfdeploy.new({
|
2022-07-07 20:11:50 +00:00
|
|
|
name: 'hydra-admin',
|
|
|
|
replicas: 1,
|
|
|
|
dbname: 'hydra',
|
|
|
|
backend: true,
|
|
|
|
// Custom migration
|
|
|
|
migrate: true,
|
|
|
|
migrate_command: ['/bin/sh'],
|
|
|
|
migrate_args: common.sh_args($.dsn, '/usr/bin/hydra migrate sql -e --yes'),
|
|
|
|
legacyDb: common.legacyDb,
|
|
|
|
command: '/bin/sh',
|
|
|
|
// We can use dangerous-force-http because we're using mTLS internally
|
|
|
|
// and terminate TLS at ingress point.
|
|
|
|
args: common.sh_args($.dsn, '/usr/bin/hydra serve admin --dangerous-force-http'),
|
|
|
|
image: common.image,
|
|
|
|
tag: common.tag,
|
|
|
|
dsn: {
|
|
|
|
name: 'DSN',
|
|
|
|
value: std.strReplace(db.dsn_legacy('hydra', false, 'hydra-admin'), 'postgresql://', 'postgres://') + "&max_conn_lifetime=5m",
|
|
|
|
},
|
|
|
|
requests: if kubernetes.prod() then {
|
|
|
|
cpu: '0.2',
|
|
|
|
memory: '512M',
|
|
|
|
},
|
|
|
|
limits: if kubernetes.prod() then {
|
|
|
|
cpu: '2',
|
|
|
|
memory: '8G',
|
|
|
|
},
|
|
|
|
ports: [
|
|
|
|
{
|
|
|
|
name: 'http',
|
|
|
|
containerPort: 4445,
|
|
|
|
protocol: 'TCP',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
health: {
|
|
|
|
path: '/health/alive',
|
|
|
|
port: 4445,
|
|
|
|
},
|
|
|
|
env: common.env + [$.dsn],
|
|
|
|
})
|