mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-12-22 18:58:29 +00:00
62 lines
1.4 KiB
Plaintext
62 lines
1.4 KiB
Plaintext
local bycdeploy = import 'ci/bycdeploy.jsonnet';
|
|
local kubernetes = import 'ci/kubernetes.jsonnet';
|
|
local common = import 'spicedb/deploy/common.jsonnet';
|
|
|
|
bycdeploy.new({
|
|
name: 'spicedb',
|
|
replicas: 1,
|
|
dbname: 'spicedb',
|
|
backend: true,
|
|
migrate: true,
|
|
// Only create database
|
|
migrate_command: ['/bin/sh'],
|
|
migrate_args: common.sh_args('/usr/local/bin/spicedb migrate head --datastore-engine=postgres --datastore-conn-uri=$REAL_DSN'),
|
|
legacyDb: common.legacyDb,
|
|
command: '/bin/sh',
|
|
// We can use dangerous-force-http because we're using mTLS internally
|
|
// and terminate TLS at ingress point.
|
|
args: common.sh_args('/usr/local/bin/spicedb serve --datastore-engine=postgres --datastore-conn-uri=$REAL_DSN'),
|
|
image: common.image,
|
|
tag: common.tag,
|
|
dsn: common.dsn,
|
|
internal_route_options: {
|
|
headers: {
|
|
request: {
|
|
add: {
|
|
'Authorization': 'Bearer %s' % common.env[0].value,
|
|
}
|
|
}
|
|
}
|
|
},
|
|
requests: if kubernetes.prod() then {
|
|
cpu: '0.2',
|
|
memory: '512M',
|
|
},
|
|
limits: if kubernetes.prod() then {
|
|
cpu: '1',
|
|
memory: '2G',
|
|
},
|
|
ports: [
|
|
{
|
|
name: 'grpc',
|
|
containerPort: 50051,
|
|
protocol: 'TCP',
|
|
},
|
|
{
|
|
name: 'internal',
|
|
containerPort: 50053,
|
|
protocol: 'TCP',
|
|
},
|
|
{
|
|
name: 'prometheus',
|
|
containerPort: 9090,
|
|
protocol: 'TCP',
|
|
},
|
|
],
|
|
health: {
|
|
grpc: true,
|
|
port: 50051,
|
|
},
|
|
env: common.env,
|
|
})
|