-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathunleash_v1_unleash_sql_proxy.yaml
108 lines (108 loc) · 2.58 KB
/
unleash_v1_unleash_sql_proxy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
apiVersion: unleash.nais.io/v1
kind: Unleash
metadata:
labels:
app.kubernetes.io/name: unleash
app.kubernetes.io/instance: unleash-sample
app.kubernetes.io/part-of: unleasherator
app.kuberentes.io/managed-by: kustomize
app.kubernetes.io/created-by: unleasherator
name: unleash-sql-proxy-sample
spec:
size: 1
customImage: europe-north1-docker.pkg.dev/nais-io/nais/images/unleash-v4:20230331-045000-1f2db9f
existingServiceAccountName: bifrost-unleash-sql-user
apiIngress:
class: nais-ingress
enabled: true
host: unleash-sql-proxy-sample-api.dev-nais.cloud.nais.io
path: /api/
webIngress:
class: nais-ingress-iap
enabled: true
host: unleash-sql-proxy-sample.dev-nais.cloud.nais.io
path: /
database:
host: localhost
port: "5432"
secretDatabaseNameKey: POSTGRES_DB
secretName: unleash-sql-proxy-sample
secretPassKey: POSTGRES_PASSWORD
secretUserKey: POSTGRES_USER
ssl: "false"
extraEnvVars:
- name: GOOGLE_IAP_AUDIENCE
value: /projects/718161667033/global/backendServices/2287975999985226128
extraContainers:
- args:
- --structured-logs
- --port=5432
- nais-management-7178:europe-north1:bifrost-79ca6928
image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.1.0
name: sql-proxy
resources:
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 65532
networkPolicy:
enabled: true
allowDNS: true
extraEgressRules:
# Allow SQL proxy to connect to Cloud SQL instance
- ports:
- port: 3307
protocol: TCP
to:
- ipBlock:
cidr: 34.88.153.80/32
# Allow SQL proxy to connect to Google Cloud Metadata server
- ports:
- port: 988
protocol: TCP
to:
- ipBlock:
cidr: 169.254.169.252/32
- ports:
- port: 988
protocol: TCP
to:
- ipBlock:
cidr: 127.0.0.1/32
- ports:
- port: 80
protocol: TCP
to:
- ipBlock:
cidr: 169.254.169.254/32
# Gstatic
- ports:
- port: 443
protocol: TCP
to:
- ipBlock:
cidr: 142.250.74.131/32
- ports:
- port: 443
protocol: TCP
to:
- ipBlock:
cidr: 142.250.74.35/32
- ports:
- port: 443
protocol: TCP
to:
- ipBlock:
cidr: 216.58.211.3/32
- ports:
- port: 443
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0