Merge pull request #15 from numberly/secatscale-example

Create example that can be reused
numberly · Jun 3, 2024 · 80df666 · 80df666
2 parents 33a1381 + ea8f894
commit 80df666
Show file tree

Hide file tree

Showing 2 changed files with 113 additions and 0 deletions.
diff --git a/example/pgsqlgule-classic.yaml b/example/pgsqlgule-classic.yaml
@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pgsqlgule-dv
+  namespace: demo
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pgsqlgule-dv-classic
+  namespace: demo
+  labels:
+    app: pgsqlgule-dv
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pgsqlgule-dv
+  template:
+    metadata:
+      labels:
+        app: pgsqlgule-dv
+        vault-db-injector-dev: "true"
+      annotations:
+        db-creds-injector.numberly.io/pgsqlgule_dv.role: pgsqlgule-dv
+        db-creds-injector.numberly.io/pgsqlgule_dv.mode: classic
+        db-creds-injector.numberly.io/pgsqlgule_dv.env-key-dbpassword: DB_PASSWORD,PGPASSWORD
+        db-creds-injector.numberly.io/pgsqlgule_dv.env-key-dbuser: DB_USER,PGUSER
+    spec:
+      serviceAccountName: pgsqlgule-dv
+      imagePullSecrets:
+        - name: "registry-token"
+        - name: "registry-token-common"
+      containers:
+        - name: svc
+          image: registry.numberly.in/docker-images/postgres-curl-jq:0.1.0
+          imagePullPolicy: IfNotPresent
+          resources:
+            limits:
+              ephemeral-storage: 2Gi
+              memory: 400Mi
+            requests:
+              ephemeral-storage: 512Mi
+              memory: 160Mi
+          securityContext:
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            runAsUser: 65534
+            runAsGroup: 65534
+          command:
+            - "bash"
+            - "-c"
+            - "trap 'exit 0' TERM; sleep infinity & wait"
+          env:
+            - name: PGHOST
+              value: pginstance
+            - name: PGDATABASE
+              value: pgsqlgule_dv
diff --git a/example/pgsqlgule-uri.yaml b/example/pgsqlgule-uri.yaml
@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pgsqlgule-dv
+  namespace: demo
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pgsqlgule-dv-uri
+  namespace: demo
+  labels:
+    app: pgsqlgule-dv
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pgsqlgule-dv
+  template:
+    metadata:
+      labels:
+        app: pgsqlgule-dv
+        vault-db-injector-dev: "true"
+      annotations:
+        db-creds-injector.numberly.io/pgsqlgule_dv.role: pgsqlgule-dv
+        db-creds-injector.numberly.io/pgsqlgule_dv.mode: uri
+        db-creds-injector.numberly.io/pgsqlgule_dv.template: postgres://@pginstance:5432/pgsqlgule_dv?sslmode=require
+        db-creds-injector.numberly.io/pgsqlgule_dv.env-key-uri: POSTGRES_URL
+    spec:
+      serviceAccountName: pgsqlgule-dv
+      imagePullSecrets:
+        - name: "registry-token"
+        - name: "registry-token-common"
+      containers:
+        - name: svc
+          image: registry.numberly.in/docker-images/postgres-curl-jq:0.1.0
+          imagePullPolicy: IfNotPresent
+          resources:
+            limits:
+              ephemeral-storage: 2Gi
+              memory: 400Mi
+            requests:
+              ephemeral-storage: 512Mi
+              memory: 160Mi
+          securityContext:
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            runAsUser: 65534
+            runAsGroup: 65534
+          command:
+            - "bash"
+            - "-c"
+            - "trap 'exit 0' TERM; sleep infinity & wait"