github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/cloud/kubernetes/bring-your-own-certs/client.yaml

github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/cloud/kubernetes/bring-your-own-certs/client.yaml (about)

     1  # This config file demonstrates how to connect to the CockroachDB StatefulSet
     2  # defined in bring-your-own-certs-statefulset.yaml that uses certificates
     3  # created outside of Kubernetes. See that file for why you may want to use it.
     4  # You should be able to adapt the core ideas to deploy your own custom
     5  # applications and connect them to the database similarly.
     6  #
     7  # The pod that this file defines will sleep in the cluster not using any
     8  # resources. After creating the pod, you can use it to open up a SQL shell to
     9  # the database by running:
    10  #
    11  # kubectl exec -it cockroachdb-client-secure -- ./cockroach sql --url="postgres://root@cockroachdb-public:26257/?sslmode=verify-full&sslcert=/cockroach-certs/client.root.crt&sslkey=/cockroach-certs/client.root.key&sslrootcert=/cockroach-certs/ca.crt"
    12  apiVersion: v1
    13  kind: Pod
    14  metadata:
    15    name: cockroachdb-client-secure
    16    labels:
    17      app: cockroachdb-client
    18  spec:
    19    serviceAccountName: cockroachdb
    20    containers:
    21    - name: cockroachdb-client
    22      image: cockroachdb/cockroach:v20.1.1
    23      # Keep a pod open indefinitely so kubectl exec can be used to get a shell to it
    24      # and run cockroach client commands, such as cockroach sql, cockroach node status, etc.
    25      command:
    26      - sleep
    27      - "2147483648" # 2^31
    28      volumeMounts:
    29      - name: client-certs
    30        mountPath: /cockroach-certs
    31    volumes:
    32    - name: client-certs
    33      secret:
    34        secretName: cockroachdb.client.root
    35        defaultMode: 256