github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/cloud/kubernetes/example-app-secure.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: example-secure 5 spec: 6 replicas: 1 7 selector: 8 matchLabels: 9 app: loadgen 10 template: 11 metadata: 12 labels: 13 app: loadgen 14 spec: 15 serviceAccountName: cockroachdb 16 volumes: 17 - name: client-certs 18 emptyDir: {} 19 initContainers: 20 # The init-certs container sends a certificate signing request to the 21 # kubernetes cluster. 22 # You can see pending requests using: kubectl get csr 23 # CSRs can be approved using: kubectl certificate approve <csr name> 24 # 25 # In addition to the client certificate and key, the init-certs entrypoint will symlink 26 # the cluster CA to the certs directory. 27 - name: init-certs 28 image: cockroachdb/cockroach-k8s-request-cert:0.4 29 imagePullPolicy: IfNotPresent 30 command: 31 - "/bin/ash" 32 - "-ecx" 33 - "/request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=client -user=root -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" 34 env: 35 - name: POD_NAMESPACE 36 valueFrom: 37 fieldRef: 38 fieldPath: metadata.namespace 39 volumeMounts: 40 - name: client-certs 41 mountPath: /cockroach-certs 42 containers: 43 - name: loadgen 44 image: cockroachdb/loadgen-kv:0.1 45 imagePullPolicy: IfNotPresent 46 volumeMounts: 47 - name: client-certs 48 mountPath: /cockroach-certs 49 command: 50 - "/kv" 51 - "postgres://root@cockroachdb-public:26257/kv?sslmode=verify-full&sslcert=/cockroach-certs/client.root.crt&sslkey=/cockroach-certs/client.root.key&sslrootcert=/cockroach-certs/ca.crt"