github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/cloud/kubernetes/v1.6/example-app-secure.yaml (about) 1 apiVersion: apps/v1beta1 2 kind: Deployment 3 metadata: 4 name: example-secure 5 spec: 6 replicas: 1 7 template: 8 metadata: 9 labels: 10 app: loadgen 11 spec: 12 serviceAccountName: cockroachdb 13 volumes: 14 - name: client-certs 15 emptyDir: {} 16 initContainers: 17 # The init-certs container sends a certificate signing request to the 18 # kubernetes cluster. 19 # You can see pending requests using: kubectl get csr 20 # CSRs can be approved using: kubectl certificate approve <csr name> 21 # 22 # In addition to the client certificate and key, the init-certs entrypoint will symlink 23 # the cluster CA to the certs directory. 24 - name: init-certs 25 image: cockroachdb/cockroach-k8s-request-cert:0.4 26 imagePullPolicy: IfNotPresent 27 command: 28 - "/bin/ash" 29 - "-ecx" 30 - "/request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=client -user=root -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" 31 env: 32 - name: POD_NAMESPACE 33 valueFrom: 34 fieldRef: 35 fieldPath: metadata.namespace 36 volumeMounts: 37 - name: client-certs 38 mountPath: /cockroach-certs 39 containers: 40 - name: loadgen 41 image: cockroachdb/loadgen-kv:0.1 42 imagePullPolicy: IfNotPresent 43 volumeMounts: 44 - name: client-certs 45 mountPath: /cockroach-certs 46 command: 47 - "/kv" 48 - "postgres://root@cockroachdb-public:26257/kv?sslmode=verify-full&sslcert=/cockroach-certs/client.root.crt&sslkey=/cockroach-certs/client.root.key&sslrootcert=/cockroach-certs/ca.crt"