-
Notifications
You must be signed in to change notification settings - Fork 42
/
tf-deployment.yaml
153 lines (153 loc) · 5.13 KB
/
tf-deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# Copyright 2020-2021 Google LLC
#
# Use of this source code is governed by an MIT-style
# license that can be found in the LICENSE file or at
# https://opensource.org/licenses/MIT.
apiVersion: apps/v1
kind: Deployment
metadata:
name: response-datastore
labels:
app: response-datastore
spec:
replicas: 1
selector:
matchLabels:
app: response-datastore
template:
metadata:
labels:
app: response-datastore
annotations:
sidecar.istio.io/inject: "true"
spec:
containers:
- name: response-datastore
image: gcr.io/<PREFIX>-<ENV>-apps/response-datastore:latest
env:
# DB ACCESS
- name: DB_USER
valueFrom:
secretKeyRef:
name: response-datastore-credentials
key: dbusername
- name: DB_PASS
valueFrom:
secretKeyRef:
name: response-datastore-credentials
key: dbpassword
- name: DB_NAME
valueFrom:
secretKeyRef:
name: response-datastore-credentials
key: dbname
- name: DB_INSTANCE_URL
value: "127.0.0.1"
# AUTHENTICATION
- name: CLIENT_ID
valueFrom:
secretKeyRef:
name: response-datastore-credentials
key: client_id
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: response-datastore-credentials
key: secret_key
# STUDY DATASTORE AUTHENTICATION
- name: STUDY_DATASTORE_ID
valueFrom:
secretKeyRef:
name: study-datastore-connect-credentials
key: response_datastore_id
- name: STUDY_DATASTORE_PASSWORD
valueFrom:
secretKeyRef:
name: study-datastore-connect-credentials
key: response_datastore_token
# SERVER CALLS
- name: AUTH_SERVER_URL
value: "http://auth-server-np:50000/auth-server"
- name: STUDY_DATASTORE_URL
value: "http://study-datastore-np:50000/study-datastore"
- name: PARTICIPANT_ENROLL_DATASTORE_URL
value: "http://participant-enroll-datastore-np:50000/participant-enroll-datastore"
- name: HYDRA_ADMIN_URL
value: "http://hydra-admin-np:50000"
- name: SCIM_AUTH_URL
value: "http://auth-server-np:50000/auth-server"
# MISC
- name: FILE_STORAGE_PATH
value: ""
- name: LOG_PATH
valueFrom:
secretKeyRef:
name: shared-secrets
key: log_path
- name: FIRESTORE_PROJECT_ID
valueFrom:
secretKeyRef:
name: shared-secrets
key: firestore_project_id
# GOOGLE HEALTH CARE API
- name: DATA_PROJECT_ID
valueFrom:
secretKeyRef:
name: shared-secrets
key: data_project_id
- name: REGION_ID
valueFrom:
secretKeyRef:
name: shared-secrets
key: region_id
- name: CONSENT_ENABLED
valueFrom:
secretKeyRef:
name: shared-secrets
key: consent_enabled
- name: FHIR_ENABLED
valueFrom:
secretKeyRef:
name: shared-secrets
key: fhir_enabled
- name: INGEST_DATA_TO_BIGQUERY
valueFrom:
secretKeyRef:
name: shared-secrets
key: ingest_data_to_bigquery
- name: DISCARD_FHIR
valueFrom:
secretKeyRef:
name: shared-secrets
key: discard_fhir
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/secrets/gcloud_key/key.json"
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /response-datastore/healthCheck
port: 8080
initialDelaySeconds: 180
periodSeconds: 20
resources:
requests:
memory: "800Mi"
cpu: "50m"
volumeMounts:
- name: gcloud-key-volume
mountPath: /secrets/gcloud_key
readOnly: true
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:latest
command: ["/cloud_sql_proxy",
"-instances=<PREFIX>-<ENV>-data:<LOCATION>:mystudies=tcp:3306",
"-credential_file=/secrets/gcloud_key/key.json"]
volumeMounts:
- name: gcloud-key-volume
mountPath: /secrets/gcloud_key
readOnly: true
volumes:
- name: gcloud-key-volume
secret:
secretName: response-datastore-gke-sa-gcloud-key