-
Notifications
You must be signed in to change notification settings - Fork 247
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Jimmy Zelinskie <jimmy@zelinskie.com>
- Loading branch information
1 parent
8931d76
commit 5405258
Showing
1 changed file
with
90 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| # This file contains the most basic configuration of SpiceDB in Kubernetes. | ||
| # | ||
| # It runs with the following: | ||
| # - a single node deployment | ||
| # - default ports (gRPC 50051, dashboard 8080) | ||
| # - no TLS | ||
| # - debug logging | ||
| # - in-memory datastore | ||
| # | ||
| # To apply this configuration execute the following: | ||
| # kubectl -n $YOUR_NAMESPACE create secret generic spicedb --from-literal=SPICEDB_GRPC_PRESHARED_KEY=$YOUR_SECRET | ||
| # kubectl -n $YOUR_NAMESPACE apply -f basic.yaml | ||
| --- | ||
| apiVersion: "v1" | ||
| kind: "Service" | ||
| metadata: | ||
| name: "spicedb" | ||
| labels: | ||
| app: "spicedb" | ||
| spec: | ||
| selector: | ||
| app: "spicedb" | ||
| type: "ClusterIP" | ||
| ports: | ||
| - name: "grpc" | ||
| port: 50051 | ||
| protocol: "TCP" | ||
| targetPort: 50051 | ||
| - name: "internal" | ||
| port: 50053 | ||
| protocol: "TCP" | ||
| targetPort: 50053 | ||
| --- | ||
| apiVersion: "apps/v1" | ||
| kind: "Deployment" | ||
| metadata: | ||
| name: "spicedb" | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: "spicedb" | ||
| strategy: | ||
| rollingUpdate: | ||
| maxSurge: "25%" | ||
| maxUnavailable: "25%" | ||
| type: "RollingUpdate" | ||
| progressDeadlineSeconds: 600 | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: "spicedb" | ||
| spec: | ||
| dnsPolicy: "ClusterFirst" | ||
| restartPolicy: "Always" | ||
| terminationGracePeriodSeconds: 30 | ||
| containers: | ||
| - name: "spicedb" | ||
| image: "quay.io/authzed/spicedb:v1.0.0" | ||
| imagePullPolicy: "IfNotPresent" | ||
| command: ["spicedb", "serve"] | ||
| env: | ||
| - name: "SPICEDB_GRPC_NO_TLS" | ||
| value: "true" | ||
| - name: "SPICEDB_GRPC_SHUTDOWN_GRACE_PERIOD" | ||
| value: "1s" | ||
| - name: "SPICEDB_LOG_LEVEL" | ||
| value: "debug" | ||
| - name: "SPICEDB_GRPC_PRESHARED_KEY" | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: "spicedb" | ||
| key: "SPICEDB_GRPC_PRESHARED_KEY" | ||
| ports: | ||
| - name: "grpc" | ||
| containerPort: 50051 | ||
| protocol: "TCP" | ||
| - name: "internal" | ||
| containerPort: 50053 | ||
| protocol: "TCP" | ||
| - name: "prometheus" | ||
| containerPort: 9090 | ||
| protocol: "TCP" | ||
| readinessProbe: | ||
| exec: | ||
| command: ["grpc_health_probe", "-v", "-addr=localhost:50051"] | ||
| failureThreshold: 5 | ||
| periodSeconds: 10 | ||
| successThreshold: 1 | ||
| timeoutSeconds: 5 |