diff --git a/applications/job/templates/_helpers.tpl b/applications/job/templates/_helpers.tpl index aa1b24360..828557193 100644 --- a/applications/job/templates/_helpers.tpl +++ b/applications/job/templates/_helpers.tpl @@ -68,3 +68,10 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Name of the service account json secret to use with the CloudSQL proxuy +*/}} +{{- define "cloudsql.serviceAccountJSONSecret" -}} +{{- default (printf "cloudsql-secret-%s" (include "docker-template.fullname" .)) .Values.cloudsql.serviceAccountJSONSecret }} +{{- end }} diff --git a/applications/job/templates/cloudsql-secret.yaml b/applications/job/templates/cloudsql-secret.yaml index 7a2f860f8..e63285ee0 100644 --- a/applications/job/templates/cloudsql-secret.yaml +++ b/applications/job/templates/cloudsql-secret.yaml @@ -1,8 +1,8 @@ -{{- if .Values.cloudsql.enabled -}} +{{- if and .Values.cloudsql.enabled (eq .Values.cloudsql.serviceAccountJSONSecret "") -}} apiVersion: v1 kind: Secret metadata: - name: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + name: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" type: Opaque stringData: service_account.json: {{ .Values.cloudsql.serviceAccountJSON | quote }} diff --git a/applications/job/templates/cronjob.yaml b/applications/job/templates/cronjob.yaml index 42b796c19..e75ab4d4a 100644 --- a/applications/job/templates/cronjob.yaml +++ b/applications/job/templates/cronjob.yaml @@ -198,7 +198,7 @@ spec: volumes: - name: "sidecar-volume-{{ include "docker-template.fullname" . }}" secret: - secretName: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + secretName: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" {{ end }} restartPolicy: Never shareProcessNamespace: true diff --git a/applications/job/templates/hook-configmap.yaml b/applications/job/templates/hook-configmap.yaml index 1a4f92fae..9684fb98a 100644 --- a/applications/job/templates/hook-configmap.yaml +++ b/applications/job/templates/hook-configmap.yaml @@ -204,6 +204,6 @@ data: volumes: - name: "sidecar-volume-{{ include "docker-template.fullname" . }}" secret: - secretName: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + secretName: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" {{ end }} {{- end }} \ No newline at end of file diff --git a/applications/job/values.yaml b/applications/job/values.yaml index d7a573b50..6a1f20100 100644 --- a/applications/job/values.yaml +++ b/applications/job/values.yaml @@ -51,6 +51,7 @@ cloudsql: connectionName: "" dbPort: 5432 serviceAccountJSON: "" + serviceAccountJSONSecret: "" # Set this for enabling DNS extensions over TCP # We enable this by default. diff --git a/applications/web/templates/_helpers.tpl b/applications/web/templates/_helpers.tpl index 92fbabc96..fb5ae99a6 100644 --- a/applications/web/templates/_helpers.tpl +++ b/applications/web/templates/_helpers.tpl @@ -68,3 +68,10 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Name of the service account json secret to use with the CloudSQL proxuy +*/}} +{{- define "cloudsql.serviceAccountJSONSecret" -}} +{{- default (printf "cloudsql-secret-%s" (include "docker-template.fullname" .)) .Values.cloudsql.serviceAccountJSONSecret }} +{{- end }} diff --git a/applications/web/templates/cloudsql-secret.yaml b/applications/web/templates/cloudsql-secret.yaml index 7a2f860f8..e63285ee0 100644 --- a/applications/web/templates/cloudsql-secret.yaml +++ b/applications/web/templates/cloudsql-secret.yaml @@ -1,8 +1,8 @@ -{{- if .Values.cloudsql.enabled -}} +{{- if and .Values.cloudsql.enabled (eq .Values.cloudsql.serviceAccountJSONSecret "") -}} apiVersion: v1 kind: Secret metadata: - name: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + name: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" type: Opaque stringData: service_account.json: {{ .Values.cloudsql.serviceAccountJSON | quote }} diff --git a/applications/web/templates/deployment-blue-green.yaml b/applications/web/templates/deployment-blue-green.yaml index 1b502357d..94d617764 100644 --- a/applications/web/templates/deployment-blue-green.yaml +++ b/applications/web/templates/deployment-blue-green.yaml @@ -284,7 +284,7 @@ spec: {{ if $.Values.cloudsql.enabled }} - name: "sidecar-volume-{{ include "docker-template.fullname" $ }}" secret: - secretName: "cloudsql-secret-{{ include "docker-template.fullname" $ }}" + secretName: "{{ include "cloudsql.serviceAccountJSONSecret" $ }}" {{ end }} {{ if $.Values.pvc.enabled }} - name: "{{ include "docker-template.fullname" . }}-storage" diff --git a/applications/web/templates/deployment.yaml b/applications/web/templates/deployment.yaml index 2a4b0d983..db272cc2a 100644 --- a/applications/web/templates/deployment.yaml +++ b/applications/web/templates/deployment.yaml @@ -398,7 +398,7 @@ spec: {{ if .Values.cloudsql.enabled }} - name: "sidecar-volume-{{ include "docker-template.fullname" . }}" secret: - secretName: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + secretName: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" {{ end }} {{ if .Values.pvc.enabled }} - name: "{{ include "docker-template.fullname" . }}-storage" diff --git a/applications/web/values.yaml b/applications/web/values.yaml index 076204646..a633a5121 100644 --- a/applications/web/values.yaml +++ b/applications/web/values.yaml @@ -211,6 +211,7 @@ cloudsql: connectionName: "" dbPort: 5432 serviceAccountJSON: "" + serviceAccountJSONSecret: "" additionalConnection: enabled: false dbPort: 5432 diff --git a/applications/worker/templates/_helpers.tpl b/applications/worker/templates/_helpers.tpl index aa493bba9..6ab1c2994 100644 --- a/applications/worker/templates/_helpers.tpl +++ b/applications/worker/templates/_helpers.tpl @@ -61,3 +61,10 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Name of the service account json secret to use with the CloudSQL proxuy +*/}} +{{- define "cloudsql.serviceAccountJSONSecret" -}} +{{- default (printf "cloudsql-secret-%s" (include "docker-template.fullname" .)) .Values.cloudsql.serviceAccountJSONSecret }} +{{- end }} diff --git a/applications/worker/templates/cloudsql-secret.yaml b/applications/worker/templates/cloudsql-secret.yaml index 7a2f860f8..e63285ee0 100644 --- a/applications/worker/templates/cloudsql-secret.yaml +++ b/applications/worker/templates/cloudsql-secret.yaml @@ -1,8 +1,8 @@ -{{- if .Values.cloudsql.enabled -}} +{{- if and .Values.cloudsql.enabled (eq .Values.cloudsql.serviceAccountJSONSecret "") -}} apiVersion: v1 kind: Secret metadata: - name: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + name: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" type: Opaque stringData: service_account.json: {{ .Values.cloudsql.serviceAccountJSON | quote }} diff --git a/applications/worker/templates/deployment.yaml b/applications/worker/templates/deployment.yaml index 959737ed1..42f623c4d 100644 --- a/applications/worker/templates/deployment.yaml +++ b/applications/worker/templates/deployment.yaml @@ -321,7 +321,7 @@ spec: {{ if .Values.cloudsql.enabled }} - name: "sidecar-volume-{{ include "docker-template.fullname" . }}" secret: - secretName: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + secretName: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" {{ end }} {{ if .Values.pvc.enabled }} - name: "{{ include "docker-template.fullname" . }}-storage" diff --git a/applications/worker/values.yaml b/applications/worker/values.yaml index 3abad9ba4..706ce6a2e 100644 --- a/applications/worker/values.yaml +++ b/applications/worker/values.yaml @@ -121,6 +121,7 @@ cloudsql: connectionName: "" dbPort: 5432 serviceAccountJSON: "" + serviceAccountJSONSecret: "" # Set this to add entries to the /etc/hosts file # Format: hostAliases: [{ip: , hostnames: [,..]},..]