From 707283d7797ffd8528ede121af8448d48d492d1c Mon Sep 17 00:00:00 2001 From: dgtown Date: Mon, 11 Mar 2024 18:07:16 -0400 Subject: [PATCH 1/3] cloudsql support --- applications/job/templates/_helpers.tpl | 7 +++++++ applications/job/templates/cloudsql-secret.yaml | 4 ++-- applications/job/templates/cronjob.yaml | 2 +- applications/job/templates/hook-configmap.yaml | 2 +- applications/job/values.yaml | 1 + applications/web/templates/_helpers.tpl | 7 +++++++ applications/web/templates/cloudsql-secret.yaml | 4 ++-- applications/web/templates/deployment.yaml | 2 +- applications/web/values.yaml | 1 + applications/worker/templates/_helpers.tpl | 7 +++++++ applications/worker/templates/cloudsql-secret.yaml | 4 ++-- applications/worker/templates/deployment.yaml | 2 +- applications/worker/values.yaml | 3 ++- 13 files changed, 35 insertions(+), 11 deletions(-) diff --git a/applications/job/templates/_helpers.tpl b/applications/job/templates/_helpers.tpl index aa1b24360..828557193 100644 --- a/applications/job/templates/_helpers.tpl +++ b/applications/job/templates/_helpers.tpl @@ -68,3 +68,10 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Name of the service account json secret to use with the CloudSQL proxuy +*/}} +{{- define "cloudsql.serviceAccountJSONSecret" -}} +{{- default (printf "cloudsql-secret-%s" (include "docker-template.fullname" .)) .Values.cloudsql.serviceAccountJSONSecret }} +{{- end }} diff --git a/applications/job/templates/cloudsql-secret.yaml b/applications/job/templates/cloudsql-secret.yaml index 7a2f860f8..e63285ee0 100644 --- a/applications/job/templates/cloudsql-secret.yaml +++ b/applications/job/templates/cloudsql-secret.yaml @@ -1,8 +1,8 @@ -{{- if .Values.cloudsql.enabled -}} +{{- if and .Values.cloudsql.enabled (eq .Values.cloudsql.serviceAccountJSONSecret "") -}} apiVersion: v1 kind: Secret metadata: - name: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + name: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" type: Opaque stringData: service_account.json: {{ .Values.cloudsql.serviceAccountJSON | quote }} diff --git a/applications/job/templates/cronjob.yaml b/applications/job/templates/cronjob.yaml index 42b796c19..e75ab4d4a 100644 --- a/applications/job/templates/cronjob.yaml +++ b/applications/job/templates/cronjob.yaml @@ -198,7 +198,7 @@ spec: volumes: - name: "sidecar-volume-{{ include "docker-template.fullname" . }}" secret: - secretName: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + secretName: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" {{ end }} restartPolicy: Never shareProcessNamespace: true diff --git a/applications/job/templates/hook-configmap.yaml b/applications/job/templates/hook-configmap.yaml index 1a4f92fae..9684fb98a 100644 --- a/applications/job/templates/hook-configmap.yaml +++ b/applications/job/templates/hook-configmap.yaml @@ -204,6 +204,6 @@ data: volumes: - name: "sidecar-volume-{{ include "docker-template.fullname" . }}" secret: - secretName: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + secretName: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" {{ end }} {{- end }} \ No newline at end of file diff --git a/applications/job/values.yaml b/applications/job/values.yaml index d7a573b50..6a1f20100 100644 --- a/applications/job/values.yaml +++ b/applications/job/values.yaml @@ -51,6 +51,7 @@ cloudsql: connectionName: "" dbPort: 5432 serviceAccountJSON: "" + serviceAccountJSONSecret: "" # Set this for enabling DNS extensions over TCP # We enable this by default. diff --git a/applications/web/templates/_helpers.tpl b/applications/web/templates/_helpers.tpl index 92fbabc96..fb5ae99a6 100644 --- a/applications/web/templates/_helpers.tpl +++ b/applications/web/templates/_helpers.tpl @@ -68,3 +68,10 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Name of the service account json secret to use with the CloudSQL proxuy +*/}} +{{- define "cloudsql.serviceAccountJSONSecret" -}} +{{- default (printf "cloudsql-secret-%s" (include "docker-template.fullname" .)) .Values.cloudsql.serviceAccountJSONSecret }} +{{- end }} diff --git a/applications/web/templates/cloudsql-secret.yaml b/applications/web/templates/cloudsql-secret.yaml index 7a2f860f8..e63285ee0 100644 --- a/applications/web/templates/cloudsql-secret.yaml +++ b/applications/web/templates/cloudsql-secret.yaml @@ -1,8 +1,8 @@ -{{- if .Values.cloudsql.enabled -}} +{{- if and .Values.cloudsql.enabled (eq .Values.cloudsql.serviceAccountJSONSecret "") -}} apiVersion: v1 kind: Secret metadata: - name: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + name: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" type: Opaque stringData: service_account.json: {{ .Values.cloudsql.serviceAccountJSON | quote }} diff --git a/applications/web/templates/deployment.yaml b/applications/web/templates/deployment.yaml index 2a4b0d983..db272cc2a 100644 --- a/applications/web/templates/deployment.yaml +++ b/applications/web/templates/deployment.yaml @@ -398,7 +398,7 @@ spec: {{ if .Values.cloudsql.enabled }} - name: "sidecar-volume-{{ include "docker-template.fullname" . }}" secret: - secretName: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + secretName: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" {{ end }} {{ if .Values.pvc.enabled }} - name: "{{ include "docker-template.fullname" . }}-storage" diff --git a/applications/web/values.yaml b/applications/web/values.yaml index 076204646..a633a5121 100644 --- a/applications/web/values.yaml +++ b/applications/web/values.yaml @@ -211,6 +211,7 @@ cloudsql: connectionName: "" dbPort: 5432 serviceAccountJSON: "" + serviceAccountJSONSecret: "" additionalConnection: enabled: false dbPort: 5432 diff --git a/applications/worker/templates/_helpers.tpl b/applications/worker/templates/_helpers.tpl index aa493bba9..6ab1c2994 100644 --- a/applications/worker/templates/_helpers.tpl +++ b/applications/worker/templates/_helpers.tpl @@ -61,3 +61,10 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Name of the service account json secret to use with the CloudSQL proxuy +*/}} +{{- define "cloudsql.serviceAccountJSONSecret" -}} +{{- default (printf "cloudsql-secret-%s" (include "docker-template.fullname" .)) .Values.cloudsql.serviceAccountJSONSecret }} +{{- end }} diff --git a/applications/worker/templates/cloudsql-secret.yaml b/applications/worker/templates/cloudsql-secret.yaml index 7a2f860f8..e63285ee0 100644 --- a/applications/worker/templates/cloudsql-secret.yaml +++ b/applications/worker/templates/cloudsql-secret.yaml @@ -1,8 +1,8 @@ -{{- if .Values.cloudsql.enabled -}} +{{- if and .Values.cloudsql.enabled (eq .Values.cloudsql.serviceAccountJSONSecret "") -}} apiVersion: v1 kind: Secret metadata: - name: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + name: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" type: Opaque stringData: service_account.json: {{ .Values.cloudsql.serviceAccountJSON | quote }} diff --git a/applications/worker/templates/deployment.yaml b/applications/worker/templates/deployment.yaml index 959737ed1..42f623c4d 100644 --- a/applications/worker/templates/deployment.yaml +++ b/applications/worker/templates/deployment.yaml @@ -321,7 +321,7 @@ spec: {{ if .Values.cloudsql.enabled }} - name: "sidecar-volume-{{ include "docker-template.fullname" . }}" secret: - secretName: "cloudsql-secret-{{ include "docker-template.fullname" . }}" + secretName: "{{ include "cloudsql.serviceAccountJSONSecret" . }}" {{ end }} {{ if .Values.pvc.enabled }} - name: "{{ include "docker-template.fullname" . }}-storage" diff --git a/applications/worker/values.yaml b/applications/worker/values.yaml index 3abad9ba4..408508dd7 100644 --- a/applications/worker/values.yaml +++ b/applications/worker/values.yaml @@ -120,7 +120,8 @@ cloudsql: enabled: false connectionName: "" dbPort: 5432 - serviceAccountJSON: "" + serviceAccountSecret: "" + serviceAccountJSONSecret: "" # Set this to add entries to the /etc/hosts file # Format: hostAliases: [{ip: , hostnames: [,..]},..] From 86344dae0b8d9ebca0a883990f13b404a0e47fb2 Mon Sep 17 00:00:00 2001 From: dgtown Date: Mon, 11 Mar 2024 18:11:02 -0400 Subject: [PATCH 2/3] cloudsql support --- applications/worker/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/worker/values.yaml b/applications/worker/values.yaml index 408508dd7..706ce6a2e 100644 --- a/applications/worker/values.yaml +++ b/applications/worker/values.yaml @@ -120,7 +120,7 @@ cloudsql: enabled: false connectionName: "" dbPort: 5432 - serviceAccountSecret: "" + serviceAccountJSON: "" serviceAccountJSONSecret: "" # Set this to add entries to the /etc/hosts file From e1861babaf36332ae15883646aaef823a1a82391 Mon Sep 17 00:00:00 2001 From: dgtown Date: Mon, 11 Mar 2024 18:13:43 -0400 Subject: [PATCH 3/3] cloudsql support --- applications/web/templates/deployment-blue-green.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/web/templates/deployment-blue-green.yaml b/applications/web/templates/deployment-blue-green.yaml index 1b502357d..94d617764 100644 --- a/applications/web/templates/deployment-blue-green.yaml +++ b/applications/web/templates/deployment-blue-green.yaml @@ -284,7 +284,7 @@ spec: {{ if $.Values.cloudsql.enabled }} - name: "sidecar-volume-{{ include "docker-template.fullname" $ }}" secret: - secretName: "cloudsql-secret-{{ include "docker-template.fullname" $ }}" + secretName: "{{ include "cloudsql.serviceAccountJSONSecret" $ }}" {{ end }} {{ if $.Values.pvc.enabled }} - name: "{{ include "docker-template.fullname" . }}-storage"