Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 56 additions & 2 deletions deployment/chainloop/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -173,14 +173,22 @@ Return the Postgresql connection string for Atlas migration
Return the Postgresql hostname
*/}}
{{- define "controlplane.database.host" -}}
{{- ternary (include "chainloop.postgresql.fullname" .) .Values.controlplane.externalDatabase.host .Values.postgresql.enabled -}}
{{- if .Values.controlplane.sqlProxy.enabled }}
{{- include "chainloop.sql-proxy.fullname" . -}}
{{- else -}}
{{- ternary (include "chainloop.postgresql.fullname" .) .Values.controlplane.externalDatabase.host .Values.postgresql.enabled -}}
{{- end -}}
{{- end -}}

{{/*
Return the Postgresql port
*/}}
{{- define "controlplane.database.port" -}}
{{- ternary 5432 .Values.controlplane.externalDatabase.port .Values.postgresql.enabled -}}
{{- if .Values.controlplane.sqlProxy.enabled }}
{{- 5432 -}}
{{- else -}}
{{- ternary 5432 .Values.controlplane.externalDatabase.port .Values.postgresql.enabled -}}
{{- end -}}
{{- end -}}

{{/*
Expand Down Expand Up @@ -266,6 +274,52 @@ null
{{- end -}}
{{- end -}}

{{/*
##############################################################################
sql-proxy helpers
##############################################################################
*/}}

{{/*
Chainloop sql-proxy release name
*/}}
{{- define "chainloop.sql-proxy.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "sql-proxy" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Chainloop sql-proxy Chart fullname
*/}}
{{- define "chainloop.sql-proxy.name" -}}
{{- printf "%s-%s" (include "common.names.name" .) "sql-proxy" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Common labels
*/}}
{{- define "chainloop.sql-proxy.labels" -}}
{{- include "common.labels.standard" . }}
app.kubernetes.io/part-of: chainloop
app.kubernetes.io/component: sql-proxy
{{- end }}

{{/*
Migration labels
*/}}
{{- define "chainloop.sql-proxy.migration.labels" -}}
{{- include "common.labels.standard" . }}
app.kubernetes.io/part-of: chainloop
app.kubernetes.io/component: sql-proxy-migration
{{- end }}

{{/*
Selector labels
*/}}
{{- define "chainloop.sql-proxy.selectorLabels" -}}
{{- include "common.labels.matchLabels" .}}
app.kubernetes.io/component: sql-proxy
{{- end }}

{{/*
##############################################################################
CAS Helpers
Expand Down
22 changes: 0 additions & 22 deletions deployment/chainloop/templates/controlplane/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,28 +29,6 @@ spec:
securityContext:
{{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }}
containers:
{{ if .Values.controlplane.sqlProxy.enabled }}
- name: cloud-sql-proxy
# It is recommended to use the latest version of the Cloud SQL proxy
# Make sure to update on a regular schedule!
image: gcr.io/cloudsql-docker/gce-proxy:1.28.0 # make sure the use the latest version
command:
- "/cloud_sql_proxy"
# If connecting from a VPC-native GKE cluster, you can use the
# following flag to have the proxy connect over private IP
# - "-ip_address_types=PRIVATE"

# By default, the proxy will write all logs to stderr. In some
# environments, anything printed to stderr is consider an error. To
# disable this behavior and write all logs to stdout (except errors
# which will still go to stderr), use:
- "-log_debug_stdout"
- "-instances={{ .Values.controlplane.sqlProxy.connectionName }}=tcp:5432"
securityContext:
runAsNonRoot: true
resources:
{{- toYaml .Values.controlplane.sqlProxy.resources | nindent 12 }}
{{- end }}
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.controlplane.securityContext | nindent 12 }}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{{ if .Values.controlplane.sqlProxy.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "chainloop.sql-proxy.fullname" . }}
labels:
{{- include "chainloop.sql-proxy.labels" . | nindent 4 }}
spec:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the affinity code might look like

 affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchLabels:
            app.kubernetes.io/component: controlplane

but I think it will only guarantee that one of the controlplane replicas will have a proxy in the same node, not that both replicas have it.

In any case I believe it is still worth it and we can just keep an eye on it. WDYT?

replicas: 1
selector:
matchLabels:
{{- include "chainloop.sql-proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: cloud-sql-proxy
labels:
{{- include "chainloop.sql-proxy.selectorLabels" . | nindent 8 }}
spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: controlplane
topologyKey: kubernetes.io/hostname
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the topology key required?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes it is indeed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

{{- with .Values.controlplane.image.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "controlplane.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }}
containers:

- name: cloud-sql-proxy
# It is recommended to use the latest version of the Cloud SQL proxy
# Make sure to update on a regular schedule!
image: gcr.io/cloudsql-docker/gce-proxy:1.33.10 # make sure the use the latest version
command:
- "/cloud_sql_proxy"
# If connecting from a VPC-native GKE cluster, you can use the
# following flag to have the proxy connect over private IP
# - "-ip_address_types=PRIVATE"

# By default, the proxy will write all logs to stderr. In some
# environments, anything printed to stderr is consider an error. To
# disable this behavior and write all logs to stdout (except errors
# which will still go to stderr), use:
- "-log_debug_stdout"
- "-instances={{ .Values.controlplane.sqlProxy.connectionName }}=tcp:0.0.0.0:5432"
securityContext:
runAsNonRoot: true
resources:
{{- toYaml .Values.controlplane.sqlProxy.resources | nindent 12 }}
{{- end }}
22 changes: 0 additions & 22 deletions deployment/chainloop/templates/controlplane/migrate-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,28 +22,6 @@ spec:
securityContext:
{{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }}
containers:
{{ if .Values.controlplane.sqlProxy.enabled }}
- name: cloud-sql-proxy
# It is recommended to use the latest version of the Cloud SQL proxy
# Make sure to update on a regular schedule!
image: gcr.io/cloudsql-docker/gce-proxy:1.28.0 # make sure the use the latest version
command:
- "/cloud_sql_proxy"
# If connecting from a VPC-native GKE cluster, you can use the
# following flag to have the proxy connect over private IP
# - "-ip_address_types=PRIVATE"

# By default, the proxy will write all logs to stderr. In some
# environments, anything printed to stderr is consider an error. To
# disable this behavior and write all logs to stdout (except errors
# which will still go to stderr), use:
- "-log_debug_stdout"
- "-instances={{ .Values.controlplane.sqlProxy.connectionName }}=tcp:5432"
securityContext:
runAsNonRoot: true
resources:
{{- toYaml .Values.controlplane.sqlProxy.resources | nindent 12 }}
{{- end }}
- name: migrate
image: "{{ .Values.controlplane.migration.image.repository }}:{{ .Values.controlplane.migration.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }}
Expand Down
17 changes: 17 additions & 0 deletions deployment/chainloop/templates/controlplane/service_sql-proxy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{{ if .Values.controlplane.sqlProxy.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "chainloop.sql-proxy.fullname" . }}
labels:
{{- include "chainloop.sql-proxy.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.controlplane.externalDatabase.port }}
targetPort: {{ .Values.controlplane.externalDatabase.port }}
protocol: TCP
name: tpc
selector:
{{- include "chainloop.sql-proxy.selectorLabels" . | nindent 4 }}
{{- end }}