Skip to content
This repository has been archived by the owner on Jul 16, 2021. It is now read-only.

Commit

Permalink
Apply cloudsql-sidecar to all Deployments
Browse files Browse the repository at this point in the history
  • Loading branch information
@gdbelvin
gdbelvin committed Feb 26, 2020
1 parent c1e2303 commit 6d135be
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 20 deletions.
18 changes: 1 addition & 17 deletions deploy/kubernetes/base/log-server-deployment.yaml
View file
Expand Up @@ -13,11 +13,6 @@ spec:
labels:
io.kompose.service: log-server
spec:
restartPolicy: Always
volumes:
- name: secrets-cloudsql
secret:
secretName: cloudsql
containers:
- name: trillian-logserver
args: [
Expand All @@ -36,16 +31,5 @@ spec:
- containerPort: 8090
- containerPort: 8091
resources: {}
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.16
command: ["/cloud_sql_proxy",
"-instances=key-transparency:us-central1:keytransparency-sandbox=tcp:3306",
"-credential_file=/secrets/cloudsql/credentials.json"]
securityContext:
runAsUser: 2 # non-root user
allowPrivilegeEscalation: false
volumeMounts:
- name: secrets-cloudsql
mountPath: /secrets/cloudsql
readOnly: true
restartPolicy: Always
status: {}
26 changes: 26 additions & 0 deletions deploy/kubernetes/overlays/gke/cloudsql-sidecar.yaml
View file
@@ -0,0 +1,26 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloud-sql-sidecar
spec:
template:
spec:
volumes:
- name: secrets-cloudsql
secret:
secretName: cloudsql
containers:
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.16
command: ["/cloud_sql_proxy",
"-instances=key-transparency:us-central1:keytransparency-sandbox=tcp:3306",
"-credential_file=/secrets/cloudsql/credentials.json"]
securityContext:
runAsUser: 2 # non-root user
allowPrivilegeEscalation: false
volumeMounts:
- name: secrets-cloudsql
mountPath: /secrets/cloudsql
readOnly: true


6 changes: 4 additions & 2 deletions deploy/kubernetes/overlays/gke/kustomization.yaml
View file
Expand Up @@ -2,6 +2,10 @@ bases:
- ../../base
resources:
- managed-cert.yaml
patches:
- path: cloudsql-sidecar.yaml
target:
kind: Deployment
patchesStrategicMerge:
- ingress.yaml
- log-server-stackdriver-prometheus-sidecar.yaml
Expand All @@ -10,5 +14,3 @@ patchesStrategicMerge:
- sequencer-stackdriver-prometheus-sidecar.yaml
- server-service.yaml
- server-stackdriver-prometheus-sidecar.yaml


2 changes: 1 addition & 1 deletion scripts/deploy.sh
View file
Expand Up @@ -61,4 +61,4 @@ kustomize edit set image gcr.io/key-transparency/keytransparency-server:${TRAVIS
kustomize edit set image gcr.io/key-transparency/prometheus:${TRAVIS_COMMIT}
kustomize edit set image gcr.io/key-transparency/init:${TRAVIS_COMMIT}
cd -
kubectl apply -k deploy/kubernetes/overlays/gke
kustomize build deploy/kubernetes/overlays/gke/ | kubectl apply -f -

0 comments on commit 6d135be

Please sign in to comment.