feat: Add cloudsql sidecar

Unleash · Dec 22, 2023 · 6df3175 · 6df3175
1 parent e00650b
commit 6df3175
Show file tree

Hide file tree

Showing 6 changed files with 77 additions and 8 deletions.
diff --git a/charts/unleash/Chart.yaml b/charts/unleash/Chart.yaml
@@ -15,4 +15,4 @@ sources:
   - https://github.com/Unleash/unleash
   - https://github.com/Unleash/helm-charts
 type: application
-version: 3.0.6
+version: 3.1.0
diff --git a/charts/unleash/templates/_helpers.tpl b/charts/unleash/templates/_helpers.tpl
@@ -50,3 +50,13 @@ app.kubernetes.io/name: {{ include "unleash.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{/*
+Service account
+*/}}
+{{- define "unleash.serviceAccountName" -}}
+{{- if and .Values.serviceAccount .Values.serviceAccount.fullnameOverride }}
+{{- .Values.serviceAccount.fullnameOverride }}
+{{- else }}
+{{- include "unleash.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/unleash/templates/deployment.yaml b/charts/unleash/templates/deployment.yaml
@@ -1,4 +1,3 @@
-{{- $fullname := include "unleash.fullname" . -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -24,6 +23,7 @@ spec:
         {{ $key }}: {{ $value | quote }}
         {{- end }}
     spec:
+      serviceAccountName: {{ include "unleash.serviceAccountName" . }}
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
@@ -64,7 +64,7 @@ spec:
             - name: {{ $key }}
               valueFrom:
                 secretKeyRef:
-                  name: {{ $fullname }}
+                  name: {{ include "unleash.fullname" . }}
                   key: {{ $key }}
             {{- end }}
             {{- end }}
@@ -107,6 +107,23 @@ spec:
           {{- end }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+        {{- if and .Values.cloudsql .Values.cloudsql.enabled  }}
+        - name: cloudsql-proxy
+          image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
+          imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
+          securityContext:
+            runAsNonRoot: true
+          command: [ "/cloud_sql_proxy" ]
+          args:
+            - "-instances={{ .Values.cloudsql.instance }}=tcp:{{ .Values.dbConfig.port }}"
+            {{- with .Values.cloudsql.flags }}
+            {{- range . }}
+            - {{ . }}
+            {{- end }}
+            {{- end }}
+          resources:
+            {{- toYaml .Values.cloudsql.resources | nindent 12 }}
+          {{- end }}
       {{- with .Values.initContainers }}
       initContainers:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/unleash/templates/service.yaml b/charts/unleash/templates/service.yaml
@@ -4,12 +4,10 @@ metadata:
   name: {{ include "unleash.fullname" . }}
   labels:
     {{- include "unleash.labels" . | nindent 4 }}
-{{- if .Values.service.annotations }}
-{{- with .Values.service.annotations }}
+  {{- with .Values.service.annotations }}
   annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-{{- end }}
+    {{ toYaml . | indent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

diff --git a/charts/unleash/templates/serviceAccount.yaml b/charts/unleash/templates/serviceAccount.yaml
@@ -0,0 +1,12 @@
+{{- if and .Values.serviceAccount .Values.serviceAccount.create }}
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: {{ include "unleash.serviceAccountName" . }}
+  labels:
+    {{- include "unleash.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/unleash/values.yaml b/charts/unleash/values.yaml
@@ -150,6 +150,12 @@ image:
 
 imagePullSecrets: []
 
+# Service account
+serviceAccount:
+  create: false
+  fullnameOverride: ""
+  annotations: {}
+
 ingress:
   enabled: false
   className: ""
@@ -253,3 +259,29 @@ autoscaling:
   maxReplicas: 0
   targetCPUUtilizationPercentage: 70
   targetMemoryUtilizationPercentage: 70
+
+# CloudSQL in GKE
+cloudsql:
+  # If you enable cloudsql, ensure that serviceAccount.annotations is populated with associated GKE workload identity:
+  # e.g. iam.gke.io/gcp-service-account: airflow@gcp-project.iam.gserviceaccount.com
+  enabled: false
+  # Set CloudSQL instance: 'project:zone:instancename'
+  instance: ""
+  image:
+    repository: gcr.io/cloudsql-docker/gce-proxy
+    tag: 1.32.0
+    pullPolicy: IfNotPresent
+  resources:
+    {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #   cpu: 10m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 256Mi
+  # Additional flags to pass to cloudsql
+  flags: []