From dbaaac3d7ed2683b8f961442ff465883ce2df99d Mon Sep 17 00:00:00 2001 From: soru23 Date: Thu, 27 Jul 2023 01:23:04 +0200 Subject: [PATCH 1/2] add an sql proxy sidecontainer --- helm/templates/statefulset.yaml | 28 ++++++++++++++++++++++++++++ helm/values.yaml | 26 ++++++++++++++++++++++++-- 2 files changed, 52 insertions(+), 2 deletions(-) diff --git a/helm/templates/statefulset.yaml b/helm/templates/statefulset.yaml index 8e4ae8ad..2bcf59c1 100644 --- a/helm/templates/statefulset.yaml +++ b/helm/templates/statefulset.yaml @@ -165,6 +165,34 @@ spec: {{- if .Values.extraVolumeMounts }} {{- include "polybase.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} + + #cloud-sql-proxy + {{- if .Values.cloudsql.enabled }} + - name: {{ include "polybase.name" . }}-sql-proxy + args: + {{- if .Values.cloudsql.credentialFile }} + - --credentials-file={{ .Values.cloudsql.credentialFile }} + {{- end }} + {{- if .Values.cloudsql.usePrivateIP }} + - --private-ip + {{- end }} + - --max-sigterm-delay={{ .Values.cloudsql.timeout | default "30s" }} + {{- if .Values.cloudsql.externalProjectId }} + - "polybase-{{ .Values.cloudsql.externalProjectId }}:{{ .Values.cloudsql.region }}:{{ .Values.cloudsql.db_instance }}" + {{- else }} + - "polybase-{{ .Values.env }}:{{ .Values.cloudsql.region }}:{{ .Values.cloudsql.db_instance }}" + {{- end }} + image: {{ .Values.cloudsql.image }}:{{ .Values.cloudsql.tag }} + imagePullPolicy: IfNotPresent + securityContext: + {{- toYaml .Values.cloudsql.securityContext | nindent 12 }} + resources: + {{- toYaml .Values.cloudsql.resources | nindent 12 }} + {{- if .Values.cloudsql.volumesFromSecrets }} + volumeMounts: + {{ include "secret.container.mounts" .Values.cloudsql | indent 12 }} + {{- end }} + {{- end }} volumes: - name: scripts-vol configMap: diff --git a/helm/values.yaml b/helm/values.yaml index 78c9f46f..9d9861dc 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -234,8 +234,30 @@ serviceAccount: ## automountServiceAccountToken: true -## @section Traffic Exposure Parameters -## +## @section Cloud SQL Proxy +cloudsql: + enabled: false + usePrivateIP: true + resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/cloud-sql-connectors/cloud-sql-proxy + tag: "2.6.0" + region: us-central1 + db_instance: polybase + credentialFile: "/path/to/credentials.json" + volumesFromSecrets: [] ## Polybase service parameters ## From 56aded2d47905c79c39752918302095acb63c333 Mon Sep 17 00:00:00 2001 From: soru23 Date: Sun, 30 Jul 2023 23:02:39 +0200 Subject: [PATCH 2/2] added external SA support --- helm/prenet-values.yaml | 2 ++ helm/templates/statefulset.yaml | 7 +++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/helm/prenet-values.yaml b/helm/prenet-values.yaml index 541a92e5..ed6ac22e 100644 --- a/helm/prenet-values.yaml +++ b/helm/prenet-values.yaml @@ -35,6 +35,8 @@ persistence: storageClass: "" size: 20Gi +# externalServiceAccount: "prenet" + extraEnvVars: - name: LOG_LEVEL value: "DEBUG" diff --git a/helm/templates/statefulset.yaml b/helm/templates/statefulset.yaml index 2bcf59c1..e45d156a 100644 --- a/helm/templates/statefulset.yaml +++ b/helm/templates/statefulset.yaml @@ -34,6 +34,9 @@ spec: {{- end }} {{- end }} spec: + {{- if .Values.externalServiceAccount}} + serviceAccount: {{ .Values.externalServiceAccount }} + {{- end }} {{- if .Values.affinity }} affinity: {{- include "polybase.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- else }} @@ -177,11 +180,7 @@ spec: - --private-ip {{- end }} - --max-sigterm-delay={{ .Values.cloudsql.timeout | default "30s" }} - {{- if .Values.cloudsql.externalProjectId }} - - "polybase-{{ .Values.cloudsql.externalProjectId }}:{{ .Values.cloudsql.region }}:{{ .Values.cloudsql.db_instance }}" - {{- else }} - "polybase-{{ .Values.env }}:{{ .Values.cloudsql.region }}:{{ .Values.cloudsql.db_instance }}" - {{- end }} image: {{ .Values.cloudsql.image }}:{{ .Values.cloudsql.tag }} imagePullPolicy: IfNotPresent securityContext: