Skip to content

Commit

Permalink
Add ability to use existing service account for CloudSQL. (helm#14246)
Browse files Browse the repository at this point in the history 
Signed-off-by: sT331h0rs3 <[email protected]>
  • Loading branch information
@sT331h0rs3 @k8s-ci-robot
sT331h0rs3 authored and k8s-ci-robot committed Jun 1, 2019
1 parent 576a3aa commit 4469c95
Show file tree
Hide file tree
Showing 10 changed files with 107 additions and 8 deletions.
2 changes: 1 addition & 1 deletion stable/anchore-engine/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: anchore-engine
version: 1.0.4
version: 1.0.5
appVersion: 0.4.0
description: Anchore container analysis and policy evaluation engine service
keywords:
Expand Down
4 changes: 4 additions & 0 deletions stable/anchore-engine/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,10 @@ anchoreGlobal:
cloudsql:
enabled: true
instance: "project:zone:cloudsqlinstancename"
# Optional existing service account secret to use.
useExistingServiceAcc: true
serviceAccSecretName: my_service_acc
serviceAccJsonName: for_cloudsql.json
image:
repository: gcr.io/cloudsql-docker/gce-proxy
tag: 1.12
Expand Down
15 changes: 14 additions & 1 deletion stable/anchore-engine/templates/analyzer_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,15 @@ spec:
image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
command: ["/cloud_sql_proxy"]
args: ["-instances={{ .Values.cloudsql.instance }}=tcp:5432"]
args:
- "-instances={{ .Values.cloudsql.instance }}=tcp:5432"
{{- if .Values.cloudsql.useExistingServiceAcc }}
- "-credential_file=/var/{{ .Values.cloudsql.serviceAccSecretName }}/{{ .Values.cloudsql.serviceAccJsonName }}"
volumeMounts:
- mountPath: /var/{{ .Values.cloudsql.serviceAccSecretName }}
name: {{ .Values.cloudsql.serviceAccSecretName }}
readOnly: true
{{- end }}
{{- end }}
- name: {{ .Chart.Name }}-{{ $component }}
image: {{ .Values.anchoreGlobal.image }}
Expand Down Expand Up @@ -98,6 +106,11 @@ spec:
{{- end }}
- name: {{ $component }}-scratch
{{ toYaml .Values.anchoreGlobal.scratchVolume.details | indent 10 | trim }}
{{- if .Values.cloudsql.useExistingServiceAcc }}
- name: {{ .Values.cloudsql.serviceAccSecretName }}
secret:
secretName: {{ .Values.cloudsql.serviceAccSecretName }}
{{- end }}
{{- with .Values.anchoreAnalyzer.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 | trim }}
Expand Down
15 changes: 14 additions & 1 deletion stable/anchore-engine/templates/api_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,15 @@ spec:
image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
command: ["/cloud_sql_proxy"]
args: ["-instances={{ .Values.cloudsql.instance }}=tcp:5432"]
args:
- "-instances={{ .Values.cloudsql.instance }}=tcp:5432"
{{- if .Values.cloudsql.useExistingServiceAcc }}
- "-credential_file=/var/{{ .Values.cloudsql.serviceAccSecretName }}/{{ .Values.cloudsql.serviceAccJsonName }}"
volumeMounts:
- mountPath: /var/{{ .Values.cloudsql.serviceAccSecretName }}
name: {{ .Values.cloudsql.serviceAccSecretName }}
readOnly: true
{{- end }}
{{- end }}
- name: "{{ .Chart.Name }}-{{ $component }}"
image: {{ .Values.anchoreGlobal.image }}
Expand Down Expand Up @@ -279,6 +287,11 @@ spec:
secret:
secretName: {{ .Values.anchoreGlobal.internalServicesSsl.certSecret }}
{{- end }}
{{- if .Values.cloudsql.useExistingServiceAcc }}
- name: {{ .Values.cloudsql.serviceAccSecretName }}
secret:
secretName: {{ .Values.cloudsql.serviceAccSecretName }}
{{- end }}
{{- with .Values.anchoreApi.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 | trim }}
Expand Down
15 changes: 14 additions & 1 deletion stable/anchore-engine/templates/catalog_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,15 @@ spec:
image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
command: ["/cloud_sql_proxy"]
args: ["-instances={{ .Values.cloudsql.instance }}=tcp:5432"]
args:
- "-instances={{ .Values.cloudsql.instance }}=tcp:5432"
{{- if .Values.cloudsql.useExistingServiceAcc }}
- "-credential_file=/var/{{ .Values.cloudsql.serviceAccSecretName }}/{{ .Values.cloudsql.serviceAccJsonName }}"
volumeMounts:
- mountPath: /var/{{ .Values.cloudsql.serviceAccSecretName }}
name: {{ .Values.cloudsql.serviceAccSecretName }}
readOnly: true
{{- end }}
{{- end }}
- name: {{ .Chart.Name }}-{{ $component }}
image: {{ .Values.anchoreGlobal.image }}
Expand Down Expand Up @@ -94,6 +102,11 @@ spec:
secret:
secretName: {{ .Values.anchoreGlobal.internalServicesSsl.certSecret }}
{{- end }}
{{- if .Values.cloudsql.useExistingServiceAcc }}
- name: {{ .Values.cloudsql.serviceAccSecretName }}
secret:
secretName: {{ .Values.cloudsql.serviceAccSecretName }}
{{- end }}
{{- with .Values.anchoreCatalog.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 | trim }}
Expand Down
15 changes: 14 additions & 1 deletion stable/anchore-engine/templates/enterprise_feeds_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,15 @@ spec:
image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
command: ["/cloud_sql_proxy"]
args: ["-instances={{ .Values.cloudsql.instance }}=tcp:5432"]
args:
- "-instances={{ .Values.cloudsql.instance }}=tcp:5432"
{{- if .Values.cloudsql.useExistingServiceAcc }}
- "-credential_file=/var/{{ .Values.cloudsql.serviceAccSecretName }}/{{ .Values.cloudsql.serviceAccJsonName }}"
volumeMounts:
- mountPath: /var/{{ .Values.cloudsql.serviceAccSecretName }}
name: {{ .Values.cloudsql.serviceAccSecretName }}
readOnly: true
{{- end }}
{{- end }}
- name: "{{ .Chart.Name }}-{{ $component }}"
image: {{ .Values.anchoreEnterpriseGlobal.image }}
Expand Down Expand Up @@ -102,6 +110,11 @@ spec:
- name: anchore-license
secret:
secretName: {{ .Values.anchoreEnterpriseGlobal.licenseSecretName }}
{{- if .Values.cloudsql.useExistingServiceAcc }}
- name: {{ .Values.cloudsql.serviceAccSecretName }}
secret:
secretName: {{ .Values.cloudsql.serviceAccSecretName }}
{{- end }}
{{- with .Values.anchoreEnterpriseFeeds.nodeSelector }}
nodeSelector:
{{ toYaml .Values.anchoreEnterpriseFeeds.nodeSelector | nindent 8 | trim }}
Expand Down
15 changes: 14 additions & 1 deletion stable/anchore-engine/templates/enterprise_ui_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,15 @@ spec:
image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
command: ["/cloud_sql_proxy"]
args: ["-instances={{ .Values.cloudsql.instance }}=tcp:5432"]
args:
- "-instances={{ .Values.cloudsql.instance }}=tcp:5432"
{{- if .Values.cloudsql.useExistingServiceAcc }}
- "-credential_file=/var/{{ .Values.cloudsql.serviceAccSecretName }}/{{ .Values.cloudsql.serviceAccJsonName }}"
volumeMounts:
- mountPath: /var/{{ .Values.cloudsql.serviceAccSecretName }}
name: {{ .Values.cloudsql.serviceAccSecretName }}
readOnly: true
{{- end }}
{{- end }}
- name: "{{ .Chart.Name }}-{{ $component }}"
image: {{ .Values.anchoreEnterpriseUi.image }}
Expand Down Expand Up @@ -84,6 +92,11 @@ spec:
- name: anchore-ui-config
secret:
secretName: {{ template "anchore-engine.enterprise-ui.fullname" . }}
{{- if .Values.cloudsql.useExistingServiceAcc }}
- name: {{ .Values.cloudsql.serviceAccSecretName }}
secret:
secretName: {{ .Values.cloudsql.serviceAccSecretName }}
{{- end }}
{{- with .Values.anchoreEnterpriseUi.nodeSelector }}
nodeSelector:
{{ toYaml .Values.anchoreEnterpriseUi.nodeSelector | nindent 8 | trim }}
Expand Down
15 changes: 14 additions & 1 deletion stable/anchore-engine/templates/policy_engine_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,15 @@ spec:
image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
command: ["/cloud_sql_proxy"]
args: ["-instances={{ .Values.cloudsql.instance }}=tcp:5432"]
args:
- "-instances={{ .Values.cloudsql.instance }}=tcp:5432"
{{- if .Values.cloudsql.useExistingServiceAcc }}
- "-credential_file=/var/{{ .Values.cloudsql.serviceAccSecretName }}/{{ .Values.cloudsql.serviceAccJsonName }}"
volumeMounts:
- mountPath: /var/{{ .Values.cloudsql.serviceAccSecretName }}
name: {{ .Values.cloudsql.serviceAccSecretName }}
readOnly: true
{{- end }}
{{- end }}
- name: {{ .Chart.Name }}-{{ $component }}
image: {{ .Values.anchoreGlobal.image }}
Expand Down Expand Up @@ -94,6 +102,11 @@ spec:
secret:
secretName: {{ .Values.anchoreGlobal.internalServicesSsl.certSecret }}
{{- end }}
{{- if .Values.cloudsql.useExistingServiceAcc }}
- name: {{ .Values.cloudsql.serviceAccSecretName }}
secret:
secretName: {{ .Values.cloudsql.serviceAccSecretName }}
{{- end }}
{{- with .Values.anchorePolicyEngine.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 | trim }}
Expand Down
15 changes: 14 additions & 1 deletion stable/anchore-engine/templates/simplequeue_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,15 @@ spec:
image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
command: ["/cloud_sql_proxy"]
args: ["-instances={{ .Values.cloudsql.instance }}=tcp:5432"]
args:
- "-instances={{ .Values.cloudsql.instance }}=tcp:5432"
{{- if .Values.cloudsql.useExistingServiceAcc }}
- "-credential_file=/var/{{ .Values.cloudsql.serviceAccSecretName }}/{{ .Values.cloudsql.serviceAccJsonName }}"
volumeMounts:
- mountPath: /var/{{ .Values.cloudsql.serviceAccSecretName }}
name: {{ .Values.cloudsql.serviceAccSecretName }}
readOnly: true
{{- end }}
{{- end }}
- name: "{{ .Chart.Name }}-{{ $component }}"
image: {{ .Values.anchoreGlobal.image }}
Expand Down Expand Up @@ -94,6 +102,11 @@ spec:
secret:
secretName: {{ .Values.anchoreGlobal.internalServicesSsl.certSecret }}
{{- end }}
{{- if .Values.cloudsql.useExistingServiceAcc }}
- name: {{ .Values.cloudsql.serviceAccSecretName }}
secret:
secretName: {{ .Values.cloudsql.serviceAccSecretName }}
{{- end }}
{{- with .Values.anchoreSimpleQueue.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 | trim }}
Expand Down
4 changes: 4 additions & 0 deletions stable/anchore-engine/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ cloudsql:
enabled: false
# set CloudSQL instance: 'project:zone:instancname'
instance: ""
# Optional existing service account secret to use.
# useExistingServiceAcc: false
# serviceAccSecretName: service_acc
# serviceAccJsonName: for_cloudsql.json
image:
# set repo and image tag of gce-proxy
repository: gcr.io/cloudsql-docker/gce-proxy
Expand Down

0 comments on commit 4469c95

Please sign in to comment.