Adds support for a Google Cloud SQL sidecar (#297)

treeverse · Dec 8, 2024 · 2da9caa · 2da9caa
1 parent 6cbfc9e
commit 2da9caa
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 2 deletions.
diff --git a/charts/lakefs/Chart.yaml b/charts/lakefs/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: lakefs
 description: A Helm chart for running LakeFS on Kubernetes
 type: application
-version: 1.3.21
+version: 1.3.22
 appVersion: 1.43.0
 
 home: https://lakefs.io

diff --git a/charts/lakefs/README.md b/charts/lakefs/README.md
@@ -48,6 +48,26 @@ lakefsConfig: |
       domain_name: s3.lakefs.example.com
 ```
 
+Example `my-values.yaml` using PostgreSQL with Cloud SQL Auth Proxy in GCP:
+
+```yaml
+secrets:
+    databaseConnectionString: postgres://<DB_USERNAME>:<DB_PASSWORD>@localhost:5432/<DB_NAME>
+    authEncryptSecretKey: <some random string>
+lakefsConfig: |
+  database:
+    type: postgres
+  blockstore:
+    type: gs
+    gs:
+      credentials_json: '<credentials_json>'
+serviceAccount:
+  name: <service account name>
+gcpFallback:
+  enabled: true
+  instance: <my_project>:<my_region>:<my_instance>=tcp:5432
+```
+
 Example `my-values.yaml` using DynamoDB:
 ```yaml
 secrets:
@@ -130,5 +150,7 @@ helm upgrade -f my-values.yaml my-lakefs lakefs/lakefs --set kv_upgrade=true
 | `s3Fallback.enabled`                  | If set to true, an [S3Proxy](https://github.com/gaul/s3proxy) container will be started. Requests to lakeFS S3 gateway with a non-existing repository will be forwarded to this container.                                                                                           |                                     |
 | `s3Fallback.aws_access_key`           | An AWS access key to be used by the S3Proxy for authentication                                                                                                                                                                                                                       |                                     |
 | `s3Fallback.aws_secret_key`           | An AWS secret key to be used by the S3Proxy for authentication                                                                                                                                                                                                                       |                                     |
+| `gcpFallback.enabled`                 | If set to true, an [GCP Proxy](https://github.com/GoogleCloudPlatform/cloud-sql-proxy) container will be started.                                                                                                                                                                    |                                     |
+| `gcpFallback.instance`                | The instance to connect to. See the example above for the format.                                                                                                                                                                                                                                                        |                                     |
 | `committedLocalCacheVolume`           | A volume definition to be mounted by lakeFS and used for caching committed metadata. See [here](https://kubernetes.io/docs/concepts/storage/volumes/#volume-types) for a list of supported volume types. The default values.yaml file shows an example of how to use this parameter. |                                     |
-| `serviceAccount.name`                 | Name of the service account to use for the lakeFS pods. If not set, use the `default` service account.                                                                                                                          |                                     |
+| `serviceAccount.name`                 | Name of the service account to use for the lakeFS pods. If not set, use the `default` service account.                                                                                                                                                                               |                                     |
diff --git a/charts/lakefs/templates/_gcp_proxy_container.tpl b/charts/lakefs/templates/_gcp_proxy_container.tpl
@@ -0,0 +1,18 @@
+{{- define "lakefs.gcpProxyContainer" }}
+{{- if .Values.lakefsConfig }}
+{{ $config := .Values.lakefsConfig | fromYaml  }}
+{{- end }}
+{{- if .Values.gcpFallback.enabled }}
+- name: gcp-proxy
+  image: eu.gcr.io/cloudsql-docker/gce-proxy:1.33.4
+  imagePullPolicy: IfNotPresent
+  command:
+    - /cloud_sql_proxy
+    - -term_timeout=10s
+  env:
+{{- if .Values.gcpFallback.instance }}
+  - name: INSTANCES
+    value: {{ .Values.gcpFallback.instance }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/lakefs/templates/deployment.yaml b/charts/lakefs/templates/deployment.yaml
@@ -91,6 +91,7 @@ spec:
           {{- end }}
           {{- include "lakefs.env" . | nindent 10 }}
         {{- include "lakefs.s3proxyContainer" . | nindent 8}}
+        {{- include "lakefs.gcpProxyContainer" . | nindent 8}}
       volumes:
         {{- include "lakefs.volumes" . | nindent 8 }}
       {{- with .Values.nodeSelector }}

diff --git a/charts/lakefs/values.yaml b/charts/lakefs/values.yaml
@@ -60,6 +60,9 @@ topologySpreadConstraints: []
 s3Fallback:
   enabled: false
 
+gcpFallback:
+  enabled: false
+
 lakefsConfig: |
   database:
     type: local