-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Database Support #17
Comments
Since you can mount arbitrary volumes with Not super easy, no, but possible I think? Have you tried that out? |
We are looking to implement this now outside the helm chart if necessary. My use case is specifically with Google Cloud SQL. If I produce any decent way to do it, I'll report back. |
We ended up using a sidecar container in the helm chart for this: # Sidecar containers that runs alongside GoCD server.
# https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/
sidecarContainers:
# - name: sidecar-container
# image: sidecar-image:latest
# volumeMounts:
# - name: goserver-vol
# mountPath: /godata
- name: cloud-sql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.27.0
command:
- "/cloud_sql_proxy"
- "-ip_address_types=PRIVATE"
- "-credential_file=/secrets/credentials.json"
- "-log_debug_stdout=true"
securityContext:
runAsNonRoot: true
resources:
requests:
memory: "2Gi"
cpu: "1"
volumeMounts:
- name: cloud-sql-proxy
mountPath: /secrets/
readOnly: true Along with db.properties as a secret in the helm chart as well. Seems to be a satisfactory solution if you're running on GKE using Cloud SQL. |
Does anyone have an example of how they configured the secret for this? Using volume mounts doesn't work as it makes the config directory a read only file system on newer versions of Kubernetes |
you mean the db.properties? Here is my code: resource "kubernetes_secret" "db_properties" {
metadata {
name = "db-properties"
namespace = kubernetes_namespace.gocd.metadata.0.name
}
data = {
config = <<-EOF
db.driver=org.postgresql.Driver
db.url=jdbc:postgresql://localhost:5432/gocd
db.user=gocd
db.password=${random_password.gocd.result}
EOF
}
} My values: extraVolumes:
- name: cloud-sql-proxy
secret:
secretName: cloud-sql-proxy-credentials
# checkov:skip=BC_GIT_6: False positive
- name: db-properties
secret:
secretName: db-properties
# checkov:skip=BC_GIT_6: False positive
items:
- key: config
path: db.properties
# server.persistence.extraVolumeMounts additional server volumeMounts
extraVolumeMounts:
- name: db-properties
mountPath: /godata/config/db.properties
subPath: db.properties
readOnly: true If that's not what you're after hit me up because I do have it working. |
Thank you this is what I was after, thank you. I tried the above but then got an error when the server pod started complaining that the config directory was a read only file system... |
Did you mount the whole secret or specific items only? Would need to be specific items for the single file. Otherwise you're mounting the secret over the whole config folder. |
This is partially a question, possibly a request.
Presumption: This chart doesn't appear to support configuring a database other than H2 (I would be happily wrong, am I missing something?)
Expectation: The helm chart would support configuring Postgres, MySQL, etc. via db.properties, including secrets retrieval for DB credentials, and so on.
Again, unless I'm missing something, is the expectation that users would customize the gocd-server image?
Thanks!
The text was updated successfully, but these errors were encountered: