Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Init & Sidecar containers #662

Open
MalcolmCyber opened this issue Nov 4, 2022 · 3 comments
Open

Support for Init & Sidecar containers #662

MalcolmCyber opened this issue Nov 4, 2022 · 3 comments
Assignees
@BaruchBilanski

Comments

@MalcolmCyber
Copy link

Can there be an entry in Gate and Web deployment yamls to allow for additions of init containers and side car containers to be added as part of the values yaml.

For example, in GCP, we're required to have a gce-proxy container to securely speak to our cloudsql DB, using image: gcr.io/cloudsql-docker/gce-proxy:1.17 as a sidecar. This means we have to modify the helm charts leading us to get out of date pretty quickly without the risk of removing the sidecar.

In addition, when Vault injector isn't available, we would use the init containers to retrieve secrets/certs from Vault. Again, this means modifications to helm charts leading us to get out of date quickly.

You could have Values of gate.init.enabled or web.init.enabled and it dumps the config of gate.init.container to the gate deployment YAML. Same with Web & Sidecar containers.
@BaruchBilanski
Copy link
Collaborator

@MalcolmCyber
Hi,
I'd appreciate hearing back from you if this solution would be suitable for you.
I will raise a PR and we will release a new version if it does

2022.4...BaruchBilanski:aqua-helm-fork:2022.4-web-sidecar

@BaruchBilanski BaruchBilanski self-assigned this Dec 22, 2022
@MalcolmCyber
Copy link
Author

Hi @BaruchBilanski that would be great. I've modified my helm in a similar manner.

@MalcolmCyber
Copy link
Author

Instead of IF statements, I've used {{- include "server.initContainers" .Values | nindent 6 }} & {{- include "server.extraContainers" .Values | nindent 6 }}

With a .Values content under .Values.web.extraContainers (and gate)
extraContainers:
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.17
command: ["/cloud_sql_proxy",
"-instances=mgmt-ctu-aqua-scalock-db=tcp:5432,mgmt-ctu-aqua-scalock-audit-db=tcp:5432,mgmt-ctu-aqua-scalock-audit-db=tcp:5432",
"-ip_address_types=PRIVATE"]

helper.tpl update:

{{/*
Inject additional containers into the pod if populated
*/}}
{{- define "server.extraContainers" -}}
{{- range $i, $container := .extraContainers }}

  • name: {{ $container.name }}
    image: {{ $container.image }}
    command: {{ $container.command }}
    {{- end }}
    {{- end -}}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BaruchBilanski BaruchBilanski

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MalcolmCyber @BaruchBilanski