forked from pixie-io/pixie
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Run plugin job for Pixie Cloud on GKE envs
Summary: We want to run the plugin job every release, to ensure that we keep the plugins up-to-date. this job already runs for public cloud, but does not run for our GKE environments as they need a sidecar. Test Plan: deploy to testing cloud through skaffold, watch the job run. Reviewers: vihang Reviewed By: vihang Signed-off-by: Michelle Nguyen <michellenguyen@pixielabs.ai> Differential Revision: https://phab.corp.pixielabs.ai/D11241 GitOrigin-RevId: a371153
- Loading branch information
1 parent
480882d
commit eed29fa
Showing
6 changed files
with
89 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| --- | ||
| apiVersion: kustomize.config.k8s.io/v1beta1 | ||
| kind: Kustomization | ||
| commonLabels: | ||
| app: pl-cloud | ||
| resources: | ||
| - plugin_job.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| --- | ||
| apiVersion: batch/v1 | ||
| kind: Job | ||
| metadata: | ||
| name: plugin-db-updater-job | ||
| labels: | ||
| jobgroup: plugin-db-updater | ||
| spec: | ||
| ttlSecondsAfterFinished: 10 | ||
| template: | ||
| metadata: | ||
| name: plugin-db-updater-job | ||
| labels: | ||
| jobgroup: plugin-db-updater | ||
| spec: | ||
| containers: | ||
| - name: updater | ||
| image: gcr.io/pixie-oss/pixie-dev/cloud/plugin/load_db:latest | ||
| command: ["/busybox/sh", "-c"] | ||
| args: | ||
| - | | ||
| trap "touch /tmp/pod/terminated" EXIT | ||
| /plugin_db_updater/load_db | ||
| envFrom: | ||
| - configMapRef: | ||
| name: pl-db-config | ||
| volumeMounts: | ||
| - mountPath: /tmp/pod | ||
| name: tmp-pod | ||
| env: | ||
| - name: PL_POSTGRES_USERNAME | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: pl-db-secrets | ||
| key: PL_POSTGRES_USERNAME | ||
| - name: PL_POSTGRES_PASSWORD | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: pl-db-secrets | ||
| key: PL_POSTGRES_PASSWORD | ||
| - name: PL_PLUGIN_REPO | ||
| value: "pixie-io/pixie-plugin" | ||
| - image: b.gcr.io/cloudsql-docker/gce-proxy:1.14 | ||
| name: cloudsql-proxy | ||
| command: ["/bin/sh", "-c"] | ||
| envFrom: | ||
| - configMapRef: | ||
| name: pl-db-config | ||
| args: | ||
| - | | ||
| /cloud_sql_proxy \ | ||
| -instances=${PL_POSTGRES_INSTANCE}=tcp:${PL_POSTGRES_PORT} \ | ||
| -ip_address_types=PRIVATE \ | ||
| -credential_file=/secrets/cloudsql/db_service_account.json & CHILD_PID=$! | ||
| (while true; do if [[ -f "/tmp/pod/terminated" ]]; then kill $CHILD_PID; | ||
| echo "Killed $CHILD_PID because the main container terminated."; fi; sleep 1; done) & | ||
| wait $CHILD_PID | ||
| if [[ -f "/tmp/pod/terminated" ]]; then exit 0; echo "Job completed. Exiting..."; fi | ||
| volumeMounts: | ||
| - name: pl-db-secrets | ||
| mountPath: /secrets/cloudsql | ||
| readOnly: true | ||
| - mountPath: /tmp/pod | ||
| name: tmp-pod | ||
| readOnly: true | ||
| securityContext: | ||
| runAsUser: 2 # non-root user | ||
| allowPrivilegeEscalation: false | ||
| restartPolicy: Never | ||
| volumes: | ||
| - name: pl-db-secrets | ||
| secret: | ||
| secretName: pl-db-secrets | ||
| - name: tmp-pod | ||
| emptyDir: {} | ||
| backoffLimit: 1 | ||
| parallelism: 1 | ||
| completions: 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters