K
Q

Configuring different pod configuration for different environments (Kubernetes + Google Cloud or Minikube)

9/20/2018

I have a (containerized) web service talking to an external CloudSQL service in Google Cloud. I've used the sidecar pattern in which a Google Cloud SQL Proxy container is next to the web service and authenticates+proxies to the external CloudSQL service. This works fine. Let's call this Deployment "deployment-api" with containers "api" + "pg-proxy"

The problem occurs when I want to deploy the application on my local minikube cluster which needs to have different configuration due to the service talking to a local postgres server on my computer. If I deploy "deployment-api" as is to minikube, it tries to run the "pg-proxy" container which barfs and the entire pod goes into a crash loop. Is there a way for me to selectively NOT deploy "pg-proxy" container without having two definitions for the Pod, e.g., using selectors/labels? I do not want to move pg-proxy container into its own deployment.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-api
  namespace: ${MY_ENV}
  labels:
    app: api
    env: ${MY_ENV}
spec:
  replicas: ${REPLICAS}
  selector:
    matchLabels:
      app: api
      env: ${MY_ENV}
  template:
    metadata:
      labels:
        app: api
        env: ${MY_ENV}
    spec:
      containers:
      - name: pg-proxy
        ports:
        - containerPort: 5432
        image: gcr.io/cloudsql-docker/gce-proxy:1.11
        command: ["/cloud_sql_proxy",
          "-instances=<redacted>:${MY_ENV}-app=tcp:5432",
          "-credential_file=/secrets/cloudsql/${MY_ENV}-sql-credentials.json"]
        securityContext:
          runAsUser: 2  # non-root user
          allowPrivilegeEscalation: false
        volumeMounts:
          - name: ${MY_ENV}-cloudsql-instance-credentials
            mountPath: /secrets/cloudsql
            readOnly: true
      - name: api
        image: ${DOCKER_IMAGE_PREFIX}api:${TAG}
        imagePullPolicy: ${PULL_POLICY}
        ports:
        - containerPort: 50051
      volumes:
        - name: ${MY_ENV}-cloudsql-instance-credentials
          secret:
            secretName: ${MY_ENV}-cloudsql-instance-credentials
-- user2697994
cloud-sql-proxy
google-kubernetes-engine
kubernetes

Similar Questions

Kubernetes not accepting new job definition
How to configure envoy edge proxy for redis service in kubernetes?
Kubectl Get Worker Nodes Only
GKE cluster upgrade by switching to a new pool: will inter-cluster service communication fail?
In kubernetes, what happens if a namespace is created without limit-range?
Keep k8s secrets in github actions

1 Answer

9/21/2018

In raw Kubernetes means? No.

But I strongly encourage you to use Helm to deploy your application(s). With helm you can easily adapt manifest based on variables provided for each environment (or defaults). For example with variable postgresql.proxy.enabled: true in defaults and

{{- if .Values.postgresql.proxy.enabled }}
- name: pg-proxy
...
{{- end }}

in helm template you could disable this block completely on dev env by setting the value to false.

-- Radek 'Goblin' Pieczonka
Source: StackOverflow