From dfb0971e257d7be1f60d27259f2e08118eac1174 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Thu, 22 Apr 2021 12:48:23 -0700 Subject: [PATCH] kill cloudsql container when upgrade job finishes Signed-off-by: Brady Todhunter --- .../templates/engine_upgrade_job.yaml | 20 ++++++++++++++++--- .../enterprise_feeds_upgrade_job.yaml | 18 +++++++++++++++-- .../templates/enterprise_upgrade_job.yaml | 18 +++++++++++++++-- 3 files changed, 49 insertions(+), 7 deletions(-) diff --git a/stable/anchore-engine/templates/engine_upgrade_job.yaml b/stable/anchore-engine/templates/engine_upgrade_job.yaml index 3db9ce32..dfe591d1 100644 --- a/stable/anchore-engine/templates/engine_upgrade_job.yaml +++ b/stable/anchore-engine/templates/engine_upgrade_job.yaml @@ -41,6 +41,9 @@ spec: {{- end }} {{- end }} restartPolicy: Never + {{- if .Values.cloudsql.enabled }} + shareProcessNamespace: true + {{- end }} containers: {{- if .Values.cloudsql.enabled }} - name: cloudsql-proxy @@ -57,7 +60,7 @@ spec: readOnly: true {{- end }} {{- end }} - - name: "{{ .Release.Name }}-enterprise-upgrade" + - name: "{{ .Release.Name }}-engine-upgrade" {{- if .Values.anchoreEnterpriseGlobal.enabled }} image: {{ .Values.anchoreEnterpriseGlobal.image }} imagePullPolicy: {{ .Values.anchoreEnterpriseGlobal.imagePullPolicy }} @@ -65,10 +68,21 @@ spec: image: {{ .Values.anchoreGlobal.image }} imagePullPolicy: {{ .Values.anchoreGlobal.imagePullPolicy }} {{- end }} + command: ["/bin/bash", "-c"] + args: {{- if .Values.anchoreGlobal.dbConfig.ssl }} - args: ["/bin/bash", "-c", "anchore-manager db --db-use-ssl --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME}?sslmode={{ .Values.anchoreGlobal.dbConfig.sslMode }}\\&sslrootcert=/home/anchore/certs/{{ .Values.anchoreGlobal.dbConfig.sslRootCertName }} upgrade --dontask"] + - | + anchore-manager db --db-use-ssl --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME}?sslmode={{ .Values.anchoreGlobal.dbConfig.sslMode }}\\&sslrootcert=/home/anchore/certs/{{ .Values.anchoreGlobal.dbConfig.sslRootCertName }} upgrade --dontask; {{- else }} - args: ["/bin/bash", "-c", "anchore-manager db --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME} upgrade --dontask"] + - | + anchore-manager db --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME} upgrade --dontask; + {{- end }} + {{- if .Values.cloudsql.enabled }} + sql_proxy_pid=$(pgrep cloud_sql_proxy) && kill -INT $sql_proxy_pid; + securityContext: + capabilities: + add: + - SYS_PTRACE {{- end }} envFrom: {{- if not .Values.inject_secrets_via_env }} diff --git a/stable/anchore-engine/templates/enterprise_feeds_upgrade_job.yaml b/stable/anchore-engine/templates/enterprise_feeds_upgrade_job.yaml index c2cb7e2f..a5cb0eb8 100644 --- a/stable/anchore-engine/templates/enterprise_feeds_upgrade_job.yaml +++ b/stable/anchore-engine/templates/enterprise_feeds_upgrade_job.yaml @@ -34,6 +34,9 @@ spec: imagePullSecrets: - name: {{ .Values.anchoreEnterpriseGlobal.imagePullSecretName }} restartPolicy: Never + {{- if .Values.cloudsql.enabled }} + shareProcessNamespace: true + {{- end }} containers: {{- if .Values.cloudsql.enabled }} - name: cloudsql-proxy @@ -53,10 +56,21 @@ spec: - name: "{{ .Release.Name }}-enterprise-feeds-upgrade" imagePullPolicy: {{ .Values.anchoreEnterpriseGlobal.imagePullPolicy }} image: {{ .Values.anchoreEnterpriseGlobal.image }} + command: ["/bin/bash", "-c"] + args: {{- if .Values.anchoreGlobal.dbConfig.ssl }} - args: ["/bin/bash", "-c", "anchore-enterprise-manager db --db-use-ssl --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_FEEDS_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME}?sslmode={{ .Values.anchoreGlobal.dbConfig.sslMode }}\\&sslrootcert=/home/anchore/certs/{{ .Values.anchoreGlobal.dbConfig.sslRootCertName }} upgrade --dontask"] + - | + anchore-enterprise-manager db --db-use-ssl --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_FEEDS_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME}?sslmode={{ .Values.anchoreGlobal.dbConfig.sslMode }}\\&sslrootcert=/home/anchore/certs/{{ .Values.anchoreGlobal.dbConfig.sslRootCertName }} upgrade --dontask; {{- else }} - args: ["/bin/bash", "-c", "anchore-enterprise-manager db --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_FEEDS_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME} upgrade --dontask"] + - | + anchore-enterprise-manager db --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_FEEDS_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME} upgrade --dontask; + {{- end }} + {{- if .Values.cloudsql.enabled }} + sql_proxy_pid=$(pgrep cloud_sql_proxy) && kill -INT $sql_proxy_pid; + securityContext: + capabilities: + add: + - SYS_PTRACE {{- end }} envFrom: {{- if not .Values.inject_secrets_via_env }} diff --git a/stable/anchore-engine/templates/enterprise_upgrade_job.yaml b/stable/anchore-engine/templates/enterprise_upgrade_job.yaml index a199f339..446e9e78 100644 --- a/stable/anchore-engine/templates/enterprise_upgrade_job.yaml +++ b/stable/anchore-engine/templates/enterprise_upgrade_job.yaml @@ -34,6 +34,9 @@ spec: imagePullSecrets: - name: {{ .Values.anchoreEnterpriseGlobal.imagePullSecretName }} restartPolicy: Never + {{- if .Values.cloudsql.enabled }} + shareProcessNamespace: true + {{- end }} containers: {{- if .Values.cloudsql.enabled }} - name: cloudsql-proxy @@ -53,10 +56,21 @@ spec: - name: "{{ .Release.Name }}-enterprise-upgrade" imagePullPolicy: {{ .Values.anchoreEnterpriseGlobal.imagePullPolicy }} image: {{ .Values.anchoreEnterpriseGlobal.image }} + command: ["/bin/bash", "-c"] + args: {{- if .Values.anchoreGlobal.dbConfig.ssl }} - args: ["/bin/bash", "-c", "anchore-enterprise-manager db --db-use-ssl --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME}?sslmode={{ .Values.anchoreGlobal.dbConfig.sslMode }}\\&sslrootcert=/home/anchore/certs/{{ .Values.anchoreGlobal.dbConfig.sslRootCertName }} upgrade --dontask"] + - | + anchore-enterprise-manager db --db-use-ssl --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME}?sslmode={{ .Values.anchoreGlobal.dbConfig.sslMode }}\\&sslrootcert=/home/anchore/certs/{{ .Values.anchoreGlobal.dbConfig.sslRootCertName }} upgrade --dontask; {{- else }} - args: ["/bin/bash", "-c", "anchore-enterprise-manager db --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME} upgrade --dontask"] + - | + anchore-enterprise-manager db --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME} upgrade --dontask; + {{- end }} + {{- if .Values.cloudsql.enabled }} + sql_proxy_pid=$(pgrep cloud_sql_proxy) && kill -INT $sql_proxy_pid; + securityContext: + capabilities: + add: + - SYS_PTRACE {{- end }} envFrom: {{- if not .Values.inject_secrets_via_env }}