fix: add missing annotation to apps serviceAccount (#10484)
This commit is contained in:
LongYinan
GitHub
parent
4c736bc190
commit
fc4a716ef1
23
.github/actions/deploy/deploy.mjs
vendored
23
.github/actions/deploy/deploy.mjs
vendored
@ -25,6 +25,7 @@ const {
|
|||||||
AFFINE_GOOGLE_CLIENT_ID,
|
AFFINE_GOOGLE_CLIENT_ID,
|
||||||
AFFINE_GOOGLE_CLIENT_SECRET,
|
AFFINE_GOOGLE_CLIENT_SECRET,
|
||||||
CLOUD_SQL_IAM_ACCOUNT,
|
CLOUD_SQL_IAM_ACCOUNT,
|
||||||
|
APP_IAM_ACCOUNT,
|
||||||
GCLOUD_CONNECTION_NAME,
|
GCLOUD_CONNECTION_NAME,
|
||||||
GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT,
|
GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT,
|
||||||
REDIS_HOST,
|
REDIS_HOST,
|
||||||
@ -99,16 +100,22 @@ const createHelmCommand = ({ isDryRun }) => {
|
|||||||
`--set-string global.redis.password="${REDIS_PASSWORD}"`,
|
`--set-string global.redis.password="${REDIS_PASSWORD}"`,
|
||||||
]
|
]
|
||||||
: [];
|
: [];
|
||||||
const serviceAnnotations =
|
const serviceAnnotations = [
|
||||||
|
`--set-json web.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
|
||||||
|
`--set-json graphql.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
|
||||||
|
`--set-json sync.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
|
||||||
|
`--set-json doc.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
|
||||||
|
].concat(
|
||||||
isProduction || isBeta || isInternal
|
isProduction || isBeta || isInternal
|
||||||
? [
|
? [
|
||||||
`--set-json web.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
|
`--set-json web.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
|
||||||
`--set-json graphql.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
|
`--set-json graphql.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
|
||||||
`--set-json sync.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
|
`--set-json sync.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
|
||||||
`--set-json cloud-sql-proxy.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }\"`,
|
`--set-json cloud-sql-proxy.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }"`,
|
||||||
`--set-json cloud-sql-proxy.nodeSelector=\"{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }\"`,
|
`--set-json cloud-sql-proxy.nodeSelector="{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }"`,
|
||||||
]
|
]
|
||||||
: [];
|
: []
|
||||||
|
);
|
||||||
|
|
||||||
const cpu = cpuConfig[buildType];
|
const cpu = cpuConfig[buildType];
|
||||||
const resources = cpu
|
const resources = cpu
|
||||||
@ -136,7 +143,7 @@ const createHelmCommand = ({ isDryRun }) => {
|
|||||||
`--namespace ${namespace}`,
|
`--namespace ${namespace}`,
|
||||||
`--set-string global.app.buildType="${buildType}"`,
|
`--set-string global.app.buildType="${buildType}"`,
|
||||||
`--set global.ingress.enabled=true`,
|
`--set global.ingress.enabled=true`,
|
||||||
`--set-json global.ingress.annotations=\"{ \\"kubernetes.io/ingress.class\\": \\"gce\\", \\"kubernetes.io/ingress.allow-http\\": \\"true\\", \\"kubernetes.io/ingress.global-static-ip-name\\": \\"${STATIC_IP_NAME}\\" }\"`,
|
`--set-json global.ingress.annotations="{ \\"kubernetes.io/ingress.class\\": \\"gce\\", \\"kubernetes.io/ingress.allow-http\\": \\"true\\", \\"kubernetes.io/ingress.global-static-ip-name\\": \\"${STATIC_IP_NAME}\\" }"`,
|
||||||
`--set-string global.ingress.host="${host}"`,
|
`--set-string global.ingress.host="${host}"`,
|
||||||
`--set global.objectStorage.r2.enabled=true`,
|
`--set global.objectStorage.r2.enabled=true`,
|
||||||
`--set-string global.objectStorage.r2.accountId="${R2_ACCOUNT_ID}"`,
|
`--set-string global.objectStorage.r2.accountId="${R2_ACCOUNT_ID}"`,
|
||||||
|
|||||||
1
.github/workflows/deploy.yml
vendored
1
.github/workflows/deploy.yml
vendored
@ -116,6 +116,7 @@ jobs:
|
|||||||
REDIS_HOST: ${{ secrets.REDIS_HOST }}
|
REDIS_HOST: ${{ secrets.REDIS_HOST }}
|
||||||
REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
|
REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
|
||||||
CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }}
|
CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }}
|
||||||
|
APP_IAM_ACCOUNT: ${{ secrets.APP_IAM_ACCOUNT }}
|
||||||
STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
|
STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
|
||||||
STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }}
|
STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }}
|
||||||
STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}
|
STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
# we will make this file shared by prettier|eslint|oxlint
|
# we will make this file shared by prettier|eslint|oxlint
|
||||||
**/node_modules
|
**/node_modules
|
||||||
.yarn
|
.yarn
|
||||||
.github
|
.github/helm
|
||||||
.vscode
|
.vscode
|
||||||
.yarnrc.yml
|
.yarnrc.yml
|
||||||
.docker
|
.docker
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"compilerOptions": {
|
"compilerOptions": {
|
||||||
"allowJs": true
|
"allowJs": true
|
||||||
},
|
},
|
||||||
"include": ["."],
|
"include": [".", ".github/actions/*/*.mjs"],
|
||||||
"exclude": [
|
"exclude": [
|
||||||
"**/target",
|
"**/target",
|
||||||
"**/node_modules",
|
"**/node_modules",
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user