Merge branch 'main' into k_anonym_deidentify_cloud_storage

Author: pattishin

cloud-sql/mysql/mysql/deployment.yaml

@@ -61,18 +61,21 @@ spec:
         # This uses the latest version of the Cloud SQL proxy
         # It is recommended to use a specific version for production environments.
         # See: https://github.com/GoogleCloudPlatform/cloudsql-proxy 
-        image: gcr.io/cloudsql-docker/gce-proxy:latest
-        command:
-          - "/cloud_sql_proxy"
-
+        image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest
+        args:
           # If connecting from a VPC-native GKE cluster, you can use the
           # following flag to have the proxy connect over private IP
-          # - "-ip_address_types=PRIVATE"
+          # - "--private-ip"
+
+          # If you are not connecting with Automatic IAM, you can delete
+          # the following flag.
+          - "--auto-iam-authn"
 
           # tcp should be set to the port the proxy should listen on
           # and should match the DB_PORT value set above.
           # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433
-          - "-instances=<INSTANCE_CONNECTION_NAME>=tcp:3306"
+          - "--port=3306"
+          - "<INSTANCE_CONNECTION_NAME>"
         securityContext:
           # The default Cloud SQL proxy image runs as the
           # "nonroot" user and group (uid: 65532) by default.

cloud-sql/postgres/knex/deployment.yaml

@@ -38,10 +38,19 @@ spec:
         env:
         - name: PORT
           value: "8080"
+        # This project uses environment variables to determine
+        # how you would like to run your application
+        # To use the Node.js connector (recommended) - use INSTANCE_CONNECTION_NAME (proj:region:instance)
+        # To use TCP - Setting INSTANCE_HOST will use TCP (e.g., 127.0.0.1)
+        # To use Unix, use INSTANCE_UNIX_SOCKET (e.g., /cloudsql/proj:region:instance)
         - name: INSTANCE_HOST
           value: "127.0.0.1"
         - name: DB_PORT
-          value: "5432"  
+          value: "5432"
+        # For Automatic IAM Authentication with the Node.js Connector
+        # use DB_IAM_USER instead of DB_USER (recommended)
+        # You may also remove the DB_PASS environment variable if
+        # you use Automatic IAM Authentication
         - name: DB_USER
           valueFrom:
             secretKeyRef:
@@ -57,22 +66,27 @@ spec:
             secretKeyRef:
               name: <YOUR-DB-SECRET>
               key: database
+      # If you are using the Node.js Connector (recommended), you can
+      # remove cloud-sql-proxy (everything below this line)
       - name: cloud-sql-proxy
         # This uses the latest version of the Cloud SQL proxy
         # It is recommended to use a specific version for production environments.
         # See: https://github.com/GoogleCloudPlatform/cloudsql-proxy 
-        image: gcr.io/cloudsql-docker/gce-proxy:latest
-        command:
-          - "/cloud_sql_proxy"
-
+        image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest
+        args:
           # If connecting from a VPC-native GKE cluster, you can use the
           # following flag to have the proxy connect over private IP
-          # - "-ip_address_types=PRIVATE"
+          # - "--private-ip"
+
+          # If you are not connecting with Automatic IAM, you can delete
+          # the following flag.
+          - "--auto-iam-authn"
 
           # tcp should be set to the port the proxy should listen on
           # and should match the DB_PORT value set above.
           # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433
-          - "-instances=<INSTANCE_CONNECTION_NAME>=tcp:5432"
+          - "--port=5432"
+          - "<INSTANCE_CONNECTION_NAME>"
         securityContext:
           # The default Cloud SQL proxy image runs as the
           # "nonroot" user and group (uid: 65532) by default.

cloud-sql/sqlserver/mssql/deployment.yaml

@@ -61,18 +61,17 @@ spec:
         # This uses the latest version of the Cloud SQL proxy
         # It is recommended to use a specific version for production environments.
         # See: https://github.com/GoogleCloudPlatform/cloudsql-proxy 
-        image: gcr.io/cloudsql-docker/gce-proxy:latest
-        command:
-          - "/cloud_sql_proxy"
-
+        image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest
+        args:
           # If connecting from a VPC-native GKE cluster, you can use the
           # following flag to have the proxy connect over private IP
-          # - "-ip_address_types=PRIVATE"
+          # - "--private-ip"
 
           # tcp should be set to the port the proxy should listen on
           # and should match the DB_PORT value set above.
           # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433
-          - "-instances=<INSTANCE_CONNECTION_NAME>=tcp:1433"
+          - "--port=1433"
+          - "<INSTANCE_CONNECTION_NAME>"
         securityContext:
           # The default Cloud SQL proxy image runs as the
           # "nonroot" user and group (uid: 65532) by default.

run/filesystem/gcsfuse.Dockerfile

@@ -0,0 +1,59 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# [START cloudrun_fuse_dockerfile]
+
+# Use the official Node.js image.
+# https://hub.docker.com/_/node
+FROM node:20-slim
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    curl \
+    gnupg \
+    lsb-release \
+    tini && \
+    gcsFuseRepo=gcsfuse-`lsb_release -c -s` && \
+    echo "deb http://packages.cloud.google.com/apt $gcsFuseRepo main" | \
+    tee /etc/apt/sources.list.d/gcsfuse.list && \
+    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
+    apt-key add - && \
+    apt-get update && \
+    apt-get install -y gcsfuse && \
+    apt-get clean
+
+# Set fallback mount directory
+ENV MNT_DIR /mnt/gcs
+
+# Copy local code to the container image.
+ENV APP_HOME /app
+WORKDIR $APP_HOME
+COPY package*.json ./
+
+# Install production dependencies.
+RUN npm install --only=production
+
+# Copy local code to the container image.
+COPY . ./
+
+# Ensure the script is executable
+RUN chmod +x /app/gcsfuse_run.sh
+
+# Use tini to manage zombie processes and signal forwarding
+# https://github.com/krallin/tini
+ENTRYPOINT ["/usr/bin/tini", "--"]
+
+# Pass the wrapper script as arguments to tini
+CMD ["/app/gcsfuse_run.sh"]
+# [END cloudrun_fuse_dockerfile]

run/filesystem/gcsfuse_run.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# [START cloudrun_fuse_script]
+#!/usr/bin/env bash
+set -eo pipefail
+
+# Create mount directory for service
+mkdir -p $MNT_DIR
+
+echo "Mounting GCS Fuse."
+gcsfuse --debug_gcs --debug_fuse $BUCKET $MNT_DIR 
+echo "Mounting completed."
+
+# Start the application
+node index.js &
+
+# Exit immediately when one of the background processes terminate.
+wait -n
+# [END cloudrun_fuse_script]

run/filesystem/run.sh

@@ -25,7 +25,7 @@ mount -o nolock $FILESTORE_IP_ADDRESS:/$FILE_SHARE_NAME $MNT_DIR
 echo "Mounting completed."
 
 # Start the application
-node index.js
+node index.js &
 
 # Exit immediately when one of the background processes terminate.
 wait -n