Add the "client-secure" Pod to the Helm chart? #382
Description
Is your feature request related to a problem? Please describe.
It would be nice to have an easy way to connect to the CRDB cluster in a Kubernetes cluster.
Describe the solution you'd like
The docs even note this as a thing you might want to do, and link you to the almost ready-made example of how to create a pod to do that: https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/client-secure.yaml
Can that just make its way into the Helm chart? (It would be fine, and perhaps preferable, if that was being a values.yaml flag to enable/disable it, too.)
I'd also switch this from a raw Pod (which isn't recommended, and has various downsides) to a Deployment¹ with replicas: 1. sleep (at least the one that is in GNU coreutils) can be invoked as sleep infinity, and dumb-init will all the pod to shutdown gracefully; a minimal "do nothing" pod is dumb-init -- sleep infinity, and then you don't need the terminationGradePeriod directive.
Describe alternatives you've considered
The status quo, of having it as an example:
- Since one already is using the Helm chart, it's harder to pull in than just "enable this flag".
- Orgs like mine want to vendor upstream software, and other orgs want to understand when & where 3rd-party code is. Random files like this — where I pull in this file, make a bunch of changes — make that very muddy, and don't integrate well with existing processes. But we have a process to vendor a Helm chart: so it if just gets packaged with that, then 🚀
Additional context
¹This does have the downside of making the pod name ugly. A StatefulSet would make the pod name nicer, unless there's some magic way with a Deployment to do nice names that I don't know about.
Jira issue: CRDB-36686
Jira issue: HELM-44