chore: code review comments.

examples/k8s-health-check/proxy_with_http_health_check.yaml

@@ -47,119 +47,6 @@ spec:
               name: <YOUR-DB-SECRET>
               key: database
       - name: cloud-sql-proxy
-        # It is recommended to use the latest version of the Cloud SQL Auth Proxy
-        # Make sure to update on a regular schedule!
-        image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.1.0
-        args:
-          # If connecting from a VPC-native GKE cluster, you can use the
-          # following flag to have the proxy connect over private IP
-          # - "--private-ip"
-
-          # Enable HTTP health checks
-          - "--health-check"
-
-          # Listen on all addresses so the kubelet can reach the endpoints
-          - "--http-address=0.0.0.0"
-
-          # Set the port where the HTTP server listens
-          - "--admin-port=9091"
-
-          # Enable structured logging with LogEntry format:
-          - "--structured-logs"
-
-          # This flag specifies where the service account key can be found
-          # Remove this argument if you are using workload identity
-          - "--credentials-file=/secrets/service_account.json"
-
-          # Replace DB_PORT with the port the proxy should listen on
-          - "--port=<DB_PORT>"
-          - "<INSTANCE_CONNECTION_NAME>"
-
-        securityContext:
-          # The default Cloud SQL Auth Proxy image runs as the
-          # "nonroot" user and group (uid: 65532) by default.
-          runAsNonRoot: true
-          # Use a read-only filesystem
-          readOnlyRootFilesystem: true
-          # Do not allow privilege escalation
-          allowPrivilegeEscalation : false
-        volumeMounts:
-        - name: <YOUR-SA-SECRET-VOLUME>
-          mountPath: /secrets/
-          readOnly: true
-        # Resource configuration depends on an application's requirements. You
-        # should adjust the following values based on what your application
-        # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-        resources:
-          requests:
-            # The proxy's memory use scales linearly with the number of active
-            # connections. Fewer open connections will use less memory. Adjust
-            # this value based on your application's requirements.
-            memory: "2Gi"
-            # The proxy's CPU use scales linearly with the amount of IO between
-            # the database and the application. Adjust this value based on your
-            # application's requirements.
-            cpu:    "1"
-        # Recommended configurations for health check probes.
-        # Probe parameters can be adjusted to best fit the requirements of your application.
-        # For details, see https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-        startupProbe:
-          # The /startup probe returns OK when the proxy is ready to receive
-          # connections from the application. In this example, k8s will check
-          # once a second for 20 seconds.
-          #
-          # We strongly recommend adding a startup probe to the proxy sidecar
-          # container. This will ensure that service traffic will be routed to
-          # the pod only after the proxy has successfully started.
-          httpGet:
-            path: /startup
-            port: 9090
-          periodSeconds: 1
-          timeoutSeconds: 5
-          failureThreshold: 20
-        livenessProbe:
-          # The /liveness probe returns OK as soon as the proxy application has
-          # begun its startup process and continues to return OK until the
-          # process stops.
-          #
-          # We recommend adding a liveness probe to the proxy sidecar container.
-          httpGet:
-            path: /liveness
-            port: 9090
-          # Number of seconds after the container has started before the first probe is scheduled. Defaults to 0.
-          # Not necessary when the startup probe is in use.
-          initialDelaySeconds: 0
-          # Frequency of the probe.
-          periodSeconds: 60
-          # Number of seconds after which the probe times out.
-          timeoutSeconds: 30
-          # Number of times the probe is allowed to fail before the transition
-          # from healthy to failure state.
-          #
-          # If periodSeconds = 60, 5 tries will result in five minutes of
-          # checks. The proxy starts to refresh a certificate five minutes
-          # before its expiration. If those five minutes lapse without a
-          # successful refresh, the liveness probe will fail and the pod will be
-          # restarted.
-          failureThreshold: 5
-        readinessProbe:
-          # The /readiness probe returns OK when the proxy can establish
-          # a new connections to its databases.
-          #
-          # Please use the readiness probe to the proxy sidecar with caution.
-          # An improperly configured readiness probe can cause unnecessary
-          # interruption to the application. See README.md for more detail.
-          httpGet:
-            path: /readiness
-            port: 9090
-          initialDelaySeconds: 10
-          periodSeconds: 10
-          timeoutSeconds: 10
-          # Number of times the probe must report success to transition from failure to healthy state.
-          # Defaults to 1 for readiness probe.
-          successThreshold: 1
-          failureThreshold: 6
-      - name: cloud-sql-proxy-2
         # It is recommended to use the latest version of the Cloud SQL Auth Proxy
         # Make sure to update on a regular schedule!
         image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.6.0
@@ -216,11 +103,6 @@ spec:
         - name: CSQL_PROXY_STRUCTURED_LOGS
           value: "true"
 
-          # This flag specifies where the service account key can be found
-          # Remove this argument if you are using workload identity
-        - name: CSQL_CREDENTIALS_FILE
-          value: /secrets/service_account.json
-
         # Configure kubernetes to call the /quitquitquit endpoint on the
         # admin server before sending SIGTERM to the proxy before stopping
         # the pod. This will give the proxy more time to gracefully exit.
@@ -294,12 +176,21 @@ spec:
         ports:
         - containerPort: 9801
           protocol: TCP
-        # Resource configuration depends on an application's requirements. You
-        # should adjust the following values based on what your application
-        # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+        # You should use resource requests/limits as a best practice to prevent
+        # pods from consuming too many resources and affecting the execution of
+        # other pods. You should adjust the following values based on what your
+        # application needs. For details, see
+        # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
         resources:
           requests:
-            cpu: "500e-3"
+            # The proxy's memory use scales linearly with the number of active
+            # connections. Fewer open connections will use less memory. Adjust
+            # this value based on your application's requirements.
+            memory: "2Gi"
+            # The proxy's CPU use scales linearly with the amount of IO between
+            # the database and the application. Adjust this value based on your
+            # application's requirements.
+            cpu:    "1"
         securityContext:
           # The default Cloud SQL Auth Proxy image runs as the
           # "nonroot" user and group (uid: 65532) by default.
@@ -308,10 +199,6 @@ spec:
           readOnlyRootFilesystem: true
           # Do not allow privilege escalation
           allowPrivilegeEscalation : false
-        volumeMounts:
-        - name: <YOUR-SA-SECRET-VOLUME>
-          mountPath: /secrets/
-          readOnly: true
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
       volumes: