docs: Update the example healthcheck config #1950
Conversation
|
|
||
| # This flag specifies where the service account key can be found | ||
| # Remove this argument if you are using workload identity | ||
| - name: CSQL_CREDENTIALS_FILE |
There was a problem hiding this comment.
Do we want to show how to do this? Or do we want to use WI by default?
There was a problem hiding this comment.
I'll remove the CSQL_CREDENTIALS_FILE.
| # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | ||
| resources: | ||
| requests: | ||
| cpu: "500e-3" |
There was a problem hiding this comment.
This doesn't match what we have elsewhere. Is there a reason?
There was a problem hiding this comment.
Updated to match the sidecar config.
| # Do not allow privilege escalation | ||
| allowPrivilegeEscalation : false | ||
| volumeMounts: | ||
| - name: <YOUR-SA-SECRET-VOLUME> |
There was a problem hiding this comment.
Same here -- do we want to highlight key file usage?
hessjcg
force-pushed
the
gh-1943-better-k8s-docs
branch
from
6fcf77e to
772bf9a
Compare
examples/k8s-health-check/README.md
Outdated
| # name in the format: "project_name:region:instance_name" | ||
| # Replace <DB_PORT> with the port that the proxy should open | ||
| # to listen for database connections from the application | ||
| - <INSTANCE_CONNECTION_NAME>?port=<DB_PORT> |
There was a problem hiding this comment.
Why are we using the query string syntax instead of --port=<DB_PORT>?
There was a problem hiding this comment.
Or CSQL_PROXY_PORT=<DB_PORT> below?
There was a problem hiding this comment.
This example, like the operator, sets the port number on the instance instead of setting a
a global starting port number. I prefer to make a direct, unambiguous association between database
instance and port number. However, if you prefer, I'll switch it to --port=<DB_PORT>
There was a problem hiding this comment.
I think the port flag is clear because there aren't more instances involved. It also matches our other examples.
| # to listen for database connections from the application | ||
| - <INSTANCE_CONNECTION_NAME>?port=<DB_PORT> | ||
|
|
||
| env: |
There was a problem hiding this comment.
If we recommend env vars for Kubernetes, shall we change all our other examples too?
There was a problem hiding this comment.
I'm on board with that approach. That will be in a different PR though.
There was a problem hiding this comment.
Let's file an issue to track that work and link to it here then.
hessjcg
force-pushed
the
gh-1943-better-k8s-docs
branch
from
772bf9a to
8501f03
Compare
|
Fixed. |
| # name in the format: "project_name:region:instance_name" | ||
| # Replace <DB_PORT> with the port that the proxy should open | ||
| # to listen for database connections from the application | ||
| - <INSTANCE_CONNECTION_NAME> |
There was a problem hiding this comment.
FYI This could be an environment variable too. CSQL_PROXY_INSTANCE_CONNECTION_NAME=...
There was a problem hiding this comment.
Not sure if we want to do that, though.
There was a problem hiding this comment.
I avoided that in the operator's implementation because when configuring multiple instances, the envvar was somewhat more confusing than the args.
There was a problem hiding this comment.
this would be highly appreciated to have. We can't move from 1.x to 2.x because of this missing. I even opened a bugticket through the support: https://issuetracker.google.com/issues/273982124
There was a problem hiding this comment.
@w32-blaster would you mind opening an issue so we can track that here?
| - name: CSQL_PROXY_ADMIN_PORT | ||
| value: "9092" | ||
| - name: CSQL_PROXY_USER_AGENT | ||
| value: cloud-sql-proxy-operator/unknown |
There was a problem hiding this comment.
I don't think we should add this here -- this is a private implementation detail for our purposes here.
There was a problem hiding this comment.
Good catch, fixed.
…ator configuration. chore: code review comments.
hessjcg
force-pushed
the
gh-1943-better-k8s-docs
branch
from
8501f03 to
01bc52f
Compare
| @@ -49,90 +49,100 @@ spec: | |||
| - name: cloud-sql-proxy | |||
| # It is recommended to use the latest version of the Cloud SQL Auth Proxy | |||
| # Make sure to update on a regular schedule! | |||
| image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.1.0 | |||
| image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.6.0 | |||
The configuration example for health checks now matches match the default configuration used by the cloud-sql-proxy-operator.
Fixes #1943