-
Notifications
You must be signed in to change notification settings - Fork 349
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: Update the example healthcheck config #1950
Conversation
|
||
# This flag specifies where the service account key can be found | ||
# Remove this argument if you are using workload identity | ||
- name: CSQL_CREDENTIALS_FILE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to show how to do this? Or do we want to use WI by default?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll remove the CSQL_CREDENTIALS_FILE.
# needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | ||
resources: | ||
requests: | ||
cpu: "500e-3" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't match what we have elsewhere. Is there a reason?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated to match the sidecar config.
# Do not allow privilege escalation | ||
allowPrivilegeEscalation : false | ||
volumeMounts: | ||
- name: <YOUR-SA-SECRET-VOLUME> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here -- do we want to highlight key file usage?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed.
6fcf77e
to
772bf9a
Compare
examples/k8s-health-check/README.md
Outdated
# name in the format: "project_name:region:instance_name" | ||
# Replace <DB_PORT> with the port that the proxy should open | ||
# to listen for database connections from the application | ||
- <INSTANCE_CONNECTION_NAME>?port=<DB_PORT> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we using the query string syntax instead of --port=<DB_PORT>
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or CSQL_PROXY_PORT=<DB_PORT>
below?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This example, like the operator, sets the port number on the instance instead of setting a
a global starting port number. I prefer to make a direct, unambiguous association between database
instance and port number. However, if you prefer, I'll switch it to --port=<DB_PORT>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the port flag is clear because there aren't more instances involved. It also matches our other examples.
# to listen for database connections from the application | ||
- <INSTANCE_CONNECTION_NAME>?port=<DB_PORT> | ||
|
||
env: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we recommend env vars for Kubernetes, shall we change all our other examples too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm on board with that approach. That will be in a different PR though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's file an issue to track that work and link to it here then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. #1969
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's use the --port
syntax to be consistent with other examples.
772bf9a
to
8501f03
Compare
Fixed. |
# name in the format: "project_name:region:instance_name" | ||
# Replace <DB_PORT> with the port that the proxy should open | ||
# to listen for database connections from the application | ||
- <INSTANCE_CONNECTION_NAME> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI This could be an environment variable too. CSQL_PROXY_INSTANCE_CONNECTION_NAME=...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if we want to do that, though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I avoided that in the operator's implementation because when configuring multiple instances, the envvar was somewhat more confusing than the args.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this would be highly appreciated to have. We can't move from 1.x to 2.x because of this missing. I even opened a bugticket through the support: https://issuetracker.google.com/issues/273982124
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@w32-blaster would you mind opening an issue so we can track that here?
- name: CSQL_PROXY_ADMIN_PORT | ||
value: "9092" | ||
- name: CSQL_PROXY_USER_AGENT | ||
value: cloud-sql-proxy-operator/unknown |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we should add this here -- this is a private implementation detail for our purposes here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, fixed.
…ator configuration. chore: code review comments.
8501f03
to
01bc52f
Compare
@@ -49,90 +49,100 @@ spec: | |||
- name: cloud-sql-proxy | |||
# It is recommended to use the latest version of the Cloud SQL Auth Proxy | |||
# Make sure to update on a regular schedule! | |||
image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.1.0 | |||
image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.6.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2.7.0
The configuration example for health checks now matches match the default configuration used by the cloud-sql-proxy-operator.
Fixes #1943