...

Text file src/github.com/GoogleCloudPlatform/cloudsql-proxy/examples/k8s-health-check/proxy_with_http_health_check.yaml

Documentation: github.com/GoogleCloudPlatform/cloudsql-proxy/examples/k8s-health-check

     1# Copyright 2021 Google LLC
     2#
     3# Licensed under the Apache License, Version 2.0 (the "License");
     4# you may not use this file except in compliance with the License.
     5# You may obtain a copy of the License at
     6#
     7#     https://www.apache.org/licenses/LICENSE-2.0
     8#
     9# Unless required by applicable law or agreed to in writing, software
    10# distributed under the License is distributed on an "AS IS" BASIS,
    11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12# See the License for the specific language governing permissions and
    13# limitations under the License.
    14#
    15# You must configure probes in your deployment to use health checks in Kubernetes.
    16# This sample configuration for HTTP probes is adapted from proxy_with_workload_identity.yaml.
    17apiVersion: apps/v1
    18kind: Deployment
    19metadata:
    20  name: <YOUR-DEPLOYMENT-NAME>
    21spec:
    22  selector:
    23    matchLabels:
    24      app: <YOUR-APPLICATION-NAME>
    25  template:
    26    metadata:
    27      labels:
    28        app: <YOUR-APPLICATION-NAME>
    29    spec:
    30      containers:
    31      - name: <YOUR-APPLICATION-NAME>
    32        # ... other container configuration
    33        env:
    34        - name: DB_USER
    35          valueFrom:
    36            secretKeyRef:
    37              name: <YOUR-DB-SECRET>
    38              key: username
    39        - name: DB_PASS
    40          valueFrom:
    41            secretKeyRef:
    42              name: <YOUR-DB-SECRET>
    43              key: password
    44        - name: DB_NAME
    45          valueFrom:
    46            secretKeyRef:
    47              name: <YOUR-DB-SECRET>
    48              key: database
    49      - name: cloud-sql-proxy
    50        # It is recommended to use the latest version of the Cloud SQL proxy
    51        # Make sure to update on a regular schedule!
    52        image: gcr.io/cloudsql-docker/gce-proxy:1.27.0
    53        command:
    54          - "/cloud_sql_proxy"
    55
    56          # If connecting from a VPC-native GKE cluster, you can use the
    57          # following flag to have the proxy connect over private IP
    58          # - "-ip_address_types=PRIVATE"
    59
    60          # Replace DB_PORT with the port the proxy should listen on
    61          # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433
    62          - "-instances=<INSTANCE_CONNECTION_NAME>=tcp:<DB_PORT>"
    63          # Enables HTTP health checks.
    64          - "-use_http_health_check"
    65          # Specifies the health check server port.
    66          # Defaults to 8090.
    67          - "-health_check_port=<YOUR-HEALTH-CHECK-PORT>"
    68          # This flag specifies where the service account key can be found
    69          - "-credential_file=/secrets/service_account.json"
    70        securityContext:
    71          # The default Cloud SQL proxy image runs as the
    72          # "nonroot" user and group (uid: 65532) by default.
    73          runAsNonRoot: true
    74        volumeMounts:
    75        - name: <YOUR-SA-SECRET-VOLUME>
    76          mountPath: /secrets/
    77          readOnly: true
    78        # Resource configuration depends on an application's requirements. You
    79        # should adjust the following values based on what your application
    80        # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
    81        resources:
    82          requests:
    83            # The proxy's memory use scales linearly with the number of active
    84            # connections. Fewer open connections will use less memory. Adjust
    85            # this value based on your application's requirements.
    86            memory: "2Gi"
    87            # The proxy's CPU use scales linearly with the amount of IO between
    88            # the database and the application. Adjust this value based on your
    89            # application's requirements.
    90            cpu:    "1"
    91        # Recommended configurations for health check probes.
    92        # Probe parameters can be adjusted to best fit the requirements of your application.
    93        # For details, see https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
    94        livenessProbe:
    95          httpGet:
    96            path: /liveness
    97            port: 8090
    98          # Number of seconds after the container has started before the first probe is scheduled. Defaults to 0.
    99          # Not necessary when the startup probe is in use.
   100          initialDelaySeconds: 0
   101          # Frequency of the probe.
   102          periodSeconds: 60
   103          # Number of seconds after which the probe times out.
   104          timeoutSeconds: 30
   105          # Number of times the probe is allowed to fail before the transition
   106          # from healthy to failure state.
   107          #
   108          # If periodSeconds = 60, 5 tries will result in five minutes of
   109          # checks. The proxy starts to refresh a certificate five minutes
   110          # before its expiration. If those five minutes lapse without a
   111          # successful refresh, the liveness probe will fail and the pod will be
   112          # restarted.
   113          failureThreshold: 5
   114        readinessProbe:
   115          httpGet:
   116            path: /readiness
   117            port: 8090
   118          initialDelaySeconds: 0
   119          periodSeconds: 10
   120          timeoutSeconds: 5
   121          # Number of times the probe must report success to transition from failure to healthy state.
   122          # Defaults to 1 for readiness probe.
   123          successThreshold: 1
   124          failureThreshold: 1
   125        startupProbe:
   126          httpGet:
   127            path: /startup
   128            port: 8090
   129          periodSeconds: 1
   130          timeoutSeconds: 5
   131          failureThreshold: 20
   132      volumes:
   133      - name: <YOUR-SA-SECRET-VOLUME>
   134        secret:
   135          secretName: <YOUR-SA-SECRET>

View as plain text