Make cloudsql-proxy into a proper sidecar container

mortenlj · mortenlj · commit 5ba00e9421a4 · 2025-02-12T14:40:23.000+01:00
This makes sure that cloudsql-proxy will start before the application, and not be stopped until the main application container has exited.
diff --git a/pkg/resourcecreator/google/helpers.go b/pkg/resourcecreator/google/helpers.go
@@ -35,6 +35,7 @@ func CloudSqlProxyContainer(port int32, googleCloudSQLProxyContainerImage, proje
 		Name:            "cloudsql-proxy",
 		Image:           googleCloudSQLProxyContainerImage,
 		ImagePullPolicy: corev1.PullIfNotPresent,
+		RestartPolicy:   ptr.To(corev1.ContainerRestartPolicyAlways),
 		Ports: []corev1.ContainerPort{{
 			ContainerPort: port,
 			Protocol:      corev1.ProtocolTCP,
diff --git a/pkg/resourcecreator/google/sql/instance.go b/pkg/resourcecreator/google/sql/instance.go
@@ -103,7 +103,7 @@ func CreateInstance(source Source, ast *resource.Ast, cfg Config) error {
 
 	if needsCloudSqlProxyContainer {
 		cloudSqlProxyContainer := google.CloudSqlProxyContainer(5432, cfg.GetGoogleCloudSQLProxyContainerImage(), googleTeamProjectID, googleSqlInstance.Name)
-		ast.Containers = append(ast.Containers, cloudSqlProxyContainer)
+		ast.InitContainers = append(ast.InitContainers, cloudSqlProxyContainer)
 	}
 
 	return nil
@@ -311,4 +311,4 @@ func CreateSqlSSLCertResource(ast *resource.Ast, instanceName string, source Sou
 	ast.VolumeMounts = append(ast.VolumeMounts, pod.FromFilesVolumeMount(sqeletorVolumeName, nais_io_v1alpha1.DefaultSqeletorMountPath, "", true))
 
 	ast.AppendOperation(resource.OperationCreateIfNotExists, sqlSSLCert)
-}
+}
diff --git a/pkg/resourcecreator/testdata/gcp_database.yaml b/pkg/resourcecreator/testdata/gcp_database.yaml
@@ -224,6 +224,7 @@ tests:
                         value: team-project-id
                       - name: GCP_TEAM_PROJECT_ID
                         value: team-project-id
+                initContainers:
                   - name: cloudsql-proxy
                     command:
                       - /cloud-sql-proxy
@@ -242,6 +243,7 @@ tests:
                         cpu: 50m
                         memory: 32Mi
                     imagePullPolicy: IfNotPresent
+                    restartPolicy: Always
                     securityContext:
                       allowPrivilegeEscalation: false
                       runAsUser: 2
diff --git a/pkg/resourcecreator/testdata/gcp_database_private_ip.yaml b/pkg/resourcecreator/testdata/gcp_database_private_ip.yaml
@@ -183,6 +183,7 @@ tests:
                         value: team-project-id
                       - name: GCP_TEAM_PROJECT_ID
                         value: team-project-id
+                initContainers:
                   - name: cloudsql-proxy
                     command:
                       - /cloud-sql-proxy
@@ -201,6 +202,7 @@ tests:
                         cpu: 50m
                         memory: 32Mi
                     imagePullPolicy: IfNotPresent
+                    restartPolicy: Always
                     securityContext:
                       allowPrivilegeEscalation: false
                       runAsUser: 2
diff --git a/pkg/resourcecreator/testdata/gcp_database_with_insights.yaml b/pkg/resourcecreator/testdata/gcp_database_with_insights.yaml
@@ -221,6 +221,7 @@ tests:
                         value: team-project-id
                       - name: GCP_TEAM_PROJECT_ID
                         value: team-project-id
+                initContainers:
                   - name: cloudsql-proxy
                     command:
                       - /cloud-sql-proxy
@@ -234,6 +235,7 @@ tests:
                         protocol: TCP
                     resources: {}
                     imagePullPolicy: IfNotPresent
+                    restartPolicy: Always
                     securityContext:
                       allowPrivilegeEscalation: false
                       runAsUser: 2
diff --git a/pkg/resourcecreator/testdata/naisjob/cronjob_gcp_database.yaml b/pkg/resourcecreator/testdata/naisjob/cronjob_gcp_database.yaml
@@ -210,6 +210,7 @@ tests:
                             value: team-project-id
                           - name: GCP_TEAM_PROJECT_ID
                             value: team-project-id
+                    initContainers:
                       - name: cloudsql-proxy
                         command:
                           - /cloud-sql-proxy
@@ -221,3 +222,4 @@ tests:
                         ports:
                           - containerPort: 5432
                             protocol: TCP
+                        restartPolicy: Always
diff --git a/pkg/synchronizer/synchronizer_test.go b/pkg/synchronizer/synchronizer_test.go
@@ -510,7 +510,9 @@ func TestSynchronizerResourceOptions(t *testing.T) {
 	err = rig.client.Get(ctx, req.NamespacedName, deploy)
 	assert.NoError(t, err)
 	expectedInstanceName := fmt.Sprintf("%s:%s:%s", testProjectId, google.Region, app.Name)
-	assert.Equal(t, expectedInstanceName, deploy.Spec.Template.Spec.Containers[1].Command[6])
+	cloudsqlProxyContainer := deploy.Spec.Template.Spec.InitContainers[0]
+	actualInstanceNameFromCommand := cloudsqlProxyContainer.Command[6]
+	assert.Equal(t, expectedInstanceName, actualInstanceNameFromCommand)
 
 	err = rig.client.Get(ctx, req.NamespacedName, sqlinstance)
 	assert.NoError(t, err)
