From b4c226acad2d0af9860eb191da96637f6906f94e Mon Sep 17 00:00:00 2001
From: "Jonathan Hess (he/him)" <103529393+hessjcg@users.noreply.github.com>
Date: Fri, 22 Nov 2024 11:46:24 -0700
Subject: [PATCH] feat: Add --min-sigterm-delay property to the workload
 configuration (#639)

The auth proxy added the flag --min-sigterm-delay in GoogleCloudPlatform/cloud-sql-proxy#2266.
This adds a matching configuration property to the operator's CRD.

Fixes #627
---
 docs/api.md                                | 1 +
 internal/api/v1/authproxyworkload_types.go | 7 +++++++
 internal/workload/podspec_updates.go       | 4 ++++
 internal/workload/podspec_updates_test.go  | 2 ++
 4 files changed, 14 insertions(+)

diff --git a/docs/api.md b/docs/api.md
index d42bf287..3933c85f 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -55,6 +55,7 @@ _Appears in:_
 | `authentication` _[AuthenticationSpec](#authenticationspec)_ | Authentication specifies the config for how the proxy authenticates itself<br />to the Google Cloud API. |  |  |
 | `maxConnections` _integer_ | MaxConnections limits the number of connections. Default value is no limit.<br />This sets the proxy container's CLI argument `--max-connections` |  | Minimum: 0 <br />Optional: {} <br /> |
 | `maxSigtermDelay` _integer_ | MaxSigtermDelay is the maximum number of seconds to wait for connections to<br />close after receiving a TERM signal. This sets the proxy container's<br />CLI argument `--max-sigterm-delay` and<br />configures `terminationGracePeriodSeconds` on the workload's PodSpec. |  | Minimum: 0 <br />Optional: {} <br /> |
+| `minSigtermDelay` _integer_ | MinSigtermDelay is the minimum number of seconds to wait for connections to<br />close after receiving a TERM signal. This sets the proxy container's<br />CLI argument `--min-sigterm-delay` |  | Minimum: 0 <br />Optional: {} <br /> |
 | `sqlAdminAPIEndpoint` _string_ | SQLAdminAPIEndpoint is a debugging parameter that when specified will<br />change the Google Cloud api endpoint used by the proxy. |  | Optional: {} <br /> |
 | `image` _string_ | Image is the URL to the proxy image. Optional, by default the operator<br />will use the latest Cloud SQL Auth Proxy version as of the release of the<br />operator.<br /><br />The operator ensures that all workloads configured with the default proxy<br />image are upgraded automatically to use to the latest released proxy image.<br /><br />When the customer upgrades the operator, the operator upgrades all<br />workloads using the default proxy image to the latest proxy image. The<br />change to the proxy container image is applied in accordance with<br />the RolloutStrategy. |  | Optional: {} <br /> |
 | `rolloutStrategy` _string_ | RolloutStrategy indicates the strategy to use when rolling out changes to<br />the workloads affected by the results. When this is set to<br />`Workload`, changes to this resource will be automatically applied<br />to a running Deployment, StatefulSet, DaemonSet, or ReplicaSet in<br />accordance with the Strategy set on that workload. When this is set to<br />`None`, the operator will take no action to roll out changes to affected<br />workloads. `Workload` will be used by default if no value is set.<br />See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy | Workload | Enum: [Workload None] <br />Optional: {} <br /> |
diff --git a/internal/api/v1/authproxyworkload_types.go b/internal/api/v1/authproxyworkload_types.go
index b288fec9..599429f6 100644
--- a/internal/api/v1/authproxyworkload_types.go
+++ b/internal/api/v1/authproxyworkload_types.go
@@ -181,6 +181,13 @@ type AuthProxyContainerSpec struct {
 	//+kubebuilder:validation:Minimum=0
 	MaxSigtermDelay *int64 `json:"maxSigtermDelay,omitempty"`
 
+	// MinSigtermDelay is the minimum number of seconds to wait for connections to
+	// close after receiving a TERM signal. This sets the proxy container's
+	// CLI argument `--min-sigterm-delay`
+	//+kubebuilder:validation:Optional
+	//+kubebuilder:validation:Minimum=0
+	MinSigtermDelay *int64 `json:"minSigtermDelay,omitempty"`
+
 	// SQLAdminAPIEndpoint is a debugging parameter that when specified will
 	// change the Google Cloud api endpoint used by the proxy.
 	//+kubebuilder:validation:Optional
diff --git a/internal/workload/podspec_updates.go b/internal/workload/podspec_updates.go
index 5696e982..3391dbfd 100644
--- a/internal/workload/podspec_updates.go
+++ b/internal/workload/podspec_updates.go
@@ -759,6 +759,10 @@ func (s *updateState) applyContainerSpec(p *cloudsqlapi.AuthProxyWorkload, c *co
 		*p.Spec.AuthProxyContainer.MaxSigtermDelay != 0 {
 		s.addProxyContainerEnvVar(p, "CSQL_PROXY_MAX_SIGTERM_DELAY", fmt.Sprintf("%ds", *p.Spec.AuthProxyContainer.MaxSigtermDelay))
 	}
+	if p.Spec.AuthProxyContainer.MinSigtermDelay != nil &&
+		*p.Spec.AuthProxyContainer.MinSigtermDelay != 0 {
+		s.addProxyContainerEnvVar(p, "CSQL_PROXY_MIN_SIGTERM_DELAY", fmt.Sprintf("%ds", *p.Spec.AuthProxyContainer.MinSigtermDelay))
+	}
 
 	return
 }
diff --git a/internal/workload/podspec_updates_test.go b/internal/workload/podspec_updates_test.go
index 811b2da5..97314962 100644
--- a/internal/workload/podspec_updates_test.go
+++ b/internal/workload/podspec_updates_test.go
@@ -669,6 +669,7 @@ func TestProxyCLIArgs(t *testing.T) {
 					},
 					MaxConnections:  ptr(int64(10)),
 					MaxSigtermDelay: ptr(int64(20)),
+					MinSigtermDelay: ptr(int64(15)),
 					Quiet:           true,
 					RefreshStrategy: "lazy",
 				},
@@ -697,6 +698,7 @@ func TestProxyCLIArgs(t *testing.T) {
 				"CSQL_PROXY_QUOTA_PROJECT":               "qp",
 				"CSQL_PROXY_MAX_CONNECTIONS":             "10",
 				"CSQL_PROXY_MAX_SIGTERM_DELAY":           "20s",
+				"CSQL_PROXY_MIN_SIGTERM_DELAY":           "15s",
 				"CSQL_PROXY_IMPERSONATE_SERVICE_ACCOUNT": "sv1@developer.gserviceaccount.com,sv2@developer.gserviceaccount.com",
 				"CSQL_PROXY_QUIET":                       "true",
 				"CSQL_PROXY_STRUCTURED_LOGS":             "true",