From 93fca0cc2ef1aced7303f209abec86b27a8579d2 Mon Sep 17 00:00:00 2001 From: Eno Compton Date: Mon, 3 May 2021 11:31:37 -0600 Subject: [PATCH 1/7] chore: include example resource requests Fixes #103. --- examples/kubernetes/README.md | 2 +- examples/kubernetes/proxy_with_sa_key.yaml | 14 ++++++++++++++ .../kubernetes/proxy_with_workload_identity.yaml | 14 ++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/examples/kubernetes/README.md b/examples/kubernetes/README.md index 12f53db53..faa6016d2 100644 --- a/examples/kubernetes/README.md +++ b/examples/kubernetes/README.md @@ -176,7 +176,7 @@ as a separate service for several reasons: accurately scope and request resources to match your applications as it scales -1. Add the Cloud SQL proxy to the pod configuration under `containers:` : +1. Add the Cloud SQL proxy to the pod configuration under `containers`: > [proxy_with_workload-identity.yaml](proxy_with_workload_identity.yaml#L33-L549) ```yaml - name: cloud-sql-proxy diff --git a/examples/kubernetes/proxy_with_sa_key.yaml b/examples/kubernetes/proxy_with_sa_key.yaml index 57af06195..caa43da2b 100644 --- a/examples/kubernetes/proxy_with_sa_key.yaml +++ b/examples/kubernetes/proxy_with_sa_key.yaml @@ -57,6 +57,20 @@ spec: mountPath: /secrets/ readOnly: true # [END cloud_sql_proxy_k8s_volume_mount] + # Resource configuration depends on an application's requirements. The + # number of connections is correlated to memory use. The amount of IO + # across each connection is correlated to CPU use. Users should adjust + # the following values based on what their application needs. + # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + # More connections require more memory. Fewer connections require + # less memory. Adjust this value based on your application's + # requirements. + memory: "2Gi" + # More database IO require more CPUs. Less database IO require less + # CPU. Adjust this value based on your application's requirements. + cpu: "2" # [START cloud_sql_proxy_k8s_volume_secret] volumes: - name: diff --git a/examples/kubernetes/proxy_with_workload_identity.yaml b/examples/kubernetes/proxy_with_workload_identity.yaml index 9246ed2cc..43bc42e1b 100644 --- a/examples/kubernetes/proxy_with_workload_identity.yaml +++ b/examples/kubernetes/proxy_with_workload_identity.yaml @@ -54,4 +54,18 @@ spec: # The default Cloud SQL proxy image runs as the # "nonroot" user and group (uid: 65532) by default. runAsNonRoot: true + # Resource configuration depends on an application's requirements. The + # number of connections is correlated to memory use. The amount of IO + # across each connection is correlated to CPU use. Users should adjust + # the following values based on what their application needs. + # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + # More connections require more memory. Fewer connections require + # less memory. Adjust this value based on your application's + # requirements. + memory: "2Gi" + # More database IO require more CPUs. Less database IO require less + # CPU. Adjust this value based on your application's requirements. + cpu: "2" # [END cloud_sql_proxy_k8s_container] From 8f9d2d3ed1798336a1a05ec11f064d5901616d22 Mon Sep 17 00:00:00 2001 From: Eno Compton Date: Mon, 3 May 2021 11:33:14 -0600 Subject: [PATCH 2/7] chore: add note with URL --- examples/kubernetes/proxy_with_sa_key.yaml | 2 +- examples/kubernetes/proxy_with_workload_identity.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/kubernetes/proxy_with_sa_key.yaml b/examples/kubernetes/proxy_with_sa_key.yaml index caa43da2b..2e2e3e359 100644 --- a/examples/kubernetes/proxy_with_sa_key.yaml +++ b/examples/kubernetes/proxy_with_sa_key.yaml @@ -61,7 +61,7 @@ spec: # number of connections is correlated to memory use. The amount of IO # across each connection is correlated to CPU use. Users should adjust # the following values based on what their application needs. - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + # For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: requests: # More connections require more memory. Fewer connections require diff --git a/examples/kubernetes/proxy_with_workload_identity.yaml b/examples/kubernetes/proxy_with_workload_identity.yaml index 43bc42e1b..931e15762 100644 --- a/examples/kubernetes/proxy_with_workload_identity.yaml +++ b/examples/kubernetes/proxy_with_workload_identity.yaml @@ -58,7 +58,7 @@ spec: # number of connections is correlated to memory use. The amount of IO # across each connection is correlated to CPU use. Users should adjust # the following values based on what their application needs. - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + # For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: requests: # More connections require more memory. Fewer connections require From c5e94b48479ce3c94cb1a1da285316cce64e1cdb Mon Sep 17 00:00:00 2001 From: Eno Compton Date: Mon, 3 May 2021 11:44:43 -0600 Subject: [PATCH 3/7] chore: ensure README links point to correct lines --- examples/kubernetes/README.md | 64 +++++++++++-------- examples/kubernetes/proxy_with_sa_key.yaml | 2 +- .../proxy_with_workload_identity.yaml | 2 +- 3 files changed, 41 insertions(+), 27 deletions(-) diff --git a/examples/kubernetes/README.md b/examples/kubernetes/README.md index faa6016d2..157b45e47 100644 --- a/examples/kubernetes/README.md +++ b/examples/kubernetes/README.md @@ -21,7 +21,7 @@ user, and password which can be injected into your application as env vars. ``` 2. Next, configure your application's container to mount the secrets as env vars: - > [proxy_with_workload_identity.yaml](proxy_with_workload_identity.yaml#L12-L30) + > [proxy_with_workload_identity.yaml](proxy_with_workload_identity.yaml#L21-L36) ```yaml env: - name: DB_USER @@ -83,7 +83,7 @@ bind a [Kubernetes Service Account (KSA)][ksa] to a Google Service Account 1. [Enable Workload Identity for your node pool][enable-wi-node-pool] 1. Create a KSA for your application `kubectl apply -f service-account.yaml`: - > [service-account.yaml](service-account.yaml#L2-L5) + > [service-account.yaml](service_account.yaml#L2-L5) ```yaml apiVersion: v1 kind: ServiceAccount @@ -145,12 +145,12 @@ to mount a service account key file into the Cloud SQL proxy pod and use the --from-file=service_account.json=~/key.json ``` 3. Mount the secret as a volume under the`spec:` for your k8s object: - > [proxy_with_sa_key.yaml](proxy_with_sa_key.yaml#L55-L58) + > [proxy_with_sa_key.yaml](proxy_with_sa_key.yaml#L75-L78) ```yaml volumes: - name: - secret: - secretName: + secret: + secretName: ``` 4. Follow the instructions in the next section to access the volume from the @@ -177,31 +177,45 @@ as a separate service for several reasons: scales 1. Add the Cloud SQL proxy to the pod configuration under `containers`: - > [proxy_with_workload-identity.yaml](proxy_with_workload_identity.yaml#L33-L549) + > [proxy_with_workload-identity.yaml](proxy_with_workload_identity.yaml#L39-L70) ```yaml - name: cloud-sql-proxy - # It is recommended to use the latest version of the Cloud SQL proxy - # Make sure to update on a regular schedule! - image: gcr.io/cloudsql-docker/gce-proxy:1.17 - command: - - "/cloud_sql_proxy" - - # If connecting from a VPC-native GKE cluster, you can use the - # following flag to have the proxy connect over private IP - # - "-ip_address_types=PRIVATE" - - # Replace DB_PORT with the port the proxy should listen on - # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433 - - "-instances==tcp:" - securityContext: - # The default Cloud SQL proxy image runs as the - # "nonroot" user and group (uid: 65532) by default. - runAsNonRoot: true + # It is recommended to use the latest version of the Cloud SQL proxy + # Make sure to update on a regular schedule! + image: gcr.io/cloudsql-docker/gce-proxy:1.17 + command: + - "/cloud_sql_proxy" + + # If connecting from a VPC-native GKE cluster, you can use the + # following flag to have the proxy connect over private IP + # - "-ip_address_types=PRIVATE" + + # Replace DB_PORT with the port the proxy should listen on + # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433 + - "-instances==tcp:" + securityContext: + # The default Cloud SQL proxy image runs as the + # "nonroot" user and group (uid: 65532) by default. + runAsNonRoot: true + # Resource configuration depends on an application's requirements. The + # number of connections is correlated to memory use. The amount of IO + # across each connection is correlated to CPU use. Users should adjust + # the following values based on what their application needs. + # For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + # More connections require more memory. Fewer connections require + # less memory. Adjust this value based on your application's + # requirements. + memory: "2Gi" + # More database IO require more CPUs. Less database IO require less + # CPU. Adjust this value based on your application's requirements. + cpu: "1" ``` If you are using a service account key, specify your secret volume and add the `-credential_file` flag to the command: - > [proxy_with_sa_key.yaml](proxy_with_sa_key.yaml#L43-L52) + > [proxy_with_sa_key.yaml](proxy_with_sa_key.yaml#L49-L58) ```yaml # This flag specifies where the service account key can be found - "-credential_file=/secrets/service_account.json" @@ -231,7 +245,7 @@ a Cloud SQL instance on the same VPC using private IP without the proxy. ``` 2. Next make sure you add the secret to your application's container: - > [no_proxy_private_ip.yaml](no_proxy_private_ip.yaml#L28-L32) + > [no_proxy_private_ip.yaml](no_proxy_private_ip.yaml#L34-L38) ```yaml - name: DB_HOST valueFrom: diff --git a/examples/kubernetes/proxy_with_sa_key.yaml b/examples/kubernetes/proxy_with_sa_key.yaml index 2e2e3e359..19e76d54e 100644 --- a/examples/kubernetes/proxy_with_sa_key.yaml +++ b/examples/kubernetes/proxy_with_sa_key.yaml @@ -70,7 +70,7 @@ spec: memory: "2Gi" # More database IO require more CPUs. Less database IO require less # CPU. Adjust this value based on your application's requirements. - cpu: "2" + cpu: "1" # [START cloud_sql_proxy_k8s_volume_secret] volumes: - name: diff --git a/examples/kubernetes/proxy_with_workload_identity.yaml b/examples/kubernetes/proxy_with_workload_identity.yaml index 931e15762..33070b713 100644 --- a/examples/kubernetes/proxy_with_workload_identity.yaml +++ b/examples/kubernetes/proxy_with_workload_identity.yaml @@ -67,5 +67,5 @@ spec: memory: "2Gi" # More database IO require more CPUs. Less database IO require less # CPU. Adjust this value based on your application's requirements. - cpu: "2" + cpu: "1" # [END cloud_sql_proxy_k8s_container] From 45c8b6b215becad021172360d363b746ad80053d Mon Sep 17 00:00:00 2001 From: Eno Compton Date: Mon, 3 May 2021 11:50:11 -0600 Subject: [PATCH 4/7] chore: improve wording in documentation --- examples/kubernetes/README.md | 7 +------ examples/kubernetes/proxy_with_sa_key.yaml | 19 +++++++++---------- .../proxy_with_workload_identity.yaml | 19 +++++++++---------- 3 files changed, 19 insertions(+), 26 deletions(-) diff --git a/examples/kubernetes/README.md b/examples/kubernetes/README.md index 157b45e47..e774dad41 100644 --- a/examples/kubernetes/README.md +++ b/examples/kubernetes/README.md @@ -38,7 +38,7 @@ user, and password which can be injected into your application as env vars. valueFrom: secretKeyRef: name: - key: database + key database ``` 3. Finally, configure your application to use these values. In the example above, the values will be in the env vars `DB_USER`, `DB_PASS`, and `DB_NAME`. @@ -197,11 +197,6 @@ as a separate service for several reasons: # The default Cloud SQL proxy image runs as the # "nonroot" user and group (uid: 65532) by default. runAsNonRoot: true - # Resource configuration depends on an application's requirements. The - # number of connections is correlated to memory use. The amount of IO - # across each connection is correlated to CPU use. Users should adjust - # the following values based on what their application needs. - # For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: requests: # More connections require more memory. Fewer connections require diff --git a/examples/kubernetes/proxy_with_sa_key.yaml b/examples/kubernetes/proxy_with_sa_key.yaml index 19e76d54e..248b91ec6 100644 --- a/examples/kubernetes/proxy_with_sa_key.yaml +++ b/examples/kubernetes/proxy_with_sa_key.yaml @@ -57,19 +57,18 @@ spec: mountPath: /secrets/ readOnly: true # [END cloud_sql_proxy_k8s_volume_mount] - # Resource configuration depends on an application's requirements. The - # number of connections is correlated to memory use. The amount of IO - # across each connection is correlated to CPU use. Users should adjust - # the following values based on what their application needs. - # For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + # Resource configuration depends on an application's requirements. You + # should adjust the following values based on what your application + # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: requests: - # More connections require more memory. Fewer connections require - # less memory. Adjust this value based on your application's - # requirements. + # The proxy's memory use scales linearly with the number of active + # connections. Fewer open connections will use less memory. Adjust + # this value based on your application's requirements. memory: "2Gi" - # More database IO require more CPUs. Less database IO require less - # CPU. Adjust this value based on your application's requirements. + # The proxy's CPU use scales linearly with the amount of IO between + # the database and the application. Adjust this value values on your + # application's requirements. cpu: "1" # [START cloud_sql_proxy_k8s_volume_secret] volumes: diff --git a/examples/kubernetes/proxy_with_workload_identity.yaml b/examples/kubernetes/proxy_with_workload_identity.yaml index 33070b713..5f9e8d546 100644 --- a/examples/kubernetes/proxy_with_workload_identity.yaml +++ b/examples/kubernetes/proxy_with_workload_identity.yaml @@ -54,18 +54,17 @@ spec: # The default Cloud SQL proxy image runs as the # "nonroot" user and group (uid: 65532) by default. runAsNonRoot: true - # Resource configuration depends on an application's requirements. The - # number of connections is correlated to memory use. The amount of IO - # across each connection is correlated to CPU use. Users should adjust - # the following values based on what their application needs. - # For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + # Resource configuration depends on an application's requirements. You + # should adjust the following values based on what your application + # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: requests: - # More connections require more memory. Fewer connections require - # less memory. Adjust this value based on your application's - # requirements. + # The proxy's memory use scales linearly with the number of active + # connections. Fewer open connections will use less memory. Adjust + # this value based on your application's requirements. memory: "2Gi" - # More database IO require more CPUs. Less database IO require less - # CPU. Adjust this value based on your application's requirements. + # The proxy's CPU use scales linearly with the amount of IO between + # the database and the application. Adjust this value values on your + # application's requirements. cpu: "1" # [END cloud_sql_proxy_k8s_container] From e536f76f81987f4a00f2224b203171f57a6943fa Mon Sep 17 00:00:00 2001 From: Eno Compton Date: Mon, 3 May 2021 11:52:52 -0600 Subject: [PATCH 5/7] chore: correct another link --- examples/kubernetes/README.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/examples/kubernetes/README.md b/examples/kubernetes/README.md index e774dad41..a9827d5e7 100644 --- a/examples/kubernetes/README.md +++ b/examples/kubernetes/README.md @@ -177,7 +177,7 @@ as a separate service for several reasons: scales 1. Add the Cloud SQL proxy to the pod configuration under `containers`: - > [proxy_with_workload-identity.yaml](proxy_with_workload_identity.yaml#L39-L70) + > [proxy_with_workload-identity.yaml](proxy_with_workload_identity.yaml#L39-L69) ```yaml - name: cloud-sql-proxy # It is recommended to use the latest version of the Cloud SQL proxy @@ -197,14 +197,18 @@ as a separate service for several reasons: # The default Cloud SQL proxy image runs as the # "nonroot" user and group (uid: 65532) by default. runAsNonRoot: true + # Resource configuration depends on an application's requirements. You + # should adjust the following values based on what your application + # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: requests: - # More connections require more memory. Fewer connections require - # less memory. Adjust this value based on your application's - # requirements. + # The proxy's memory use scales linearly with the number of active + # connections. Fewer open connections will use less memory. Adjust + # this value based on your application's requirements. memory: "2Gi" - # More database IO require more CPUs. Less database IO require less - # CPU. Adjust this value based on your application's requirements. + # The proxy's CPU use scales linearly with the amount of IO between + # the database and the application. Adjust this value values on your + # application's requirements. cpu: "1" ``` If you are using a service account key, specify your secret volume and add From e9520efc9ef677220f30e088cfd43f680a4357b8 Mon Sep 17 00:00:00 2001 From: Eno Compton Date: Mon, 3 May 2021 11:55:57 -0600 Subject: [PATCH 6/7] chore: correct typos --- examples/kubernetes/README.md | 4 ++-- examples/kubernetes/proxy_with_sa_key.yaml | 2 +- examples/kubernetes/proxy_with_workload_identity.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/kubernetes/README.md b/examples/kubernetes/README.md index a9827d5e7..b94dc8805 100644 --- a/examples/kubernetes/README.md +++ b/examples/kubernetes/README.md @@ -38,7 +38,7 @@ user, and password which can be injected into your application as env vars. valueFrom: secretKeyRef: name: - key database + key: database ``` 3. Finally, configure your application to use these values. In the example above, the values will be in the env vars `DB_USER`, `DB_PASS`, and `DB_NAME`. @@ -207,7 +207,7 @@ as a separate service for several reasons: # this value based on your application's requirements. memory: "2Gi" # The proxy's CPU use scales linearly with the amount of IO between - # the database and the application. Adjust this value values on your + # the database and the application. Adjust this value based on your # application's requirements. cpu: "1" ``` diff --git a/examples/kubernetes/proxy_with_sa_key.yaml b/examples/kubernetes/proxy_with_sa_key.yaml index 248b91ec6..be5765866 100644 --- a/examples/kubernetes/proxy_with_sa_key.yaml +++ b/examples/kubernetes/proxy_with_sa_key.yaml @@ -67,7 +67,7 @@ spec: # this value based on your application's requirements. memory: "2Gi" # The proxy's CPU use scales linearly with the amount of IO between - # the database and the application. Adjust this value values on your + # the database and the application. Adjust this value based on your # application's requirements. cpu: "1" # [START cloud_sql_proxy_k8s_volume_secret] diff --git a/examples/kubernetes/proxy_with_workload_identity.yaml b/examples/kubernetes/proxy_with_workload_identity.yaml index 5f9e8d546..042aca4a3 100644 --- a/examples/kubernetes/proxy_with_workload_identity.yaml +++ b/examples/kubernetes/proxy_with_workload_identity.yaml @@ -64,7 +64,7 @@ spec: # this value based on your application's requirements. memory: "2Gi" # The proxy's CPU use scales linearly with the amount of IO between - # the database and the application. Adjust this value values on your + # the database and the application. Adjust this value based on your # application's requirements. cpu: "1" # [END cloud_sql_proxy_k8s_container] From 6acd9d3bc1289b6106127437c47aff74fab10aa3 Mon Sep 17 00:00:00 2001 From: Eno Compton Date: Mon, 3 May 2021 11:57:53 -0600 Subject: [PATCH 7/7] chore: correct another link --- examples/kubernetes/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/kubernetes/README.md b/examples/kubernetes/README.md index b94dc8805..6d33d191b 100644 --- a/examples/kubernetes/README.md +++ b/examples/kubernetes/README.md @@ -145,7 +145,7 @@ to mount a service account key file into the Cloud SQL proxy pod and use the --from-file=service_account.json=~/key.json ``` 3. Mount the secret as a volume under the`spec:` for your k8s object: - > [proxy_with_sa_key.yaml](proxy_with_sa_key.yaml#L75-L78) + > [proxy_with_sa_key.yaml](proxy_with_sa_key.yaml#L74-L77) ```yaml volumes: - name: