Make cloudsql-proxy into a proper sidecar container (#588)

This makes sure that cloudsql-proxy will start before the application, and not be stopped until the main application container has exited.

Co-authored-by: Vegar Sechmann Molvig <[email protected]>

Author: mortenlj

pkg/resourcecreator/google/helpers.go

@@ -35,6 +35,7 @@ func CloudSqlProxyContainer(port int32, googleCloudSQLProxyContainerImage, proje
 		Name:            "cloudsql-proxy",
 		Image:           googleCloudSQLProxyContainerImage,
 		ImagePullPolicy: corev1.PullIfNotPresent,
+		RestartPolicy:   ptr.To(corev1.ContainerRestartPolicyAlways),
 		Ports: []corev1.ContainerPort{{
 			ContainerPort: port,
 			Protocol:      corev1.ProtocolTCP,

pkg/resourcecreator/google/sql/instance.go

@@ -103,7 +103,7 @@ func CreateInstance(source Source, ast *resource.Ast, cfg Config) error {
 
 	if needsCloudSqlProxyContainer {
 		cloudSqlProxyContainer := google.CloudSqlProxyContainer(5432, cfg.GetGoogleCloudSQLProxyContainerImage(), googleTeamProjectID, googleSqlInstance.Name)
-		ast.Containers = append(ast.Containers, cloudSqlProxyContainer)
+		ast.InitContainers = append(ast.InitContainers, cloudSqlProxyContainer)
 	}
 
 	return nil
@@ -311,4 +311,4 @@ func CreateSqlSSLCertResource(ast *resource.Ast, instanceName string, source Sou
 	ast.VolumeMounts = append(ast.VolumeMounts, pod.FromFilesVolumeMount(sqeletorVolumeName, nais_io_v1alpha1.DefaultSqeletorMountPath, "", true))
 
 	ast.AppendOperation(resource.OperationCreateIfNotExists, sqlSSLCert)
-}
+}

pkg/resourcecreator/testdata/gcp_database.yaml

@@ -223,6 +223,7 @@ tests:
                         value: team-project-id
                       - name: GCP_TEAM_PROJECT_ID
                         value: team-project-id
+                initContainers:
                   - name: cloudsql-proxy
                     command:
                       - /cloud-sql-proxy
@@ -241,6 +242,7 @@ tests:
                         cpu: 50m
                         memory: 32Mi
                     imagePullPolicy: IfNotPresent
+                    restartPolicy: Always
                     securityContext:
                       allowPrivilegeEscalation: false
                       runAsUser: 2

pkg/resourcecreator/testdata/gcp_database_private_ip.yaml

@@ -183,6 +183,7 @@ tests:
                         value: team-project-id
                       - name: GCP_TEAM_PROJECT_ID
                         value: team-project-id
+                initContainers:
                   - name: cloudsql-proxy
                     command:
                       - /cloud-sql-proxy
@@ -201,6 +202,7 @@ tests:
                         cpu: 50m
                         memory: 32Mi
                     imagePullPolicy: IfNotPresent
+                    restartPolicy: Always
                     securityContext:
                       allowPrivilegeEscalation: false
                       runAsUser: 2

pkg/resourcecreator/testdata/gcp_database_with_insights.yaml

@@ -220,6 +220,7 @@ tests:
                         value: team-project-id
                       - name: GCP_TEAM_PROJECT_ID
                         value: team-project-id
+                initContainers:
                   - name: cloudsql-proxy
                     command:
                       - /cloud-sql-proxy
@@ -233,6 +234,7 @@ tests:
                         protocol: TCP
                     resources: {}
                     imagePullPolicy: IfNotPresent
+                    restartPolicy: Always
                     securityContext:
                       allowPrivilegeEscalation: false
                       runAsUser: 2

pkg/resourcecreator/testdata/naisjob/cronjob_gcp_database.yaml

@@ -209,6 +209,7 @@ tests:
                             value: team-project-id
                           - name: GCP_TEAM_PROJECT_ID
                             value: team-project-id
+                    initContainers:
                       - name: cloudsql-proxy
                         command:
                           - /cloud-sql-proxy
@@ -220,3 +221,4 @@ tests:
                         ports:
                           - containerPort: 5432
                             protocol: TCP
+                        restartPolicy: Always

pkg/synchronizer/synchronizer_test.go

@@ -558,7 +558,9 @@ func TestSynchronizerResourceOptions(t *testing.T) {
 	err = rig.client.Get(ctx, req.NamespacedName, deploy)
 	assert.NoError(t, err)
 	expectedInstanceName := fmt.Sprintf("%s:%s:%s", testProjectId, google.Region, app.Name)
-	assert.Equal(t, expectedInstanceName, deploy.Spec.Template.Spec.Containers[1].Command[6])
+	cloudsqlProxyContainer := deploy.Spec.Template.Spec.InitContainers[0]
+	actualInstanceNameFromCommand := cloudsqlProxyContainer.Command[6]
+	assert.Equal(t, expectedInstanceName, actualInstanceNameFromCommand)
 
 	err = rig.client.Get(ctx, req.NamespacedName, sqlinstance)
 	assert.NoError(t, err)