in internal/workload/podspec_updates.go [591:722]
func (s *updateState) updateContainer(p *cloudsqlapi.AuthProxyWorkload, c *corev1.Container) {
// if the c was fully overridden, just use that c.
if p.Spec.AuthProxyContainer != nil && p.Spec.AuthProxyContainer.Container != nil {
p.Spec.AuthProxyContainer.Container.DeepCopyInto(c)
c.Name = ContainerName(p)
return
}
// always enable http port healthchecks on 0.0.0.0 and structured logs
s.addHealthCheck(p, c)
s.applyTelemetrySpec(p)
// enable the proxy's admin service
s.addAdminServer(p)
// configure container authentication
s.addAuthentication(p)
// add the user agent
s.addProxyContainerEnvVar(p, "CSQL_PROXY_USER_AGENT", s.updater.userAgent)
// configure structured logs
s.addProxyContainerEnvVar(p, "CSQL_PROXY_STRUCTURED_LOGS", "true")
// configure quiet logs
if p.Spec.AuthProxyContainer != nil && p.Spec.AuthProxyContainer.Quiet {
s.addProxyContainerEnvVar(p, "CSQL_PROXY_QUIET", "true")
}
// configure lazy refresh
if p.Spec.AuthProxyContainer != nil && p.Spec.AuthProxyContainer.RefreshStrategy == cloudsqlapi.RefreshStrategyLazy {
s.addProxyContainerEnvVar(p, "CSQL_PROXY_LAZY_REFRESH", "true")
}
c.Name = ContainerName(p)
c.ImagePullPolicy = corev1.PullIfNotPresent
if s.updater.useSidecar {
policy := corev1.ContainerRestartPolicyAlways
c.RestartPolicy = &policy
}
s.applyContainerSpec(p, c)
// Build the c
var cliArgs []string
// Instances
for i := range p.Spec.Instances {
inst := &p.Spec.Instances[i]
params := map[string]string{}
// if it is a TCP socket
if inst.UnixSocketPath == "" {
port := s.useInstancePort(p, inst)
params["port"] = fmt.Sprint(port)
if inst.HostEnvName != "" {
s.addWorkloadEnvVar(p, inst, corev1.EnvVar{
Name: inst.HostEnvName,
Value: "127.0.0.1",
})
}
if inst.PortEnvName != "" {
s.addWorkloadEnvVar(p, inst, corev1.EnvVar{
Name: inst.PortEnvName,
Value: fmt.Sprint(port),
})
}
} else {
// else if it is a unix socket
params["unix-socket-path"] = inst.UnixSocketPath
mountName := VolumeName(p, inst, "unix")
s.addVolumeMount(p, inst,
corev1.VolumeMount{
Name: mountName,
ReadOnly: false,
MountPath: path.Dir(inst.UnixSocketPath),
},
corev1.Volume{
Name: mountName,
VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}},
})
if inst.UnixSocketPathEnvName != "" {
s.addWorkloadEnvVar(p, inst, corev1.EnvVar{
Name: inst.UnixSocketPathEnvName,
Value: inst.UnixSocketPath,
})
}
}
if inst.AutoIAMAuthN != nil {
if *inst.AutoIAMAuthN {
params["auto-iam-authn"] = "true"
} else {
params["auto-iam-authn"] = "false"
}
}
if inst.PrivateIP != nil {
if *inst.PrivateIP {
params["private-ip"] = "true"
} else {
params["private-ip"] = "false"
}
}
if inst.PSC != nil {
if *inst.PSC {
params["psc"] = "true"
} else {
params["psc"] = "false"
}
}
var instArgs []string
for k, v := range params {
instArgs = append(instArgs, fmt.Sprintf("%s=%s", k, v))
}
// sort the param args to make testing easier. params will always be
// in a stable order
sort.Strings(instArgs)
if len(instArgs) > 0 {
cliArgs = append(cliArgs, fmt.Sprintf("%s?%s", inst.ConnectionString, strings.Join(instArgs, "&")))
} else {
cliArgs = append(cliArgs, inst.ConnectionString)
}
}
c.Args = cliArgs
}