func()

in internal/workload/podspec_updates.go [726:770]

• 36 lines of code
• 11 McCabe index (conditional complexity)

func (s *updateState) applyContainerSpec(p *cloudsqlapi.AuthProxyWorkload, c *corev1.Container) {
	t := true
	var f bool
	c.Image = s.defaultProxyImage()
	c.Resources = defaultContainerResources
	c.SecurityContext = &corev1.SecurityContext{
		// The default Cloud SQL Auth Proxy image runs as the
		// "nonroot" user and group (uid: 65532) by default.
		RunAsNonRoot: &t,
		// Use a read-only filesystem
		ReadOnlyRootFilesystem: &t,
		// Do not allow privilege escalation
		AllowPrivilegeEscalation: &f,
	}

	if p.Spec.AuthProxyContainer == nil {
		return
	}

	if p.Spec.AuthProxyContainer.Image != "" {
		c.Image = p.Spec.AuthProxyContainer.Image
	}

	if p.Spec.AuthProxyContainer.Resources != nil {
		c.Resources = *p.Spec.AuthProxyContainer.Resources.DeepCopy()
	}

	if p.Spec.AuthProxyContainer.SQLAdminAPIEndpoint != "" {
		s.addProxyContainerEnvVar(p, "CSQL_PROXY_SQLADMIN_API_ENDPOINT", p.Spec.AuthProxyContainer.SQLAdminAPIEndpoint)
	}
	if p.Spec.AuthProxyContainer.MaxConnections != nil &&
		*p.Spec.AuthProxyContainer.MaxConnections != 0 {
		s.addProxyContainerEnvVar(p, "CSQL_PROXY_MAX_CONNECTIONS", fmt.Sprintf("%d", *p.Spec.AuthProxyContainer.MaxConnections))
	}
	if p.Spec.AuthProxyContainer.MaxSigtermDelay != nil &&
		*p.Spec.AuthProxyContainer.MaxSigtermDelay != 0 {
		s.addProxyContainerEnvVar(p, "CSQL_PROXY_MAX_SIGTERM_DELAY", fmt.Sprintf("%ds", *p.Spec.AuthProxyContainer.MaxSigtermDelay))
	}
	if p.Spec.AuthProxyContainer.MinSigtermDelay != nil &&
		*p.Spec.AuthProxyContainer.MinSigtermDelay != 0 {
		s.addProxyContainerEnvVar(p, "CSQL_PROXY_MIN_SIGTERM_DELAY", fmt.Sprintf("%ds", *p.Spec.AuthProxyContainer.MinSigtermDelay))
	}

	return
}