GoogleCloudPlatform · hessjcg · Dec 11, 2025
@@ -43,3 +43,5 @@ config/rbac/role.yaml
 internal/api/v1/zz_generated.deepcopy.go
 installer/install.sh
 installer/cloud-sql-proxy-operator.yaml
+.tools
+.envrc
@@ -90,6 +90,10 @@ generate:  ctrl_generate ctrl_manifests generate_crd_docs go_lint tf_lint instal
 build: generate build_push_docker ## Builds and pushes the docker image to tag defined in envvar IMG
 	@echo "TIME: $(shell date) end make build"
 
+.PHONY: build_docker_local
+build_docker_local: generate build_docker ## Builds the docker image but does not push
+	@echo "TIME: $(shell date) end make build"
+
 .PHONY: test
 test: generate go_test go_test_k8s_1_28 ## Run tests (but not internal/teste2e)
 	@echo "TIME: $(shell date) end make test"
@@ -151,6 +155,15 @@ build_push_docker: # Build docker image with the operator. set IMG env var befor
 	test -d 'bin' || mkdir -p bin
 	echo "$(IMG)" > bin/last-pushed-image-url.txt
 
+.PHONY: build_docker
+build_docker: # Build docker image with the operator. set IMG env var before running: `IMG=example.com/img:1.0 make build`
+	docker buildx build --platform "linux/amd64" \
+	  --build-arg GO_LD_FLAGS="$(VERSION_LDFLAGS)" \
+	  -f "Dockerfile-operator" \
+	  "$(PWD)"
+	test -d 'bin' || mkdir -p bin
+	echo "$(IMG)" > bin/last-pushed-image-url.txt
+
 .PHONY: go_lint
 go_lint: golangci-lint # Run go lint tools, fail if unchecked errors
 	# Implements golang CI based on settings described here:

@@ -29,9 +29,9 @@ function clean() {
   make clean
 }
 
-## build - Builds the project without running tests.
+## build - Builds the project without running tests or pushing the container image
 function build() {
-   make build
+   make build_docker_local
 }
 
 ## test - Runs local unit tests.

@@ -12,16 +12,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 resources:
-  - manager.yaml
+- manager.yaml
 generatorOptions:
   disableNameSuffixHash: true
 configMapGenerator:
-  - files:
-      - controller_manager_config.yaml
-    name: manager-config
+- files:
+  - controller_manager_config.yaml
+  name: manager-config
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
-  - name: controller
-    newName: cloud-sql-proxy-operator
-    newTag: latest
+- name: controller
+  newName: us-central1-docker.pkg.dev/hessjc-csql-operator-04/testhessjc/cloud-sql-auth-proxy-operator
+  newTag: f2eb19b2d91f77a5c4c800a64902bbff720c8bd6-dirty-20260122T2138
@@ -58,7 +58,7 @@ _Appears in:_
 | `maxSigtermDelay` _integer_ | MaxSigtermDelay is the maximum number of seconds to wait for connections to<br />close after receiving a TERM signal. This sets the proxy container's<br />CLI argument `--max-sigterm-delay` and<br />configures `terminationGracePeriodSeconds` on the workload's PodSpec. |  | Minimum: 0 <br />Optional: \{\} <br /> |
 | `minSigtermDelay` _integer_ | MinSigtermDelay is the minimum number of seconds to wait for connections to<br />close after receiving a TERM signal. This sets the proxy container's<br />CLI argument `--min-sigterm-delay` |  | Minimum: 0 <br />Optional: \{\} <br /> |
 | `sqlAdminAPIEndpoint` _string_ | SQLAdminAPIEndpoint is a debugging parameter that when specified will<br />change the Google Cloud api endpoint used by the proxy. |  | Optional: \{\} <br /> |
-| `image` _string_ | Image is the URL to the proxy image. Optional, by default the operator<br />will use the latest Cloud SQL Auth Proxy version as of the release of the<br />operator.<br /><br />The operator ensures that all workloads configured with the default proxy<br />image are upgraded automatically to use to the latest released proxy image.<br /><br />When the customer upgrades the operator, the operator upgrades all<br />workloads using the default proxy image to the latest proxy image. The<br />change to the proxy container image is applied in accordance with<br />the RolloutStrategy. |  | Optional: \{\} <br /> |
+| `image` _string_ | Image is the URL to the proxy image. Optional, by default the operator<br />will use the latest Cloud SQL Auth Proxy version as of the release of the<br />operator.<br />The operator ensures that all workloads configured with the default proxy<br />image are upgraded automatically to use to the latest released proxy image.<br />When the customer upgrades the operator, the operator upgrades all<br />workloads using the default proxy image to the latest proxy image. The<br />change to the proxy container image is applied in accordance with<br />the RolloutStrategy. |  | Optional: \{\} <br /> |
 | `rolloutStrategy` _string_ | RolloutStrategy indicates the strategy to use when rolling out changes to<br />the workloads affected by the results. When this is set to<br />`Workload`, changes to this resource will be automatically applied<br />to a running Deployment, StatefulSet, DaemonSet, or ReplicaSet in<br />accordance with the Strategy set on that workload. When this is set to<br />`None`, the operator will take no action to roll out changes to affected<br />workloads. `Workload` will be used by default if no value is set.<br />See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy | Workload | Enum: [Workload None] <br />Optional: \{\} <br /> |
 | `refreshStrategy` _string_ | RefreshStrategy indicates which refresh strategy the proxy should use.<br />When this is set to `lazy`, the proxy will use a lazy refresh strategy,<br />and will be configured to run with the --lazy-refresh flag. When this<br />omitted or set to `background`, the proxy will use the default background<br />refresh strategy.<br />See: https://github.com/GoogleCloudPlatform/cloud-sql-proxy/?tab=readme-ov-file#configuring-a-lazy-refresh | background | Enum: [lazy background] <br />Optional: \{\} <br /> |
 | `quiet` _boolean_ | Quiet configures the proxy's --quiet flag to limit the amount of<br />logging generated by the proxy container. |  |  |
@@ -130,25 +130,21 @@ _Appears in:_
 InstanceSpec describes the configuration for how the proxy should expose
 a Cloud SQL database instance to a workload.
 
-
 In the minimum recommended configuration, the operator will choose
 a non-conflicting TCP port and set environment
 variables MY_DB_SERVER_PORT MY_DB_SERVER_HOST with the value of the TCP port
 and hostname. The application can read these values to connect to the database
 through the proxy. For example:
 
-
 	`{
 			   "connectionString":"my-project:us-central1:my-db-server",
 			   "portEnvName":"MY_DB_SERVER_PORT"
 			   "hostEnvName":"MY_DB_SERVER_HOST"
 	}`
 
-
 If you want to assign a specific port number for a database, set the `port`
 field. For example:
 
-
 	`{ "connectionString":"my-project:us-central1:my-db-server", "port":5000 }`
 
 

@@ -43,6 +43,9 @@ resource "google_container_cluster" "primary" {
   remove_default_node_pool = true
   resource_labels          = local.standard_labels
 
+  lifecycle {
+    ignore_changes = [min_master_version]
+  }
 }
 
 resource "google_container_node_pool" "primary_preemptible_nodes" {
@@ -78,6 +81,9 @@ resource "google_container_node_pool" "primary_preemptible_nodes" {
       "https://www.googleapis.com/auth/sqlservice.admin",
     ]
   }
+  lifecycle {
+    ignore_changes = [version]
+  }
 }
 
 

@@ -41,6 +41,10 @@ resource "google_container_cluster" "private" {
     services_secondary_range_name = google_compute_subnetwork.private_k8s_network.secondary_ip_range.0.range_name
     cluster_secondary_range_name  = google_compute_subnetwork.private_k8s_network.secondary_ip_range.1.range_name
   }
+
+  lifecycle {
+    ignore_changes = [min_master_version]
+  }
 }
 
 resource "google_container_node_pool" "private_preemptible_nodes" {
@@ -82,6 +86,9 @@ resource "google_container_node_pool" "private_preemptible_nodes" {
       "https://www.googleapis.com/auth/sqlservice.admin",
     ]
   }
+  lifecycle {
+    ignore_changes = [version]
+  }
 }