From b0d9b99b1fab70d169767bf97240b253ead1412e Mon Sep 17 00:00:00 2001 From: Zach Hayes Date: Mon, 16 Mar 2026 15:56:25 -0700 Subject: [PATCH 1/4] use vpc egress to comm with cloud sql --- deploy/reverse-watch-service.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/deploy/reverse-watch-service.yaml b/deploy/reverse-watch-service.yaml index 462ffbf..a2e0ecb 100644 --- a/deploy/reverse-watch-service.yaml +++ b/deploy/reverse-watch-service.yaml @@ -26,6 +26,9 @@ spec: containerConcurrency: 50 timeoutSeconds: 60 serviceAccountName: $GCP_RUNTIME_SERVICE_ACCOUNT + networkInterfaces: + - network: default + subnetwork: default containers: - name: reverse-watch-prod image: us-west1-docker.pkg.dev/$GCP_PROJECT_ID/reverse-watch/prod:$GITHUB_REF_NAME @@ -71,8 +74,8 @@ spec: memory: 8Gi startupProbe: timeoutSeconds: 240 - periodSeconds: 240 - failureThreshold: 1 + periodSeconds: 10 + failureThreshold: 24 tcpSocket: port: 80 livenessProbe: From 1d4157b334c0cd5a3d6a190c8edd55c14d25fac9 Mon Sep 17 00:00:00 2001 From: Zach Hayes Date: Mon, 16 Mar 2026 16:10:44 -0700 Subject: [PATCH 2/4] use newer fields --- deploy/reverse-watch-service.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/reverse-watch-service.yaml b/deploy/reverse-watch-service.yaml index a2e0ecb..ece5de6 100644 --- a/deploy/reverse-watch-service.yaml +++ b/deploy/reverse-watch-service.yaml @@ -22,13 +22,11 @@ spec: run.googleapis.com/execution-environment: gen2 run.googleapis.com/client-name: cloud-console run.googleapis.com/startup-cpu-boost: 'true' + run.googleapis.com/vpc-access-egress: private-ranges-only spec: containerConcurrency: 50 timeoutSeconds: 60 serviceAccountName: $GCP_RUNTIME_SERVICE_ACCOUNT - networkInterfaces: - - network: default - subnetwork: default containers: - name: reverse-watch-prod image: us-west1-docker.pkg.dev/$GCP_PROJECT_ID/reverse-watch/prod:$GITHUB_REF_NAME @@ -36,6 +34,8 @@ spec: - name: http1 containerPort: 80 env: + - name: CLOUDSQL_AUTH_PROXY_PRIVATE_IP + value: 'true' - name: ENVIRONMENT value: production - name: TRUSTPROXY From 0a4c9aa62194cfa5a01cc20343b53a0d25274c96 Mon Sep 17 00:00:00 2001 From: Zach Hayes Date: Mon, 16 Mar 2026 16:19:28 -0700 Subject: [PATCH 3/4] add annotation for direct egress --- deploy/reverse-watch-service.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/reverse-watch-service.yaml b/deploy/reverse-watch-service.yaml index ece5de6..641e437 100644 --- a/deploy/reverse-watch-service.yaml +++ b/deploy/reverse-watch-service.yaml @@ -22,6 +22,7 @@ spec: run.googleapis.com/execution-environment: gen2 run.googleapis.com/client-name: cloud-console run.googleapis.com/startup-cpu-boost: 'true' + run.googleapis.com/network-interfaces: '[{"network":"default","subnetwork":"default"}]' run.googleapis.com/vpc-access-egress: private-ranges-only spec: containerConcurrency: 50 From 72e547610d71101dfece8528997e74872f5fed30 Mon Sep 17 00:00:00 2001 From: Zach Hayes Date: Mon, 16 Mar 2026 17:14:48 -0700 Subject: [PATCH 4/4] update host and remove env var --- deploy/reverse-watch-service.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/deploy/reverse-watch-service.yaml b/deploy/reverse-watch-service.yaml index 641e437..7f8170c 100644 --- a/deploy/reverse-watch-service.yaml +++ b/deploy/reverse-watch-service.yaml @@ -35,8 +35,6 @@ spec: - name: http1 containerPort: 80 env: - - name: CLOUDSQL_AUTH_PROXY_PRIVATE_IP - value: 'true' - name: ENVIRONMENT value: production - name: TRUSTPROXY @@ -52,7 +50,7 @@ spec: - name: DATABASE_HOST valueFrom: secretKeyRef: - key: '1' + key: '2' name: db-host - name: DATABASE_USER valueFrom: