feat: Add --min-sigterm-delay property to the workload configuration

docs/api.md

@@ -55,6 +55,7 @@ _Appears in:_
 | `authentication` _[AuthenticationSpec](#authenticationspec)_ | Authentication specifies the config for how the proxy authenticates itself<br />to the Google Cloud API. |  |  |
 | `maxConnections` _integer_ | MaxConnections limits the number of connections. Default value is no limit.<br />This sets the proxy container's CLI argument `--max-connections` |  | Minimum: 0 <br />Optional: {} <br /> |
 | `maxSigtermDelay` _integer_ | MaxSigtermDelay is the maximum number of seconds to wait for connections to<br />close after receiving a TERM signal. This sets the proxy container's<br />CLI argument `--max-sigterm-delay` and<br />configures `terminationGracePeriodSeconds` on the workload's PodSpec. |  | Minimum: 0 <br />Optional: {} <br /> |
+| `minSigtermDelay` _integer_ | MinSigtermDelay is the minimum number of seconds to wait for connections to<br />close after receiving a TERM signal. This sets the proxy container's<br />CLI argument `--min-sigterm-delay` |  | Minimum: 0 <br />Optional: {} <br /> |
 | `sqlAdminAPIEndpoint` _string_ | SQLAdminAPIEndpoint is a debugging parameter that when specified will<br />change the Google Cloud api endpoint used by the proxy. |  | Optional: {} <br /> |
 | `image` _string_ | Image is the URL to the proxy image. Optional, by default the operator<br />will use the latest Cloud SQL Auth Proxy version as of the release of the<br />operator.<br /><br />The operator ensures that all workloads configured with the default proxy<br />image are upgraded automatically to use to the latest released proxy image.<br /><br />When the customer upgrades the operator, the operator upgrades all<br />workloads using the default proxy image to the latest proxy image. The<br />change to the proxy container image is applied in accordance with<br />the RolloutStrategy. |  | Optional: {} <br /> |
 | `rolloutStrategy` _string_ | RolloutStrategy indicates the strategy to use when rolling out changes to<br />the workloads affected by the results. When this is set to<br />`Workload`, changes to this resource will be automatically applied<br />to a running Deployment, StatefulSet, DaemonSet, or ReplicaSet in<br />accordance with the Strategy set on that workload. When this is set to<br />`None`, the operator will take no action to roll out changes to affected<br />workloads. `Workload` will be used by default if no value is set.<br />See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy | Workload | Enum: [Workload None] <br />Optional: {} <br /> |

internal/api/v1/authproxyworkload_types.go

@@ -181,6 +181,13 @@ type AuthProxyContainerSpec struct {
 	//+kubebuilder:validation:Minimum=0
 	MaxSigtermDelay *int64 `json:"maxSigtermDelay,omitempty"`
 
+	// MinSigtermDelay is the minimum number of seconds to wait for connections to
+	// close after receiving a TERM signal. This sets the proxy container's
+	// CLI argument `--min-sigterm-delay`
+	//+kubebuilder:validation:Optional
+	//+kubebuilder:validation:Minimum=0
+	MinSigtermDelay *int64 `json:"minSigtermDelay,omitempty"`
+
 	// SQLAdminAPIEndpoint is a debugging parameter that when specified will
 	// change the Google Cloud api endpoint used by the proxy.
 	//+kubebuilder:validation:Optional

internal/workload/podspec_updates.go

@@ -759,6 +759,10 @@ func (s *updateState) applyContainerSpec(p *cloudsqlapi.AuthProxyWorkload, c *co
 		*p.Spec.AuthProxyContainer.MaxSigtermDelay != 0 {
 		s.addProxyContainerEnvVar(p, "CSQL_PROXY_MAX_SIGTERM_DELAY", fmt.Sprintf("%ds", *p.Spec.AuthProxyContainer.MaxSigtermDelay))
 	}
+	if p.Spec.AuthProxyContainer.MinSigtermDelay != nil &&
+		*p.Spec.AuthProxyContainer.MinSigtermDelay != 0 {
+		s.addProxyContainerEnvVar(p, "CSQL_PROXY_MIN_SIGTERM_DELAY", fmt.Sprintf("%ds", *p.Spec.AuthProxyContainer.MinSigtermDelay))
+	}
 
 	return
 }

internal/workload/podspec_updates_test.go

@@ -669,6 +669,7 @@ func TestProxyCLIArgs(t *testing.T) {
 					},
 					MaxConnections:  ptr(int64(10)),
 					MaxSigtermDelay: ptr(int64(20)),
+					MinSigtermDelay: ptr(int64(15)),
 					Quiet:           true,
 					RefreshStrategy: "lazy",
 				},
@@ -697,6 +698,7 @@ func TestProxyCLIArgs(t *testing.T) {
 				"CSQL_PROXY_QUOTA_PROJECT":               "qp",
 				"CSQL_PROXY_MAX_CONNECTIONS":             "10",
 				"CSQL_PROXY_MAX_SIGTERM_DELAY":           "20s",
+				"CSQL_PROXY_MIN_SIGTERM_DELAY":           "15s",
 				"CSQL_PROXY_IMPERSONATE_SERVICE_ACCOUNT": "[email protected],[email protected]",
 				"CSQL_PROXY_QUIET":                       "true",
 				"CSQL_PROXY_STRUCTURED_LOGS":             "true",