I have the second problem: cloud sql proxy pod wrapped onto service and must provide access to database.

And I have a job which must create new database for every branch.

But when this job runs the second error appears. I cant get access to the cloudsql-proxy-service.

I cant understand why its happens. Thanks.

E psql: could not connect to server: Connection timed out

E Is the server running on host "cloudsql-proxy-service" (10.43.254.123) and accepting

E TCP/IP connections on port 5432?

apiVersion: apps/v1
kind: Deployment
metadata:
    name: cloudsql-proxy
    labels:
        type: backend
        name: app
    annotations:
        "helm.sh/created": {{ .Release.Time.Seconds | quote }}
        "helm.sh/hook": pre-install
        "helm.sh/hook-weight": "-20"
spec:
    replicas: 1
    selector:
        matchLabels:
            name: cloudsql-proxy
    template:
        metadata:
            labels:
                name: cloudsql-proxy
        spec:
            containers:
            -   name: cloudsql-proxy
                image: gcr.io/cloudsql-docker/gce-proxy:1.11
                command:
                - "/cloud_sql_proxy"
                - "-instances={{ .Values.testDatabaseInstanceConnectionName }}=tcp:5432"
                - "-credential_file=/secrets/cloudsql/credentials.json"
                securityContext:
                    runAsUser: 2  # non-root user
                    allowPrivilegeEscalation: false
                volumeMounts:
                -   name: cloudsql-instance-credentials
                    mountPath: /secrets/cloudsql
                    readOnly: true
                ports:
                  - containerPort: 5432
            volumes:
            -   name: cloudsql-instance-credentials
                secret:
                    secretName: {{ .Values.cloudSqlProxySecretName }}
---
apiVersion: v1
kind: Service
metadata:
  name: cloudsql-proxy-service
  labels:
    type: backend
    name: app
  annotations:
      "helm.sh/created": {{ .Release.Time.Seconds | quote }}
      "helm.sh/hook": pre-install
      "helm.sh/hook-weight": "-20"
spec:
  selector:
      name: cloudsql-proxy
  ports:
      - port: 5432


apiVersion: batch/v1
kind: Job
metadata:
    name: create-test-database
    labels:
        type: backend
        name: app
    annotations:
        "helm.sh/created": {{ .Release.Time.Seconds | quote }}
        "helm.sh/hook": pre-install
        "helm.sh/hook-weight": "-10"
spec:
    template:
        metadata:
          name: create-test-database
        spec:
            containers:
            -   name: postgres-client
                image: kalumkalac/postgresql-client
                env:
                    -   name: PGUSER
                        value: {{ .Values.testDatabaseCredentials.username }}
                    -   name: PGPASSWORD
                        value: {{ .Values.testDatabaseCredentials.password }}
                    -   name: PGDATABASE
                        value: {{ .Values.testDatabaseCredentials.defaultDatabaseName }}
                    -   name: PGHOST
                        value: cloudsql-proxy-service
                command:
                    - psql
                    - -q
                    - -c CREATE DATABASE {{ .Values.testDatabaseCredentials.name|quote }}
            restartPolicy: Never
    backoffLimit: 0 # Deny retry job