Add instructions for using the new health check feature

README.md

@@ -285,6 +285,15 @@ gcloud's active project: [my-project-id]"}
 
 ```
 
+#### `-use_http_health_check`
+
+Enables HTTP health checks for the proxy, including startup, liveness, and readiness probing.
+Requires that you configure the Kubernetes container with HTTP probes ([sample](https://github.com/GoogleCloudPlatform/cloudsql-proxy/tree/main/examples/k8s-health-check/proxy_with_http_health_check.yaml)).
+
+#### `-health_check_port=8090`
+
+Specifies the port that the health check server listens and serves on. Defaults to 8090.
+
 ## Running as a Kubernetes Sidecar
 
 See the [example here][sidecar-example] as well as [Connecting from Google

examples/k8s-health-check/proxy_with_http_health_check.yaml

@@ -0,0 +1,116 @@
+# You must configure probes in your deployment to use health checks in Kubernetes.
+# This sample configuration for HTTP probes is adapted from proxy_with_workload_identity.yaml.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <YOUR-DEPLOYMENT-NAME>
+spec:
+  selector:
+    matchLabels:
+      app: <YOUR-APPLICATION-NAME>
+  template:
+    metadata:
+      labels:
+        app: <YOUR-APPLICATION-NAME>
+    spec:
+      containers:
+      - name: <YOUR-APPLICATION-NAME>
+        # ... other container configuration
+        env:
+        - name: DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: <YOUR-DB-SECRET>
+              key: username
+        - name: DB_PASS
+          valueFrom:
+            secretKeyRef:
+              name: <YOUR-DB-SECRET>
+              key: password
+        - name: DB_NAME
+          valueFrom:
+            secretKeyRef:
+              name: <YOUR-DB-SECRET>
+              key: database
+      - name: cloud-sql-proxy
+        # It is recommended to use the latest version of the Cloud SQL proxy
+        # Make sure to update on a regular schedule!
+        image: gcr.io/cloudsql-docker/gce-proxy:1.17
+        command:
+          - "/cloud_sql_proxy"
+
+          # If connecting from a VPC-native GKE cluster, you can use the
+          # following flag to have the proxy connect over private IP
+          # - "-ip_address_types=PRIVATE"
+
+          # Replace DB_PORT with the port the proxy should listen on
+          # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433
+          - "-instances=<INSTANCE_CONNECTION_NAME>=tcp:<DB_PORT>"
+          # Enable HTTP health checks on the default port (8090).
+          - "-use_http_health_check"
+        # [START cloud_sql_proxy_k8s_volume_mount]
+          # This flag specifies where the service account key can be found
+          - "-credential_file=/secrets/service_account.json"
+        securityContext:
+          # The default Cloud SQL proxy image runs as the
+          # "nonroot" user and group (uid: 65532) by default.
+          runAsNonRoot: true
+        volumeMounts:
+        - name: <YOUR-SA-SECRET-VOLUME>
+          mountPath: /secrets/
+          readOnly: true
+          # [END cloud_sql_proxy_k8s_volume_mount]
+        # Resource configuration depends on an application's requirements. You
+        # should adjust the following values based on what your application
+        # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+        resources:
+          requests:
+            # The proxy's memory use scales linearly with the number of active
+            # connections. Fewer open connections will use less memory. Adjust
+            # this value based on your application's requirements.
+            memory: "2Gi"
+            # The proxy's CPU use scales linearly with the amount of IO between
+            # the database and the application. Adjust this value based on your
+            # application's requirements.
+            cpu:    "1"
+        # Recommended configurations for health check probes.
+        # Probe parameters can be adjusted to best fit the requirements of your application.
+        # For details, see https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+        livenessProbe:
+          httpGet:
+            path: /liveness
+            port: 8090
+          # Number of seconds after the container has started before the first probe is scheduled. Defaults to 0.
+          # Not necessary when the startup probe is in use.
+          initialDelaySeconds: 0
+          # Frequency of the probe. Defaults to 10.
+          periodSeconds: 10
+          # Number of seconds after which the probe times out. Defaults to 1.
+          timeoutSeconds: 5
+          # Number of times the probe is allowed to fail before the transition from healthy to failure state. 
+          # Defaults to 3.
+          failureThreshold: 1
+        readinessProbe:
+          httpGet:
+            path: /liveness
+            port: 8090
+          initialDelaySeconds: 0
+          periodSeconds: 10
+          timeoutSeconds: 5
+          # Number of times the probe must report success to transition from failure to healthy state.
+          # Defaults to 1 for readiness probe.
+          successThreshold: 1
+          failureThreshold: 1
+        startupProbe:
+          httpGet:
+            path: /startup
+            port: 8090
+          periodSeconds: 1
+          timeoutSeconds: 5
+          failureThreshold: 20
+      # [START cloud_sql_proxy_k8s_volume_secret]
+      volumes:
+      - name: <YOUR-SA-SECRET-VOLUME>
+        secret:
+          secretName: <YOUR-SA-SECRET>
+      # [END cloud_sql_proxy_k8s_volume_secret]