feat: add debug server with pprof #1564
Conversation
README.md
Outdated
| @@ -434,6 +434,21 @@ To enable Prometheus, use the `--prometheus` flag. This will start an HTTP | |||
| server on localhost with a `/metrics` endpoint. The Prometheus namespace may | |||
| optionally be set with `--prometheus-namespace`. | |||
|
|
|||
| ## Debug server | |||
|
|
|||
| The Proxy includes support for a debug server on localhost. By default, the | |||
There was a problem hiding this comment.
The Proxy includes support for a debug server on localhost
Will this change with the http-addr flag?
There was a problem hiding this comment.
No, it won't. We purposely make it localhost only to prevent any unwanted access.
README.md
Outdated
|
|
||
| The Proxy includes support for a debug server on localhost. By default, the | ||
| debug server is not enabled. To enable the server, pass the `--debug` flag. | ||
| This will start the server on localhost at port 9191. To change the port, |
There was a problem hiding this comment.
Should we reuse the http handler for readiness checks and metrics?
There was a problem hiding this comment.
That's the key question. It also applies to the upcoming /quitquitquit endpoint. I've been thinking of pprof support and /quitquitquit as in the same category, i.e., features that could have a negative impact on the Proxy itself if exposed too broadly.
By limiting the handler to localhost only, we have a secure-by-default model, albeit it with the overhead of an extra HTTP server and an additional --debug-port flag.
There was a problem hiding this comment.
We'll change this to --admin-port.
This is a port of GoogleCloudPlatform/cloud-sql-proxy#1564.
This is a port of GoogleCloudPlatform/cloud-sql-proxy#1564.
No description provided.