Google Cloud SQL

In the Google Cloud environment we access our Cloud SQL databases via the Cloud SQL provider.

For this to work correctly we need to:

Setup the Cloud SQL proxy
Create a service account

Cloud SQL proxy

Our example infrastructure will create configuration for the two databases. To deploy your own base them off these examples:

Terraform Cloud SQL module - creates the needed databases
Sidecar config - the output sidecar setup

Service Account

To allow the pod to gain access to the database we make use of Google Service Accounts. A service account in Google is created with the correct access permissions. This is mapped to a service account on the pod. This allowing the Kubernetes pod obtain the rights to access the database.

Google Service Account creation
Helm config for service account

SQL proxy operation

With the sidecar correct configured it performs all connections to the database. Our apps communicate within the pod on localhost to port 5432. Thus our apps actually have no direct access to the database at all.

Our use of cookies

Cloud SQL proxy​

Service Account​

SQL proxy operation​

Cloud SQL proxy

Service Account

SQL proxy operation