Google Cloud SQL
In the Google Cloud environment we access our Cloud SQL databases via the Cloud SQL provider.
For this to work correctly we need to:
- Setup the Cloud SQL proxy
- Create a service account
Cloud SQL proxy
Our example infrastructure will create configuration for the two databases. To deploy your own base them off these examples:
- Terraform Cloud SQL module - creates the needed databases
- Sidecar config - the output sidecar setup
Service Account
To allow the pod to gain access to the database we make use of Google Service Accounts. A service account in Google is created with the correct access permissions. This is mapped to a service account on the pod. This allowing the Kubernetes pod obtain the rights to access the database.
SQL proxy operation
With the sidecar correct configured it performs all connections to the database. Our apps communicate within the pod on localhost to port 5432. Thus our apps actually have no direct access to the database at all.