Connecting Google Kubernetes Engine to Cloud SQL using the Auth Proxy Operator
Google Kubernetes Engine (GKE) is a simple way to automatically deploy, scale, and manage Kubernetes. Cloud SQL is a fully managed relational database service for MySQL, PostgreSQL, and SQL Server. Developers often deploy their applications to GKE and store their data in Cloud SQL, so connecting GKE to Cloud SQL is typically one of the first big steps in deploying a full stack application. The Kubernetes operator simplifies that process.
How to connect from GKE to Cloud SQL
Generally, the easiest way to connect to Cloud SQL is with a language-specific Cloud SQL connector. There are Cloud SQL connectors for Java, Python, and Go — with more to come in the future. If your application is written in one of those languages, Google recommend starting with a connector. Otherwise, the Cloud SQL Auth proxy is likely the right choice for your applications running on Google Kubernetes Engine. If you’re willing to join us on the leading edge, the Kubernetes operator is now in Public Preview.
Switching to the Cloud SQL Auth Proxy Kubernetes Operator
The Cloud SQL Proxy Operator is currently in Public Preview. Here are a few exciting benefits for those ready to make the switch:
- Configure a Cloud SQL Auth Proxy in 8 lines of YAML — saving you about 40 lines of YAML configuration (or thousands for large clusters)
- Simple configuration of a single Cloud SQL Proxy specific resource — allowing multiple Kubernetes applications to share the same proxy
- Best practices by default — we maintain the operator and update it to the latest recommendations
- Automatic deployment when the proxy configuration changes (coming in the GA release)
Here’s an example of what configuration might look like before the operator. Note how much simpler and more elegant the new operator makes deployment.
apiVersion: v1
kind: Deployment
spec:
template:
spec:
containers:
- name: cloud-sql-proxy
args:
- --http-port=9801
- --http-address=0.0.0.0
- --health-check
- --structured-logs
- my-project:us-central1:one?unix-socket=/csql/pg
env:
- name: DB_SOCKET_PATH
value: /csql/pg
image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.0.0-preview.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /liveness
port: 9801
scheme: HTTP
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 1
↓ 40 more lines of YAML ↓
And here is what the configuration looks like for the same project after adding the operator:
apiVersion: cloudsql.cloud.google.com/v1alpha1
kind: AuthProxyWorkload
metadata:
name: authproxyworkload-sample
spec:
workloadSelector:
kind: "Deployment"
name: "gke-cloud-sql-app"
instances:
- connectionString: "my-project:us-central1:one"
unixSocketPathEnvName: "DB_SOCKET_PATH"
socketType: "unix"
unixSocketPath: "/csql/pg"
We want your feedback
While the Cloud SQL Proxy Kubernetes operator is in Public Preview, Google Cloud want to hear what could make it even better for you. Google are working on this project in our public GitHub Repository. You can find the code, quickstart, and contribution guidelines there. Google love to accept your patches and contributions to this project. Google hoping with all of the typing Google save you on YAML, you might have enough time to create issues or make a pull request. Then someday, Google can give your fingers the much-needed vacation they deserve.