Multi-Container Pod in GKE to connect to CloudSQL
2022 Nov 01Multi-Container Pod in GKE to connect to CloudSQL
On one of my MLOps days I ran into a problem where I had to guarantee the connection between GKE and Google Cloud SQL for one of our workloads to work using a Private IP.
So I had to use SQL Proxy by Google to accomplish this task.
As I didn’t want to have to use a distroless Docker image and as well as I did’ t want to have to migrate my workloads, I decided to create a sidecar via multi-container pod to open the proxy.
That way, I would just have to change the IP number to the private IP to make everything work.
If you’re interested in Multi-Container Pods this post from Paul Linchpiner provides more insights into their usage and patterns.
Requirements
- A service account created that contains the
Cloud SQL Client,Cloud SQL EditororCloud SQL AdminIAM roles; -
The service account key file that can be downloaded from the IAM console;
-
I’m assuming that the VPC that you’re using in your Cloud SQL is the same that you’re using in your GKE; and
- I’m assuming also that you’re running it on top of GKE
Walkthrough
First at all let’s create a namespace to run it. In this case it will be named test-proxy-cloud-sql:
$ kubectl create namespace test-proxy-cloud-sql
After you download your account key file (in this case it’s the cloud_sql_key.json file)
you will create a secret create the secret that will contains the sevice account and link it:
$ kubectl create secret generic cloud_sql_key_secret --from-file=/cloud_sql_key.json --namespace=test-proxy-cloud-sql
You will create a file that will contain the specifications for the k8s pods. This file will be called proxy_pod_sidecar.yaml:
Create the multi-Container pod:
$ kubectl create -f proxy_pod_sidecar.yaml --namespace=test-proxy-cloud-sql
On the terminal #1 - Go to the container running the proxy (test-proxy-pod):
$ kubectl exec -it test-proxy-deploy --namespace=test-proxy-cloud-sql -c test-proxy-pod -- /bin/bash
On the terminal #2 - Go to the container running only to establish a connection (test-connection-pod):
$ kubectl exec -it test-proxy-deploy --namespace=test-proxy-cloud-sql -c test-connection-pod -- /bin/bash
You can connect inside of the proxy pod (test-proxy-pod) or in the sidecar (test-connection-pod). To connect to the databse use the follow connection string and place your password after the prompt:
$ psql -h 127.0.0.1 -p 5432 -d database -U user -W
This will establish the connection to your CloudSQL database instance.