Multi-Container Pod in GKE to connect to CloudSQL

Multi-Container Pod in GKE to connect to CloudSQL

On one of my MLOps days I ran into a problem where I had to guarantee the connection between GKE and Google Cloud SQL for one of our workloads to work using a Private IP.

So I had to use SQL Proxy by Google to accomplish this task.

As I didn’t want to have to use a distroless Docker image and as well as I did’ t want to have to migrate my workloads, I decided to create a sidecar via multi-container pod to open the proxy.

That way, I would just have to change the IP number to the private IP to make everything work.

If you’re interested in Multi-Container Pods this post from Paul Linchpiner provides more insights into their usage and patterns.

Requirements

  • A service account created that contains the Cloud SQL Client, Cloud SQL Editor or Cloud SQL Admin IAM roles;
  • The service account key file that can be downloaded from the IAM console;

  • I’m assuming that the VPC that you’re using in your Cloud SQL is the same that you’re using in your GKE; and

  • I’m assuming also that you’re running it on top of GKE

Walkthrough

First at all let’s create a namespace to run it. In this case it will be named test-proxy-cloud-sql:

$ kubectl create namespace test-proxy-cloud-sql

After you download your account key file (in this case it’s the cloud_sql_key.json file) you will create a secret create the secret that will contains the sevice account and link it:

$ kubectl create secret generic cloud_sql_key_secret --from-file=/cloud_sql_key.json --namespace=test-proxy-cloud-sql

You will create a file that will contain the specifications for the k8s pods. This file will be called proxy_pod_sidecar.yaml:

Create the multi-Container pod:

$ kubectl create -f proxy_pod_sidecar.yaml --namespace=test-proxy-cloud-sql

On the terminal #1 - Go to the container running the proxy (test-proxy-pod):

$ kubectl exec -it test-proxy-deploy --namespace=test-proxy-cloud-sql -c test-proxy-pod -- /bin/bash

On the terminal #2 - Go to the container running only to establish a connection (test-connection-pod):

$ kubectl exec -it test-proxy-deploy --namespace=test-proxy-cloud-sql -c test-connection-pod -- /bin/bash

You can connect inside of the proxy pod (test-proxy-pod) or in the sidecar (test-connection-pod). To connect to the databse use the follow connection string and place your password after the prompt:

$ psql -h 127.0.0.1 -p 5432 -d database -U user -W

This will establish the connection to your CloudSQL database instance.

References and further reading