Connect to Cloud SQL for PostgreSQL from Google Kubernetes Engine
This page shows you how to deploy a sample app onGoogle Kubernetes Engine (GKE)connected to a PostgreSQL instance using the Google Cloud console anda client application. The resources created in this quickstart typically cost less than onedollar (USD), assuming you complete the steps, including the clean up, in a timelymanner.
Before you begin
Note:The name you use for your project must be between 4 and 30 characters. When youtype the name, the form suggests a project ID, which you can edit. Theproject ID must be between 6 and 30 characters, with a lowercase letteras the first character. You can use a dash, lowercase letter, or digit for theremaining characters, but the last character cannot be a dash.- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.Make sure that billing is enabled for your Google Cloud project.
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.Make sure that billing is enabled for your Google Cloud project.
- Enable the Google Cloud APIs necessary to run a Cloud SQL sample app on GKE.
Console
ClickEnable APIs to enable the APIs required for this quickstart.
This enables the following APIs:
- Compute Engine API
- Cloud SQL Admin API
- Google Kubernetes Engine API
- Artifact Registry API
- Cloud Build API
gcloud
Click the following button to open Cloud Shell, which provides command-line access to your Google Cloud resources directly from the browser. Cloud Shell can be used to run the
gcloudcommands presented throughout this quickstart.Run the
gcloud services enablecommand as follows using Cloud Shell to enable the APIs required for this quickstart.:gcloudservicesenablecompute.googleapis.comsqladmin.googleapis.com\container.googleapis.comartifactregistry.googleapis.comcloudbuild.googleapis.com
This command enables the following APIs:
- Compute Engine API
- Cloud SQL Admin API
- GKE API
- Artifact Registry API
- Cloud Build API
Set up Cloud SQL
Create a Cloud SQL instance
Public IP
Console
Create an instance with a public IP address
In the Google Cloud console, go to theCloud SQL Instances page.
- ClickCreate Instance.
- ClickPostgreSQL.
- Enter
quickstart-instanceforInstance ID. - Enter a password for the postgres user. Save this password for future use.
- Click theSingle zone option forChoose region and zonal availability.
- Click and expand theShow Configurations section.
- In theMachine Type drop-down menu, selectLightweight.
ClickCreate Instance and wait until the instance initializes and starts.
gcloud
Create an instance with a public IP address
Before running thegcloud sql instances create command as follows, replaceDB_ROOT_PASSWORD with the password of your database user.
Optionally, modify the values for the following parameters:
- --database_version: The database engine type and version. If left unspecified, the API default is used. See thegcloud database versions documentation to see the currently available versions.
- --cpu: The number of cores desired in the machine.
- --memory: Whole number value indicating how much memory is desired in the machine. A size unit should be provided (for example, 3072MB or 9GB). If no units are specified, GB is assumed.
- --region: Regional location of the instance (for example asia-east1, us-east1). If left unspecified, the default
us-centralis used. See the full list ofregions.
Run thegcloud sql instances create command to create a Cloud SQL instance.
gcloudsqlinstancescreatequickstart-instance\--database-version=POSTGRES_13\--cpu=1\--memory=4GB\--region=us-central\--root-password=DB_ROOT_PASSWORD
Private IP
Console
Create an instance with a private IP address and SSL enabled
In the Google Cloud console, go to theCloud SQL Instances page.
- ClickCreate instance.
- ClickPostgreSQL.
- Enter
quickstart-instanceforInstance ID. - Enter a password for the postgres user. Save this password for future use.
- Click theSingle zone option forChoose region and zonal availability.
- Click and expandShow configuration options.
- ForMachine Type, selectLightweight.
- InConnections, selectPrivate IP.
- Selectdefault in theNetwork drop-down menu.
- If you see a dialog statingPrivate services access connection required, click theSet Up Connection button.
- In theEnable Service Networking API dialog, click theEnable API button.
- In theAllocate an IP range dialog, selectUse an automatically allocated IP range and clickContinue.
- In theCreate a connection dialog, clickCreate Connection.
- Clear thePublic IP checkbox to create an instance only with a private IP.
- ClickCreate instance and then wait for the instance to initialize and start.
- ClickConnections.
- In theSecurity section, selectAllow only SSL connections to enable SSL connections.
- In theAllow only SSL connections dialog, clickSave and then wait for the instance to restart.
gcloud
Create an instance with a private IP address and SSL enabled
Creating an instance with a private IP address only requires configuringprivate services access to enable connections from other Google Cloud services, such as GKE.
- Run the
gcloud compute addresses createcommand to allocate an IP range for a private services access connection: - Run the
gcloud services vpc-peerings connectcommand to create the private services access connection: Before running the
gcloud sql instances createcommand to create an instance as follows, replaceDB_ROOT_PASSWORD with the password of your database user.- --database_version: The database engine type and version. If left unspecified, the API default is used. Seegcloud database versions for a list of currently available versions.
- --cpu: The number of cores in the machine.
- --memory: A whole number indicating how much memory to include in the machine. A size unit can be provided (for example, 3072MB or 9GB). If no units are specified, GB is assumed.
- --region: The regional location of the instance (for example asia-east1, us-east1). If left unspecified, the default
us-central1is used. See the full list ofregions. Run the
gcloud sql instances patchcommand to allow only SSL connections for the instance.
gcloudcomputeaddressescreategoogle-managed-services-default\--global\--purpose=VPC_PEERING\--prefix-length=16\--description="peering range for Google"\--network=default
gcloudservicesvpc-peeringsconnect\--service=servicenetworking.googleapis.com\--ranges=google-managed-services-default\--network=default
Optionally, modify the values for the following parameters:
Run thegcloud sql instances create command to create a Cloud SQL instance with a private IP address.
gcloudbetasqlinstancescreatequickstart-instance\--database-version=POSTGRES_13\--cpu=1\--memory=4GB\--region=us-central\--root-password=DB_ROOT_PASSWORD\--no-assign-ip\--network=default
gcloudsqlinstancespatchquickstart-instance--require-ssl
Create a database
Console
In the Google Cloud console, go to theCloud SQL Instances page.
- Select
quickstart-instance. - From the SQL navigation menu, selectDatabases.
- ClickCreate database.
- In theDatabase name field of theNew database dialog box, enter
quickstart-db. - ClickCreate.
gcloud
Run thegcloud sql databases create command to create a database.
gcloudsqldatabasescreatequickstart-db--instance=quickstart-instanceCreate a user
Console
In the Google Cloud console, go to theCloud SQL Instances page.
- To open theOverview page of an instance, click the instance name.
- SelectUsers from the SQL navigation menu.
- ClickAdd user account.
- In theAdd a user account to instanceinstance_name page, add the following information:
- Username: Set to
quickstart-user - Password: Specify a password for your database user. Make a note of this for use in a later step of this quickstart.
- Username: Set to
- ClickAdd.
gcloud
Before running the command as follows, replaceDB_PASS with a password for your database user. Make a note of this for use in a later step of this quickstart.
Run thegcloud sql users create command to create the user.
gcloudsqluserscreatequickstart-user\--instance=quickstart-instance\--password=DB_PASS
User name length limits are the same for Cloud SQL as foron-premises PostgreSQL.
Create a GKE cluster
Console
In the Google Cloud console, go to theGoogle Kubernetes Engine page.
- ClickCreate.
- ClickConfigure for GKE Autopilot.
- ForName, specify the cluster name as
gke-cloud-sql-quickstart. - ClickCreate.
gcloud
Run thegcloud container clusters create-auto command to create the cluster.
gcloudcontainerclusterscreate-autogke-cloud-sql-quickstart\--regionus-central1Clone a Cloud SQL sample app into Cloud Shell Editor
With a Cloud SQL instance, a database, and a GKE cluster,you can now clone and configure a sample application to connect to yourCloud SQL instance. The remaining steps in this quickstart require using thegcloudandkubectlcommand-line tools. Both tools are pre-installed in Cloud Shell.
Go
- In Cloud Shell Editor, open the sample app's source code.
Open Cloud Shell Editor - In the
Open in Cloud Shelldialog, clickConfirm to download the sample app code and open the sample app directory in Cloud Shell Editor.
Java
- In Cloud Shell Editor, open the sample app's source code.
Open Cloud Shell Editor - In the
Open in Cloud Shelldialog, clickConfirm to download the sample app code and open the sample app directory in Cloud Shell Editor.
Node.js
- In Cloud Shell Editor, open the sample app's source code.
Open Cloud Shell Editor - In the
Open in Cloud Shelldialog, clickConfirm to download the sample app code and open the sample app directory in Cloud Shell Editor.
Python
- In Cloud Shell Editor, open the sample app's source code.
Open Cloud Shell Editor - In the
Open in Cloud Shelldialog, clickConfirm to download the sample app code and open the sample app directory in Cloud Shell Editor.
Enable the GKE cluster
Enable the GKE cluster you just created as the default cluster to be used for the remaining commands in this quickstart.
gcloud container clusters get-credentials command as follows to enable the GKE cluster.gcloudcontainerclustersget-credentialsgke-cloud-sql-quickstart\--regionus-central1Set up a service account
Create and configure a Google Cloud service account to be used by GKE so that it has theCloud SQL Client role with permissions to connect to Cloud SQL.
- Run the
gcloud iam service-accounts createcommand as follows to create a new service account:gcloudiamservice-accountscreategke-quickstart-service-account\--display-name="GKE Quickstart Service Account"
- Run the
gcloud projects add-iam-policy-bindingcommand as follows to add theCloud SQL Client role to the Google Cloud service account you just created. ReplaceYOUR_PROJECT_ID with the project ID.gcloudprojectsadd-iam-policy-bindingYOUR_PROJECT_ID\--member="serviceAccount:gke-quickstart-service-account@YOUR_PROJECT_ID.iam.gserviceaccount.com"\--role="roles/cloudsql.client"
- The sample app uses logging, so run the
gcloud projects add-iam-policy-bindingcommand as follows to add theLog Writer role to the Google Cloud service account you just created. ReplaceYOUR_PROJECT_ID with the project ID.gcloudprojectsadd-iam-policy-bindingYOUR_PROJECT_ID\--member="serviceAccount:gke-quickstart-service-account@YOUR_PROJECT_ID.iam.gserviceaccount.com"\--role="roles/logging.logWriter"
- The service account must be able to pull images from the artifactory repository, so run the
gcloud projects add-iam-policy-bindingcommand as follows to add theArtifact Registry Reader role to the service account. ReplaceYOUR_PROJECT_ID with the project ID.gcloudprojectsadd-iam-policy-bindingYOUR_PROJECT_ID\--member="serviceAccount:gke-quickstart-service-account@YOUR_PROJECT_ID.iam.gserviceaccount.com"\--role="roles/artifactregistry.reader"
Create a Kubernetes service account configured to have access to Cloud SQL by binding it to the Google Cloud service account usingWorkload Identity Federation for GKE.
- Create a Kubernetes Service Account.
- Update the
service-account.yamlfile in Cloud Shell Editor. Replace<YOUR-KSA-NAME>withksa-cloud-sql. - Run the
kubectl applycommand as follows in Cloud Shell:kubectlapply-fservice-account.yaml
- Update the
- Run the
gcloud iam service-accounts add-iam-policy-bindingcommand as follows to enable IAM binding of the Google Cloud Service Account and the Kubernetes Service Account. Make the following replacements:- YOUR_PROJECT_ID with the project ID.
- YOUR_K8S_NAMESPACE with
default, which is the default namespace for clusters created in GKE. - YOUR_KSA_NAME with
ksa-cloud-sql.
gcloudiamservice-accountsadd-iam-policy-binding\--role="roles/iam.workloadIdentityUser"\--member="serviceAccount:YOUR_PROJECT_ID.svc.id.goog[YOUR_K8S_NAMESPACE/YOUR_KSA_NAME]"\gke-quickstart-service-account@YOUR_PROJECT_ID.iam.gserviceaccount.com
- Run the
kubectl annotatecommand as follows to annotate the Kubernetes Service Account with IAM binding. Make the following replacements:- YOUR_KSA_NAME with
ksa-cloud-sql. - YOUR_PROJECT_ID with the project ID.
kubectlannotateserviceaccount\YOUR_KSA_NAME\iam.gke.io/gcp-service-account=gke-quickstart-service-account@YOUR_PROJECT_ID.iam.gserviceaccount.com
- YOUR_KSA_NAME with
Configure secrets
Run thekubectl create secret generic command as follows to create Kubernetes secrets for the database, user, and user password to be used by the sample app. The values of each secret are based on the values specified in the previous steps of this quickstart. ReplaceDB_PASS with the password of thequickstart-user that you created in the previousCreate a user quickstart step.
kubectlcreatesecretgenericgke-cloud-sql-secrets\--from-literal=database=quickstart-db\--from-literal=username=quickstart-user\--from-literal=password=DB_PASS
Build the sample app
Go
- Run the following
gcloud artifacts repositories createcommand in Cloud Shell to create a repository in the Artifact Registry namedgke-cloud-sql-repo in the same region as your cluster. ReplaceYOUR_PROJECT_ID with the project ID.gcloudartifactsrepositoriescreategke-cloud-sql-repo\--project=YOUR_PROJECT_ID\--repository-format=docker\--location=us-central1\--description="GKE Quickstart sample app"
- Run the
gcloud builds submitcommand as follows in Cloud Shell to build a Docker container and publish it to Artifact Registry. ReplaceYOUR_PROJECT_ID with the project ID.gcloudbuildssubmit\--tagus-central1-docker.pkg.dev/YOUR_PROJECT_ID/gke-cloud-sql-repo/gke-sql.
Java
- Run the following
gcloud artifacts repositories createcommand in Cloud Shell to create a repository in the Artifact Registry namedgke-cloud-sql-repo in the same region as your cluster. ReplaceYOUR_PROJECT_ID with the project ID.gcloudartifactsrepositoriescreategke-cloud-sql-repo\--project=YOUR_PROJECT_ID\--repository-format=docker\--location=us-central1\--description="GKE Quickstart sample app"
- Run the
mvncommand as follows in Cloud Shell to build a Docker container and publish it to Artifact Registry. ReplaceYOUR_PROJECT_ID with the project ID.mvncleanpackagecom.google.cloud.tools:jib-maven-plugin:2.8.0:build\-Dimage=us-central1-docker.pkg.dev/YOUR_PROJECT_ID/gke-cloud-sql-repo/gke-sql\-DskipTests-Djib.to.credHelper=gcloud
Node.js
- Run the following
gcloud artifacts repositories createcommand in Cloud Shell to create a repository in the Artifact Registry namedgke-cloud-sql-repo in the same region as your cluster. ReplaceYOUR_PROJECT_ID with the project ID.gcloudartifactsrepositoriescreategke-cloud-sql-repo\--project=YOUR_PROJECT_ID\--repository-format=docker\--location=us-central1\--description="GKE Quickstart sample app"
- Run the
gcloud builds submitcommand as follows in Cloud Shell to build a Docker container and publish it to Artifact Registry. ReplaceYOUR_PROJECT_ID with the project ID.gcloudbuildssubmit\--tagus-central1-docker.pkg.dev/YOUR_PROJECT_ID/gke-cloud-sql-repo/gke-sql.
Python
- Run the following
gcloud artifacts repositories createcommand in Cloud Shell to create a repository in the Artifact Registry namedgke-cloud-sql-repo in the same region as your cluster. ReplaceYOUR_PROJECT_ID with the project ID.gcloudartifactsrepositoriescreategke-cloud-sql-repo\--project=YOUR_PROJECT_ID\--repository-format=docker\--location=us-central1\--description="GKE Quickstart sample app"
- Run the
gcloud builds submitcommand as follows in Cloud Shell to build a Docker container and publish it to Artifact Registry. ReplaceYOUR_PROJECT_ID with the project ID.gcloudbuildssubmit\--tagus-central1-docker.pkg.dev/YOUR_PROJECT_ID/gke-cloud-sql-repo/gke-sql.
Deploy the sample app
Public IP
With the sample app configuration in place, you can now deploy the sample app.
Go
The deployed sample app connects to your Cloud SQL instance using theCloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying aworkload with an additional container that shares the same Kubernetes pod as the sample app's container.
- Get the Cloud SQL instance connection name by running the
gcloud sql instances describecommand:gcloudsqlinstancesdescribequickstart-instance--format='value(connectionName)'
- Update the
deployment.yamlfile in Cloud Shell Editor. Make the following replacements:<YOUR_KSA_NAME>withksa-cloud-sql.<LOCATION>withus-central1.<YOUR_PROJECT_ID>with the project ID.<YOUR-DB-SECRET>withgke-cloud-sql-secrets.<INSTANCE_CONNECTION_NAME>with the Cloud SQL instance connection name retrieved from thegcloudcommand on the previous step. The format isproject_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instanceOverview page.
apiVersion:apps/v1kind:Deploymentmetadata:name:gke-cloud-sql-quickstartspec:selector:matchLabels:app:gke-cloud-sql-apptemplate:metadata:labels:app:gke-cloud-sql-appspec:serviceAccountName:<YOUR-KSA-NAME>containers:-name:gke-cloud-sql-app#Replace<LOCATION>withyourArtifactRegistrylocation(e.g.,us-central1).#Replace<YOUR_PROJECT_ID>withyourprojectID.image:<LOCATION>-docker.pkg.dev/<YOUR_PROJECT_ID>/gke-cloud-sql-repo/gke-sql:latest#Thisapplistensonport8080forwebtrafficbydefault.ports:-containerPort:8080env:-name:PORTvalue:"8080"#Thisprojectusesenvironmentvariablestodetermine#howyouwouldliketorunyourapplication#TousetheGoConnector(recommended)-useINSTANCE_CONNECTION_NAME(proj:region:instance)#TouseTCP-SettingINSTANCE_HOSTwilluseTCP(e.g.,127.0.0.1)#TouseUnix,useINSTANCE_UNIX_SOCKET(e.g.,/cloudsql/proj:region:instance)-name:INSTANCE_HOSTvalue:"127.0.0.1"-name:DB_PORTvalue:"5432"#ForAutomaticIAMAuthenticationwiththeGoConnector#useDB_IAM_USERinsteadofDB_USER(recommended)#YoumayalsoremovetheDB_PASSenvironmentvariableif#youuseAutomaticIAMAuthentication-name:DB_USERvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:username-name:DB_PASSvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:password-name:DB_NAMEvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:database#IfyouareusingtheGoConnector(recommended),youcan#removecloud-sql-proxy(everythingbelowthisline)-name:cloud-sql-proxy#ThisusesthelatestversionoftheCloudSQLProxy#Itisrecommendedtouseaspecificversionforproductionenvironments.#See:https://github.com/GoogleCloudPlatform/cloudsql-proxyimage:gcr.io/cloud-sql-connectors/cloud-sql-proxy:latestargs:#IfconnectingfromaVPC-nativeGKEcluster,youcanusethe#followingflagtohavetheproxyconnectoverprivateIP#-"--private-ip"#IfyouarenotconnectingwithAutomaticIAM,youcandelete#thefollowingflag.-"--auto-iam-authn"#tcpshouldbesettotheporttheproxyshouldlistenon#andshouldmatchtheDB_PORTvaluesetabove.#Defaults:MySQL:3306,Postgres:5432,SQLServer:1433-"--port=5432"-"<INSTANCE_CONNECTION_NAME>"securityContext:#ThedefaultCloudSQLproxyimagerunsasthe#"nonroot"userandgroup(uid:65532)bydefault.runAsNonRoot:true - Run the
kubectl applycommand as follows in Cloud Shell to deploy the sample app:kubectlapply-fdeployment.yaml
- Run the
kubectl applycommand as follows to add a load balancer in front of the deployment, so that you can access it through the internet:kubectlapply-fservice.yaml
- Run the
kubectl getcommand as follows to get the service details:kubectlgetservices
- Copy theExternal IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service'sExternal IP address.
Java
The deployed sample app connects to your Cloud SQL instance using theCloud SQL Java connector.
- Get the Cloud SQL instance connection name by running the
gcloud sql instances describecommand:gcloudsqlinstancesdescribequickstart-instance--format='value(connectionName)'
- Update the
deployment.yamlfile in Cloud Shell Editor. Make the following replacements:<YOUR_KSA_NAME>withksa-cloud-sql.<LOCATION>withus-central1.<YOUR_PROJECT_ID>with the project ID.<YOUR-DB-SECRET>withgke-cloud-sql-secrets.<INSTANCE_CONNECTION_NAME>with the Cloud SQL instance connection name retrieved from thegcloudcommand on the previous step. The format isproject_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instanceOverview page.
apiVersion:apps/v1kind:Deploymentmetadata:name:gke-cloud-sql-quickstartspec:selector:matchLabels:app:gke-cloud-sql-apptemplate:metadata:labels:app:gke-cloud-sql-appspec:#FormoreinformationaboutusingKubernetesserviceaccountssee:#https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accountsserviceAccountName:<YOUR-KSA-NAME>#TODO(developer):replacethisvalue.containers:-name:gke-cloud-sql-app#Replace<LOCATION>withyourArtifactRegistrylocation(e.g.,us-central1).#Replace<YOUR_PROJECT_ID>withyourprojectID.image:<LOCATION>-docker.pkg.dev/<YOUR_PROJECT_ID>/gke-cloud-sql-repo/gke-sql:latest#Thisapplistensonport8080forwebtrafficbydefault.ports:-containerPort:8080env:-name:PORTvalue:"8080"-name:INSTANCE_CONNECTION_NAMEvalue:<INSTANCE_CONNECTION_NAME>-name:DB_HOSTvalue:"127.0.0.1"-name:DB_PORTvalue:"5432"-name:DB_USERvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:username-name:DB_PASSvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:password-name:DB_NAMEvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:database - Run the
kubectl applycommand as follows in Cloud Shell to deploy the sample app:kubectlapply-fdeployment.yaml
- Run the
kubectl applycommand as follows to add a load balancer in front of the deployment, so that you can access it through the internet:kubectlapply-fservice.yaml
- Run the
kubectl getcommand as follows to get the service details:kubectlgetservices
- Copy theExternal IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service'sExternal IP address.
Node.js
The deployed sample app connects to your Cloud SQL instance using theCloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying aworkload with an additional container that shares the same Kubernetes pod as the sample app's container.
- Get the Cloud SQL instance connection name by running the
gcloud sql instances describecommand:gcloudsqlinstancesdescribequickstart-instance--format='value(connectionName)'
- Update the
deployment.yamlfile in Cloud Shell Editor. Make the following replacements:<YOUR_KSA_NAME>withksa-cloud-sql.<LOCATION>withus-central1.<YOUR_PROJECT_ID>with the project ID.<YOUR-DB-SECRET>withgke-cloud-sql-secrets.<INSTANCE_CONNECTION_NAME>with the Cloud SQL instance connection name retrieved from thegcloudcommand on the previous step. The format isproject_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instanceOverview page.
apiVersion:apps/v1kind:Deploymentmetadata:name:gke-cloud-sql-quickstartspec:selector:matchLabels:app:gke-cloud-sql-apptemplate:metadata:labels:app:gke-cloud-sql-appspec:serviceAccountName:<YOUR-KSA-NAME>containers:-name:gke-cloud-sql-app#Replace<LOCATION>withyourArtifactRegistrylocation(e.g.,us-central1).#Replace<YOUR_PROJECT_ID>withyourprojectID.image:<LOCATION>-docker.pkg.dev/<YOUR_PROJECT_ID>/gke-cloud-sql-repo/gke-sql:latest#Thisapplistensonport8080forwebtrafficbydefault.ports:-containerPort:8080env:-name:PORTvalue:"8080"#Thisprojectusesenvironmentvariablestodetermine#howyouwouldliketorunyourapplication#TousetheNode.jsconnector(recommended)-useINSTANCE_CONNECTION_NAME(proj:region:instance)#TouseTCP-SettingINSTANCE_HOSTwilluseTCP(e.g.,127.0.0.1)#TouseUnix,useINSTANCE_UNIX_SOCKET(e.g.,/cloudsql/proj:region:instance)-name:INSTANCE_HOSTvalue:"127.0.0.1"-name:DB_PORTvalue:"5432"#ForAutomaticIAMAuthenticationwiththeNode.jsConnector#useDB_IAM_USERinsteadofDB_USER(recommended)#YoumayalsoremovetheDB_PASSenvironmentvariableif#youuseAutomaticIAMAuthentication-name:DB_USERvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:username-name:DB_PASSvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:password-name:DB_NAMEvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:database#IfyouareusingtheNode.jsConnector(recommended),youcan#removecloud-sql-proxy(everythingbelowthisline)-name:cloud-sql-proxy#ThisusesthelatestversionoftheCloudSQLproxy#Itisrecommendedtouseaspecificversionforproductionenvironments.#See:https://github.com/GoogleCloudPlatform/cloudsql-proxyimage:gcr.io/cloud-sql-connectors/cloud-sql-proxy:latestargs:#IfconnectingfromaVPC-nativeGKEcluster,youcanusethe#followingflagtohavetheproxyconnectoverprivateIP#-"--private-ip"#IfyouarenotconnectingwithAutomaticIAM,youcandelete#thefollowingflag.-"--auto-iam-authn"#tcpshouldbesettotheporttheproxyshouldlistenon#andshouldmatchtheDB_PORTvaluesetabove.#Defaults:MySQL:3306,Postgres:5432,SQLServer:1433-"--port=5432"-"<INSTANCE_CONNECTION_NAME>"securityContext:#ThedefaultCloudSQLproxyimagerunsasthe#"nonroot"userandgroup(uid:65532)bydefault.runAsNonRoot:true - Run the
kubectl applycommand as follows in Cloud Shell to deploy the sample app:kubectlapply-fdeployment.yaml
- Run the
kubectl applycommand as follows to add a load balancer in front of the deployment, so that you can access it through the internet:kubectlapply-fservice.yaml
- Run the
kubectl getcommand as follows to get the service details:kubectlgetservices
- Copy theExternal IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service'sExternal IP address.
Python
The deployed sample app connects to your Cloud SQL instance using theCloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying aworkload with an additional container that shares the same Kubernetes pod as the sample app's container.
- Get the Cloud SQL instance connection name by running the
gcloud sql instances describecommand:gcloudsqlinstancesdescribequickstart-instance--format='value(connectionName)'
- Update the
deployment.yamlfile in Cloud Shell Editor. Make the following replacements:<YOUR_KSA_NAME>withksa-cloud-sql.<LOCATION>withus-central1.<YOUR_PROJECT_ID>with the project ID.<YOUR-DB-SECRET>withgke-cloud-sql-secrets.<INSTANCE_CONNECTION_NAME>with the Cloud SQL instance connection name retrieved from thegcloudcommand on the previous step. The format isproject_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instanceOverview page.
apiVersion:apps/v1kind:Deploymentmetadata:name:gke-cloud-sql-quickstartspec:selector:matchLabels:app:gke-cloud-sql-apptemplate:metadata:labels:app:gke-cloud-sql-appspec:serviceAccountName: <YOUR-KSA-NAME>containers:-name:gke-cloud-sql-app# Replace <LOCATION> with your Artifact Registry location (e.g., us-central1).# Replace <YOUR_PROJECT_ID> with your project ID.image: <LOCATION>-docker.pkg.dev/<YOUR_PROJECT_ID>/gke-cloud-sql-repo/gke-sql:latest# This app listens on port 8080 for web traffic by default.ports:-containerPort:8080env:-name:PORTvalue:"8080"# This project uses environment variables to determine# how you would like to run your application# To use the Python Connector (recommended) - use INSTANCE_CONNECTION_NAME (proj:region:instance)# To use TCP - Setting INSTANCE_HOST will use TCP (e.g., 127.0.0.1)# To use Unix, use INSTANCE_UNIX_SOCKET (e.g., /cloudsql/proj:region:instance)-name:INSTANCE_HOSTvalue:"127.0.0.1"-name:DB_PORTvalue:"5432"# For Automatic IAM Authentication with the Python Connector# use DB_IAM_USER instead of DB_USER (recommended)# You may also remove the DB_PASS environment variable if# you use Automatic IAM Authentication-name:DB_USERvalueFrom:secretKeyRef:name: <YOUR-DB-SECRET>key:username-name:DB_PASSvalueFrom:secretKeyRef:name: <YOUR-DB-SECRET>key:password-name:DB_NAMEvalueFrom:secretKeyRef:name: <YOUR-DB-SECRET>key:database# If you are using the Python Connector (recommended), you can# remove cloud-sql-proxy (everything below this line)-name:cloud-sql-proxy# This uses the latest version of the Cloud SQL proxy# It is recommended to use a specific version for production environments.# See: https://github.com/GoogleCloudPlatform/cloudsql-proxyimage:gcr.io/cloud-sql-connectors/cloud-sql-proxy:latestargs:# If connecting from a VPC-native GKE cluster, you can use the# following flag to have the proxy connect over private IP# - "--private-ip"# If you are not connecting with Automatic IAM, you can delete# the following flag.-"--auto-iam-authn"# tcp should be set to the port the proxy should listen on# and should match the DB_PORT value set above.# Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433-"--port=5432"-"<INSTANCE_CONNECTION_NAME>"securityContext:# The default Cloud SQL proxy image runs as the# "nonroot" user and group (uid: 65532) by default.runAsNonRoot:true - Run the
kubectl applycommand as follows in Cloud Shell to deploy the sample app:kubectlapply-fdeployment.yaml
- Run the
kubectl applycommand as follows to add a load balancer in front of the deployment, so that you can access it through the internet:kubectlapply-fservice.yaml
- Run the
kubectl getcommand as follows to get the service details:kubectlgetservices
- Copy theExternal IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service'sExternal IP address.
Private IP
With the sample app configuration in place, you can now deploy the sample app.
Go
The deployed sample app connects to your Cloud SQL instance using theCloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying aworkload with an additional container that shares the same Kubernetes pod as the sample app's container.
- Get the Cloud SQL instance connection name by running the
gcloud sql instances describecommand:gcloudsqlinstancesdescribequickstart-instance--format='value(connectionName)'
- Update the
deployment.yamlfile in Cloud Shell Editor. Make the following replacements and edits:- Replace
<YOUR_KSA_NAME>withksa-cloud-sql. - Replace
<LOCATION>withus-central1. - Replace
<YOUR_PROJECT_ID>with the project ID. - Replace
<YOUR-DB-SECRET>withgke-cloud-sql-secrets. - Replace
<INSTANCE_CONNECTION_NAME>with the Cloud SQL instance connection name retrieved from thegcloudcommand on the previous step. The format isproject_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instanceOverview page. - Enable the Cloud SQL Auth proxy to connect to your Cloud SQL instance using its private IP address. Uncomment the
"-ip_address_types=PRIVATE"flag by removing the#comment symbol and its trailing white space. The uncommented flag should look like this:-"-ip_address_types=PRIVATE"
apiVersion:apps/v1kind:Deploymentmetadata:name:gke-cloud-sql-quickstartspec:selector:matchLabels:app:gke-cloud-sql-apptemplate:metadata:labels:app:gke-cloud-sql-appspec:serviceAccountName:<YOUR-KSA-NAME>containers:-name:gke-cloud-sql-app#Replace<LOCATION>withyourArtifactRegistrylocation(e.g.,us-central1).#Replace<YOUR_PROJECT_ID>withyourprojectID.image:<LOCATION>-docker.pkg.dev/<YOUR_PROJECT_ID>/gke-cloud-sql-repo/gke-sql:latest#Thisapplistensonport8080forwebtrafficbydefault.ports:-containerPort:8080env:-name:PORTvalue:"8080"#Thisprojectusesenvironmentvariablestodetermine#howyouwouldliketorunyourapplication#TousetheGoConnector(recommended)-useINSTANCE_CONNECTION_NAME(proj:region:instance)#TouseTCP-SettingINSTANCE_HOSTwilluseTCP(e.g.,127.0.0.1)#TouseUnix,useINSTANCE_UNIX_SOCKET(e.g.,/cloudsql/proj:region:instance)-name:INSTANCE_HOSTvalue:"127.0.0.1"-name:DB_PORTvalue:"5432"#ForAutomaticIAMAuthenticationwiththeGoConnector#useDB_IAM_USERinsteadofDB_USER(recommended)#YoumayalsoremovetheDB_PASSenvironmentvariableif#youuseAutomaticIAMAuthentication-name:DB_USERvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:username-name:DB_PASSvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:password-name:DB_NAMEvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:database#IfyouareusingtheGoConnector(recommended),youcan#removecloud-sql-proxy(everythingbelowthisline)-name:cloud-sql-proxy#ThisusesthelatestversionoftheCloudSQLProxy#Itisrecommendedtouseaspecificversionforproductionenvironments.#See:https://github.com/GoogleCloudPlatform/cloudsql-proxyimage:gcr.io/cloud-sql-connectors/cloud-sql-proxy:latestargs:#IfconnectingfromaVPC-nativeGKEcluster,youcanusethe#followingflagtohavetheproxyconnectoverprivateIP#-"--private-ip"#IfyouarenotconnectingwithAutomaticIAM,youcandelete#thefollowingflag.-"--auto-iam-authn"#tcpshouldbesettotheporttheproxyshouldlistenon#andshouldmatchtheDB_PORTvaluesetabove.#Defaults:MySQL:3306,Postgres:5432,SQLServer:1433-"--port=5432"-"<INSTANCE_CONNECTION_NAME>"securityContext:#ThedefaultCloudSQLproxyimagerunsasthe#"nonroot"userandgroup(uid:65532)bydefault.runAsNonRoot:true - Replace
- Run the
kubectl applycommand as follows in Cloud Shell to deploy the sample app:kubectlapply-fdeployment.yaml
- Run the
kubectl applycommand as follows to add a load balancer in front of the deployment, so that you can access it through the internet:kubectlapply-fservice.yaml
- Run the
kubectl getcommand as follows to get the service details:kubectlgetservices
- Copy theExternal IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service'sExternal IP address.
Java
The deployed sample app connects to your Cloud SQL instance using theCloud SQL Java connector.
- Get the Cloud SQL instance connection name by running the
gcloud sql instances describecommand:gcloudsqlinstancesdescribequickstart-instance--format='value(connectionName)'
- Update the
deployment.yamlfile in Cloud Shell Editor. Make the following replacements:<YOUR_KSA_NAME>withksa-cloud-sql.<LOCATION>withus-central1.<YOUR_PROJECT_ID>with the project ID.<YOUR-DB-SECRET>withgke-cloud-sql-secrets.<INSTANCE_CONNECTION_NAME>with the Cloud SQL instance connection name retrieved from thegcloudcommand on the previous step. The format isproject_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instanceOverview page.
apiVersion:apps/v1kind:Deploymentmetadata:name:gke-cloud-sql-quickstartspec:selector:matchLabels:app:gke-cloud-sql-apptemplate:metadata:labels:app:gke-cloud-sql-appspec:#FormoreinformationaboutusingKubernetesserviceaccountssee:#https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accountsserviceAccountName:<YOUR-KSA-NAME>#TODO(developer):replacethisvalue.containers:-name:gke-cloud-sql-app#Replace<LOCATION>withyourArtifactRegistrylocation(e.g.,us-central1).#Replace<YOUR_PROJECT_ID>withyourprojectID.image:<LOCATION>-docker.pkg.dev/<YOUR_PROJECT_ID>/gke-cloud-sql-repo/gke-sql:latest#Thisapplistensonport8080forwebtrafficbydefault.ports:-containerPort:8080env:-name:PORTvalue:"8080"-name:INSTANCE_CONNECTION_NAMEvalue:<INSTANCE_CONNECTION_NAME>-name:DB_HOSTvalue:"127.0.0.1"-name:DB_PORTvalue:"5432"-name:DB_USERvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:username-name:DB_PASSvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:password-name:DB_NAMEvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:database - Run the
kubectl applycommand as follows in Cloud Shell to deploy the sample app:kubectlapply-fdeployment.yaml
- Run the
kubectl applycommand as follows to add a load balancer in front of the deployment, so that you can access it through the internet:kubectlapply-fservice.yaml
- Run the
kubectl getcommand as follows to get the service details:kubectlgetservices
- Copy theExternal IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service'sExternal IP address.
Node.js
The deployed sample app connects to your Cloud SQL instance using theCloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying aworkload with an additional container that shares the same Kubernetes pod as the sample app's container.
- Get the Cloud SQL instance connection name by running the
gcloud sql instances describecommand:gcloudsqlinstancesdescribequickstart-instance--format='value(connectionName)'
- Update the
deployment.yamlfile in Cloud Shell Editor. Make the following replacements and edits:- Replace
<YOUR_KSA_NAME>withksa-cloud-sql. - Replace
<LOCATION>withus-central1. - Replace
<YOUR_PROJECT_ID>with the project ID. - Replace
<YOUR-DB-SECRET>withgke-cloud-sql-secrets. - Replace
<INSTANCE_CONNECTION_NAME>with the Cloud SQL instance connection name retrieved from thegcloudcommand on the previous step. The format isproject_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instanceOverview page. - Enable the Cloud SQL Auth proxy to connect to your Cloud SQL instance using its private IP address. Uncomment the
"-ip_address_types=PRIVATE"flag by removing the#comment symbol and its trailing white space. The uncommented flag should look like this:-"-ip_address_types=PRIVATE"
apiVersion:apps/v1kind:Deploymentmetadata:name:gke-cloud-sql-quickstartspec:selector:matchLabels:app:gke-cloud-sql-apptemplate:metadata:labels:app:gke-cloud-sql-appspec:serviceAccountName:<YOUR-KSA-NAME>containers:-name:gke-cloud-sql-app#Replace<LOCATION>withyourArtifactRegistrylocation(e.g.,us-central1).#Replace<YOUR_PROJECT_ID>withyourprojectID.image:<LOCATION>-docker.pkg.dev/<YOUR_PROJECT_ID>/gke-cloud-sql-repo/gke-sql:latest#Thisapplistensonport8080forwebtrafficbydefault.ports:-containerPort:8080env:-name:PORTvalue:"8080"#Thisprojectusesenvironmentvariablestodetermine#howyouwouldliketorunyourapplication#TousetheNode.jsconnector(recommended)-useINSTANCE_CONNECTION_NAME(proj:region:instance)#TouseTCP-SettingINSTANCE_HOSTwilluseTCP(e.g.,127.0.0.1)#TouseUnix,useINSTANCE_UNIX_SOCKET(e.g.,/cloudsql/proj:region:instance)-name:INSTANCE_HOSTvalue:"127.0.0.1"-name:DB_PORTvalue:"5432"#ForAutomaticIAMAuthenticationwiththeNode.jsConnector#useDB_IAM_USERinsteadofDB_USER(recommended)#YoumayalsoremovetheDB_PASSenvironmentvariableif#youuseAutomaticIAMAuthentication-name:DB_USERvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:username-name:DB_PASSvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:password-name:DB_NAMEvalueFrom:secretKeyRef:name:<YOUR-DB-SECRET>key:database#IfyouareusingtheNode.jsConnector(recommended),youcan#removecloud-sql-proxy(everythingbelowthisline)-name:cloud-sql-proxy#ThisusesthelatestversionoftheCloudSQLproxy#Itisrecommendedtouseaspecificversionforproductionenvironments.#See:https://github.com/GoogleCloudPlatform/cloudsql-proxyimage:gcr.io/cloud-sql-connectors/cloud-sql-proxy:latestargs:#IfconnectingfromaVPC-nativeGKEcluster,youcanusethe#followingflagtohavetheproxyconnectoverprivateIP#-"--private-ip"#IfyouarenotconnectingwithAutomaticIAM,youcandelete#thefollowingflag.-"--auto-iam-authn"#tcpshouldbesettotheporttheproxyshouldlistenon#andshouldmatchtheDB_PORTvaluesetabove.#Defaults:MySQL:3306,Postgres:5432,SQLServer:1433-"--port=5432"-"<INSTANCE_CONNECTION_NAME>"securityContext:#ThedefaultCloudSQLproxyimagerunsasthe#"nonroot"userandgroup(uid:65532)bydefault.runAsNonRoot:true - Replace
- Run the
kubectl applycommand as follows in Cloud Shell to deploy the sample app:kubectlapply-fdeployment.yaml
- Run the
kubectl applycommand as follows to add a load balancer in front of the deployment, so that you can access it through the internet:kubectlapply-fservice.yaml
- Run the
kubectl getcommand as follows to get the service details:kubectlgetservices
- Copy theExternal IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service'sExternal IP address.
Python
The deployed sample app connects to your Cloud SQL instance using theCloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying aworkload with an additional container that shares the same Kubernetes pod as the sample app's container.
- Get the Cloud SQL instance connection name by running the
gcloud sql instances describecommand:gcloudsqlinstancesdescribequickstart-instance--format='value(connectionName)'
- Update the
deployment.yamlfile in Cloud Shell Editor. Make the following replacements and edits:- Replace
<YOUR_KSA_NAME>withksa-cloud-sql. - Replace
<LOCATION>withus-central1. - Replace
<YOUR_PROJECT_ID>with the project ID. - Replace
<YOUR-DB-SECRET>withgke-cloud-sql-secrets. - Replace
<INSTANCE_CONNECTION_NAME>with the Cloud SQL instance connection name retrieved from thegcloudcommand on the previous step. The format isproject_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instanceOverview page. - Enable the Cloud SQL Auth proxy to connect to your Cloud SQL instance using its private IP address. Uncomment the
"-ip_address_types=PRIVATE"flag by removing the#comment symbol and its trailing white space. The uncommented flag should look like this:-"-ip_address_types=PRIVATE"
apiVersion:apps/v1kind:Deploymentmetadata:name:gke-cloud-sql-quickstartspec:selector:matchLabels:app:gke-cloud-sql-apptemplate:metadata:labels:app:gke-cloud-sql-appspec:serviceAccountName: <YOUR-KSA-NAME>containers:-name:gke-cloud-sql-app# Replace <LOCATION> with your Artifact Registry location (e.g., us-central1).# Replace <YOUR_PROJECT_ID> with your project ID.image: <LOCATION>-docker.pkg.dev/<YOUR_PROJECT_ID>/gke-cloud-sql-repo/gke-sql:latest# This app listens on port 8080 for web traffic by default.ports:-containerPort:8080env:-name:PORTvalue:"8080"# This project uses environment variables to determine# how you would like to run your application# To use the Python Connector (recommended) - use INSTANCE_CONNECTION_NAME (proj:region:instance)# To use TCP - Setting INSTANCE_HOST will use TCP (e.g., 127.0.0.1)# To use Unix, use INSTANCE_UNIX_SOCKET (e.g., /cloudsql/proj:region:instance)-name:INSTANCE_HOSTvalue:"127.0.0.1"-name:DB_PORTvalue:"5432"# For Automatic IAM Authentication with the Python Connector# use DB_IAM_USER instead of DB_USER (recommended)# You may also remove the DB_PASS environment variable if# you use Automatic IAM Authentication-name:DB_USERvalueFrom:secretKeyRef:name: <YOUR-DB-SECRET>key:username-name:DB_PASSvalueFrom:secretKeyRef:name: <YOUR-DB-SECRET>key:password-name:DB_NAMEvalueFrom:secretKeyRef:name: <YOUR-DB-SECRET>key:database# If you are using the Python Connector (recommended), you can# remove cloud-sql-proxy (everything below this line)-name:cloud-sql-proxy# This uses the latest version of the Cloud SQL proxy# It is recommended to use a specific version for production environments.# See: https://github.com/GoogleCloudPlatform/cloudsql-proxyimage:gcr.io/cloud-sql-connectors/cloud-sql-proxy:latestargs:# If connecting from a VPC-native GKE cluster, you can use the# following flag to have the proxy connect over private IP# - "--private-ip"# If you are not connecting with Automatic IAM, you can delete# the following flag.-"--auto-iam-authn"# tcp should be set to the port the proxy should listen on# and should match the DB_PORT value set above.# Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433-"--port=5432"-"<INSTANCE_CONNECTION_NAME>"securityContext:# The default Cloud SQL proxy image runs as the# "nonroot" user and group (uid: 65532) by default.runAsNonRoot:true - Replace
- Run the
kubectl applycommand as follows in Cloud Shell to deploy the sample app:kubectlapply-fdeployment.yaml
- Run the
kubectl applycommand as follows to add a load balancer in front of the deployment, so that you can access it through the internet:kubectlapply-fservice.yaml
- Run the
kubectl getcommand as follows to get the service details:kubectlgetservices
- Copy theExternal IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service'sExternal IP address.
Clean up
To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.
In the Google Cloud console, go to theCloud SQL Instances page.
- Select the
quickstart-instanceinstance to open theInstance detailspage. - In the icon bar at the top of the page, clickDelete.
- In theDelete instance dialog box, type
quickstart-instance, and thenclickDelete to delete the instance. In the Google Cloud console, go to theGoogle Kubernetes Engine page.
- Click the checkbox next to the
gke-cloud-sql-quickstartservice name. - Click theDelete button at the top of the Google Kubernetes Engine page.
Optional cleanup steps
If you're not using the Google Cloud service account you created for thisquickstart, you can remove it.
In the Google Cloud console, go to theIAM page.
- Select the checkbox for the IAM account named
gke-quickstart-service-account. - ClickRemove and confirm the removal.
If you're not using the APIs that were enabled as part of this quickstart, youcan disable them.
- APIs that were enabled within this quickstart:
- Compute Engine API
- Cloud SQL Admin API
- Google Kubernetes Engine API
- Artifact Registry API
- Cloud Build API
In the Google Cloud console, go to theAPIs page.
Select any API that you would like to disable and then click theDisable API button.
What's next
Based on your needs, you can learn more aboutcreating Cloud SQL instances.You also can learn about creatingPostgreSQL users anddatabases for your Cloud SQL instance.
Also see theCloud SQL pricing information.
Learn more about:
- All of theconnectivity options in Cloud SQL.
- Configuring your Cloud SQL instance with apublic IP address.
- Configuring your Cloud SQL instance with aprivate IP address.
Additionally, you can learn about connecting to a Cloud SQL instance fromother Google Cloud applications:
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-16 UTC.