Connect using the Cloud SQL Proxy Operator

MySQL  |  PostgreSQL  |  SQL Server

This page describes how to connect to your Cloud SQL instance using theCloud SQL Proxy Operator. For more information about how the Cloud SQL Proxy Operator works, seeAbout the Cloud SQL Proxy Operator.

Overview

The Cloud SQL Proxy Operator configures applications deployed on Google Kubernetes Engine(GKE) to connect to Cloud SQL database instancesusing the Cloud SQL Auth Proxy. Using theCloud SQL Auth Proxy is the recommendedmethod for connecting to a Cloud SQL instance. To learn more aboutthe Cloud SQL Auth Proxy, seeAbout the Cloud SQL Auth Proxy.

Applications running inGKE can connect using the Cloud SQL Auth Proxy.

Before you begin

Before you can connect to a Cloud SQL instance, do the following:

  1. For a user or service account, make sure the account has the Cloud SQL Client role. This role contains thecloudsql.instances.connect permission, which authorizes a principal to connect to all Cloud SQL instances in a project.

    Go to the IAM page

    You can optionally include anIAM condition in the IAM policy binding that grants the account permission to connect only to one specific Cloud SQL instance.

  2. Enable the Cloud SQL Admin API.

    Enable the API

  3. Install and initialize thegcloud CLI.

Install the Cloud SQL Proxy Operator

Use the following steps to install the Cloud SQL Proxy Operator.

  1. Confirm thatkubectl can connect to your GKE cluster.
    kubectlcluster-info
     For more information about connecting Google Kubernetes Engine to Cloud SQL, seeConnect from Google Kubernetes Engine.
  2. Installcert-manager using helm. You will need to use the version and cli arguments specified here to usecert-manager on your GKE cluster.
    helmrepoaddjetstackhttps://charts.jetstack.iohelmrepoupdatehelminstall\cert-managerjetstack/cert-manager\--namespacecert-manager\--version"v1.9.1"\--create-namespace\--setglobal.leaderElection.namespace=cert-manager\--setinstallCRDs=true
  3. Install the Cloud SQL Proxy Operator to your kubernetes cluster:
    kubectlapply-fhttps://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator/v1.6.1/cloud-sql-proxy-operator.yaml
  4. Wait for the Cloud SQL Proxy Operator to start.
    kubectlrolloutstatusdeployment-ncloud-sql-proxy-operator-systemcloud-sql-proxy-operator-controller-manager--timeout=90s
  5. Confirm that the Cloud SQL Proxy Operator is installed and running:
    kubectlgetpods-ncloud-sql-proxy-operator-system

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-07-14 UTC.