MMS • Matt Campbell
Article originally posted on InfoQ. Visit InfoQ
Google Cloud has released a public preview of Cloud SQL Proxy Operator. The operator simplifies the process of connecting an application running in Google Kubernetes Engine with a database deployed in Cloud SQL.
Cloud SQL Proxy Operator is an alternative to the existing connection methods. Currently, there are Cloud SQL connectors for Java, Python, and Go as well as the Cloud SQL Auth Proxy. The Cloud SQL Auth Proxy Operator, according to the project README, “gives you an easy way to add a proxy container to your [K]ubernetes workloads, configured correctly for production use.”
Luke Schlangen, Developer Advocate at Google, and Jonathan Hess, Software Engineer at Google, claim Cloud SQL Auth Proxy Operator provides a significant reduction in configuration code required. They indicate that configuration can be done “in 8 lines of YAML — saving you about 40 lines of YAML configuration (or thousands for large clusters)”.
Multiple Kubernetes applications can share the same proxy. Schlangen and Hess also indicate that GCP will maintain the operator including updating it to the latest recommendations. They share that, in the GA release, the proxy will have automatic deployments when the configuration changes.
The operator introduces a custom resource AuthProxyWorkload
. This describes the Cloud SQL Auth Proxy configuration for the workload. The operator reads this resource and deploys a Cloud SQL Auth Proxy container to the workload pods. Prior to building the connection, the GKE cluster and Cloud SQL instances should be created, a service account for connecting should be set up, and Kubernetes secrets should be stored.
Configuring the operator can be done by first getting the Cloud SQL instance connection name:
gcloud sql instances describe quickstart-instance --format='value(connectionName)'
Then create a new YAML file containing the Cloud SQL Auth Proxy Operator configuration. In the example below, ""
would be replaced by the connection name returned by the command above.
apiVersion: cloudsql.cloud.google.com/v1alpha1
kind: AuthProxyWorkload
metadata:
name: authproxyworkload-sample
spec:
workloadSelector:
kind: "Deployment"
name: "gke-cloud-sql-app"
instances:
- connectionString: ""
unixSocketPathEnvName: "DB_SOCKET_PATH"
socketType: "unix"
unixSocketPath: "/csql/pg"
Finally, the proxy configuration can be applied to Kubernetes:
kubectl apply -f authproxyworkload.yaml
AWS has a similar, but more general, connector service with AWS Controllers for Kubernetes (ACK). ACK provides an interface for using other AWS services directly from Kubernetes. ACK supports both Amazon Elastic Kubernetes Service (EKS) and Amazon Relational Database Service (RDS).
GCP indicates the project will follow semantic versioning with active releases getting all new features and security fixes for at least a year. Breaking changes will cause a major version bump. Deprecated versions will continue to receive security and critical bug fixes for one year.
Cloud SQL Proxy Operator is open-source and available under the Apache-2.0 license.