GCP: SQL Connect From K8s Engine - timowang1991/kubernetes-docs GitHub Wiki

Resources



Use Workload Identity

image

  1. Enable Workload Identity: Must go through every step on this page.
  2. Go back to Use Workload Identity and complete the rest with Workload Identity steps and Cloud SQL Proxy as a sidecar steps.
  3. Use 127.0.0.1 as the host in your k8s server container that connects to the Cloud SQL Proxy.
apiVersion: apps/v1
kind: Deployment
metadata:
  name: <YOUR-DEPLOYMENT-NAME>
spec:
  selector:
    matchLabels:
      app: <YOUR-APPLICATION-NAME>
  template:
    metadata:
      labels:
        app: <YOUR-APPLICATION-NAME>
    spec:
      serviceAccountName: <YOUR-KSA-NAME>    # <---- workload identity here
      containers:
      - name: <YOUR-APPLICATION-NAME>
        # ... other container configuration
        env:
        - name: DB_HOST
          value: 127.0.0.1   # <----- use 127.0.0.1 as host
        - name: DB_USER
          valueFrom:
            secretKeyRef:
              name: <YOUR-DB-SECRET>
              key: username
        - name: DB_PASS
          valueFrom:
            secretKeyRef:
              name: <YOUR-DB-SECRET>
              key: password
⚠️ **GitHub.com Fallback** ⚠️