This page shows you how to deploy a sample app on Google Kubernetes Engine (GKE) connected to a MySQL instance using the Google Cloud console and a client application. The resources created in this quickstart typically cost less than one dollar (USD), assuming you complete the steps, including the clean up, in a
timely manner. In the Google
Cloud console, on the project selector page, select or create a Google Cloud project. Go to project selector Make sure that billing is enabled for your Cloud project. Learn how to
check if billing is enabled on a project. In the Google Cloud console, on the project selector page, select or create a Google Cloud project. Go to project selector Make sure that billing is enabled for your Cloud project. Learn how to check if billing
is enabled on a project. Click the button below to enable the APIs required for this quickstart. Enable APIs This enables the following APIs: Click the
following button to open Cloud Shell, which provides command-line access to your Google Cloud resources directly from the browser. Cloud Shell can be used to run the gcloud commands presented throughout this quickstart. Open Cloud Shell Run the gcloud services enable command as follows using Cloud Shell to enable
the APIs required for this quickstart.: This command enables the following APIs: In the Google Cloud console, go to the Cloud SQL Instances page. Go to Cloud SQL
Instances
Click Create Instance and wait until the instance initializes and starts. Before running the
gcloud
sql instances create command as follows, replace DB_ROOT_PASSWORD with the password of your database user. Optionally, modify the values for the following parameters: Run the gcloud
sql instances create command to create a Cloud SQL instance. In the Google Cloud console, go to the Cloud SQL Instances page. Go to Cloud SQL Instances Creating an instance with a private IP address only requires configuring private services access to enable connections from other Google Cloud services, such as GKE. Before running the gcloud
sql instances create command to create an instance as follows, replace DB_ROOT_PASSWORD with the
password of your database user. Optionally, modify the values for the following parameters: Run the
gcloud
sql instances create command to create a Cloud SQL instance with a private IP address. Run the gcloud sql instances patch command to allow only SSL connections for the instance. Before you begin
Console
gcloud
Set up Cloud SQL
Create a Cloud SQL instance
Public IP
Console
Create an instance with a public IP address
gcloud
Create an instance with a public IP address
Private IP
Console
Create an instance with a private IP address and SSL enabled
gcloud
Create an instance with a private IP address and SSL enabled
Create a database
In the Google Cloud console, go to the Cloud SQL Instances page. Go to Cloud SQL Instances Run the gcloud
sql databases create command to create a database.Console
gcloud
Create a user
In the Google Cloud console, go to the Cloud SQL Instances page. Go to Cloud SQL Instances Optionally, select Restrict host by IP address or address range and enter an IP address or address range in the Host section. The user can
then connect only from the IP address or addresses specified. Before running the command as follows, replace DB_PASS with a password for your database user. Make a note of this for use in a later step of this quickstart. Run the gcloud sql users create command to
create the user. User name length limits are the same for Cloud SQL as for on-premises MySQL; 32 characters for MySQL 8.0, 16 characters for earlier versions. Console
gcloud
Create a GKE cluster
In the Google Cloud console, go to the Google Kubernetes Engine
page. Go to Google Kubernetes Engine Run the gcloud container clusters create-auto command to
create the cluster.Console
gcloud
Clone a Cloud SQL sample app into Cloud Shell Editor
With a Cloud SQL instance, a database, and a GKE cluster, you can now clone and configure a sample application to connect to your Cloud SQL instance. The remaining steps in this quickstart require using the gcloud and kubectl command-line tools. Both tools are pre-installed in Cloud Shell.
In Cloud Shell Editor, open the sample app's source code. Go
Java
Open Cloud Shell EditorNode.js
Open Cloud Shell EditorPython
Open Cloud Shell Editor
Enable the GKE cluster
Enable the GKE cluster you just created as the default cluster to be used for the remaining commands in this quickstart.
Set up a service account
Create and configure a Google Cloud service account to be used by GKE so that it has the Cloud SQL Client role with permissions to connect to Cloud SQL.
- Run the gcloud iam service-accounts create command as follows to create a new service account: gcloud iam service-accounts create gke-quickstart-service-account \ --display-name="GKE Quickstart Service Account"
- Run the gcloud projects add-iam-policy-binding command as follows to add the Cloud SQL Client role to the Google Cloud service account you just created. Replace YOUR_PROJECT_ID with the project ID. gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \ --member="serviceAccount:" \ --role="roles/cloudsql.client"
Create a Kubernetes service account configured to have access to Cloud SQL by binding it to the Google Cloud service account using Workload Identity.
- Create a Kubernetes Service Account.
- Update the service-account.yaml file in Cloud Shell Editor. Replace <YOUR-KSA-NAME> with ksa-cloud-sql.
- Run the kubectl apply command as follows in Cloud Shell: kubectl apply -f service-account.yaml
- Run the
gcloud iam service-accounts add-iam-policy-binding command as follows to enable IAM binding of the Google Cloud Service Account and the Kubernetes Service Account. Make the following replacements:
- YOUR_PROJECT_ID with the project ID.
- YOUR_K8S_NAMESPACE with default, which is the default namespace for clusters created in GKE.
- YOUR_KSA_NAME with ksa-cloud-sql.
- Run the kubectl annotate command as follows to annotate the Kubernetes Service Account with IAM binding. Make the following replacements:
- YOUR_KSA_NAME with ksa-cloud-sql.
- YOUR_PROJECT_ID with the project ID.
Configure secrets
Run the kubectl create secret generic command as follows to create Kubernetes secrets for the database, user, and user password to be used by the sample app. The values of each secret are based on the values specified in the previous steps of this quickstart. Replace DB_PASS with the password of the quickstart-user that you created in the previous Create a user quickstart step.
kubectl create secret generic gke-cloud-sql-secrets \ --from-literal=database=quickstart_db \ --from-literal=username=quickstart-user \ --from-literal=password=DB_PASSBuild the sample app
Go
Java
Node.js
Python
Deploy the sample app
Public IP
With the sample app configuration in place, you can now deploy the sample app.
The deployed sample app connects to your Cloud SQL instance using the Cloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying a workload with an additional container that shares the same Kubernetes pod as
the sample app's container. Go
Java
The deployed sample app connects to your Cloud SQL instance using the Cloud SQL Java connector.
- Get the Cloud SQL instance connection name by running the gcloud sql instances describe command: gcloud sql instances describe quickstart-instance --format='value(connectionName)'
- Update the deployment.yaml file in Cloud Shell Editor. Make the following replacements:
- <YOUR_KSA_NAME> with ksa-cloud-sql.
- <LOCATION> with us-central1.
- <YOUR_PROJECT_ID> with the project ID.
- <YOUR-DB-SECRET> with gke-cloud-sql-secrets.
- <INSTANCE_CONNECTION_NAME> with the Cloud SQL instance connection name retrieved from the gcloud command on the previous step. The format is project_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instance Overview page.
- Run the kubectl apply command as follows in Cloud Shell to deploy the sample app: kubectl apply -f deployment.yaml
- Run the kubectl apply command as follows to add a load balancer in front of the deployment, so that you can access it through the internet: kubectl apply -f service.yaml
- Run the kubectl get command as follows to get the service details: kubectl get services
- Copy the External IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service's External IP address.
Node.js
The deployed sample app connects to your Cloud SQL instance using the Cloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying a workload with an additional container that shares the same Kubernetes pod as the sample app's container.
- Get the Cloud SQL instance connection name by running the gcloud sql instances describe command: gcloud sql instances describe quickstart-instance --format='value(connectionName)'
- Update the deployment.yaml file in Cloud Shell Editor. Make the following replacements:
- <YOUR_KSA_NAME> with ksa-cloud-sql.
- <LOCATION> with us-central1.
- <YOUR_PROJECT_ID> with the project ID.
- <YOUR-DB-SECRET> with gke-cloud-sql-secrets.
- <INSTANCE_CONNECTION_NAME> with the Cloud SQL instance connection name retrieved from the gcloud command on the previous step. The format is project_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instance Overview page.
- Run the kubectl apply command as follows in Cloud Shell to deploy the sample app: kubectl apply -f deployment.yaml
- Run the kubectl apply command as follows to add a load balancer in front of the deployment, so that you can access it through the internet: kubectl apply -f service.yaml
- Run the kubectl get command as follows to get the service details: kubectl get services
- Copy the External IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service's
External IP address.
Python
The deployed sample app connects to your Cloud SQL instance using the Cloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying a workload with an additional container that shares the same Kubernetes pod as the sample app's container.
- Get the Cloud SQL instance connection name by running the gcloud sql instances describe command: gcloud sql instances describe quickstart-instance --format='value(connectionName)'
- Update the deployment.yaml file in Cloud
Shell Editor. Make the following replacements:
- <YOUR_KSA_NAME> with ksa-cloud-sql.
- <LOCATION> with us-central1.
- <YOUR_PROJECT_ID> with the project ID.
- <YOUR-DB-SECRET> with gke-cloud-sql-secrets.
- <INSTANCE_CONNECTION_NAME> with the Cloud SQL instance connection name retrieved from the gcloud command on the previous step. The format is project_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instance Overview page.
- Run the kubectl apply command as follows in Cloud Shell to deploy the sample app: kubectl apply -f deployment.yaml
- Run the kubectl apply command as follows to add a load balancer in front of the deployment, so that you can access it through the internet: kubectl apply -f service.yaml
- Run the kubectl get command as follows to get the service details: kubectl get services
- Copy the External IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service's External IP address.
Private IP
With the sample app configuration in place, you can now deploy the sample app.
The deployed sample app connects to your Cloud SQL instance using the
Cloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying a workload with an additional container that shares the same Kubernetes pod as the sample app's container. Go
Java
The deployed sample app connects to your Cloud SQL instance using the Cloud SQL Java connector.
- Get the Cloud SQL instance connection name by running the gcloud sql instances describe command: gcloud sql instances describe quickstart-instance --format='value(connectionName)'
- Update the deployment.yaml file in Cloud Shell Editor. Make the following replacements:
- <YOUR_KSA_NAME> with ksa-cloud-sql.
- <LOCATION> with us-central1.
- <YOUR_PROJECT_ID> with the project ID.
- <YOUR-DB-SECRET> with gke-cloud-sql-secrets.
- <INSTANCE_CONNECTION_NAME> with the Cloud SQL instance connection name retrieved from the gcloud command on the previous step. The format is project_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instance Overview page.
- Run the kubectl apply command as follows in Cloud Shell to deploy the sample app: kubectl apply -f deployment.yaml
- Run the kubectl apply command as follows to add a load balancer in front of the deployment, so that you can access it through the internet: kubectl apply -f service.yaml
- Run the kubectl get command as follows to get the service details: kubectl get services
- Copy the External IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service's
External IP address.
Node.js
The deployed sample app connects to your Cloud SQL instance using the Cloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying a workload with an additional container that shares the same Kubernetes pod as the sample app's container.
- Get the Cloud SQL instance connection name by running the gcloud sql instances describe command: gcloud sql instances describe quickstart-instance --format='value(connectionName)'
- Update the deployment.yaml file in Cloud Shell Editor. Make the following replacements
and edits:
- Replace <YOUR_KSA_NAME> with ksa-cloud-sql.
- Replace <LOCATION> with us-central1.
- Replace <YOUR_PROJECT_ID> with the project ID.
- Replace <YOUR-DB-SECRET> with gke-cloud-sql-secrets.
- Replace <INSTANCE_CONNECTION_NAME> with the Cloud SQL instance connection name retrieved from the gcloud command on the previous step. The format is project_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instance Overview page.
- Enable the Cloud SQL Auth proxy to connect to your Cloud SQL instance using its private IP address. Uncomment the "-ip_address_types=PRIVATE" flag by removing the # comment symbol and its trailing white space. The uncommented flag should look like this: - "-ip_address_types=PRIVATE"
- Run the kubectl apply command as follows in Cloud Shell to deploy the sample app: kubectl apply -f deployment.yaml
- Run the kubectl apply command as follows to add a load balancer in front of the deployment, so that you can access it through the internet: kubectl apply -f service.yaml
- Run the kubectl get command as follows to get the service details: kubectl get services
- Copy the External IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service's External IP address.
Python
The deployed sample app connects to your Cloud SQL instance using the Cloud SQL proxy running in a Kubernetes sidecar pattern. The sidecar pattern is accomplished by deploying a workload with an additional container that shares the same Kubernetes pod as the sample app's container.
- Get the Cloud SQL instance connection name by running the gcloud sql instances describe command: gcloud sql instances describe quickstart-instance --format='value(connectionName)'
- Update the deployment.yaml file in Cloud Shell Editor. Make the following replacements and edits:
- Replace <YOUR_KSA_NAME> with ksa-cloud-sql.
- Replace <LOCATION> with us-central1.
- Replace <YOUR_PROJECT_ID> with the project ID.
- Replace <YOUR-DB-SECRET> with gke-cloud-sql-secrets.
- Replace <INSTANCE_CONNECTION_NAME> with the Cloud SQL instance connection name retrieved from the gcloud command on the previous step. The format is project_id:region:instance_name. The instance connection name is also visible in the Cloud SQL instance Overview page.
- Enable the Cloud SQL Auth proxy to connect to your Cloud SQL instance using its private IP address. Uncomment the "-ip_address_types=PRIVATE" flag by removing the # comment symbol and its trailing white space. The uncommented flag should look like this: - "-ip_address_types=PRIVATE"
- Run the kubectl apply command as follows in Cloud Shell to deploy the sample app: kubectl apply -f deployment.yaml
- Run the kubectl apply command as follows to add a load balancer in front of the deployment, so that you can access it through the internet: kubectl apply -f service.yaml
- Run the kubectl get command as follows to get the service details: kubectl get services
- Copy the External IP address once it becomes available in the service details, which may take a few minutes.
- View the deployed sample app. Open a browser window and go to the service's External IP address.
Clean up
To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.
In the Google Cloud console, go to the Cloud SQL Instances page.
Go to Cloud SQL Instances
- Select the quickstart-instance instance to open the Instance details page.
- In the icon bar at the top of the page, click Delete.
- In the Delete instance dialog box, type quickstart-instance, and then click Delete to delete the instance.
In the Google Cloud console, go to the Google Kubernetes Engine page.
Go to Google Kubernetes Engine
- Click the checkbox next to the gke-cloud-sql-quickstart service name.
- Click the Delete button at the top of the Google Kubernetes Engine page.
Optional cleanup steps
If you're not using the Google Cloud service account you created for this quickstart, you can remove it.
In the Google Cloud console, go to the IAM page.
Go to IAM
- Select the checkbox for the IAM account named gke-quickstart-service-account.
- Click Remove and confirm the removal.
If you're not using the APIs that were enabled as part of this quickstart, you can disable them.
- APIs that were enabled within this quickstart:
- Compute Engine API
- Cloud SQL Admin API
- Google Kubernetes Engine API
- Artifact Registry API
- Cloud Build API
In the Google Cloud console, go to the APIs page.
Go to APIs
Select any API that you would like to disable and then click the Disable API button.
What's next
Based on your needs, you can learn more about creating Cloud SQL instances.You also can learn about creating MySQL users and databases for your Cloud SQL instance.
Also see the Cloud SQL pricing information.
Learn more about:
- All of the connectivity options in Cloud SQL.
- Configuring your Cloud SQL instance with a public IP address.
- Configuring your Cloud SQL instance with a private IP address.
Additionally, you can learn about connecting to a Cloud SQL instance from other Google Cloud applications:
- From an application running on App Engine standard environment
- From an application running on Compute Engine
- From an application running on GKE
- From Cloud Functions
- From Cloud Run