From 9a4d0c503176f2ce68eed38732a678f3d62c1142 Mon Sep 17 00:00:00 2001 From: jackwotherspoon Date: Fri, 21 Jul 2023 17:23:38 +0000 Subject: [PATCH 1/2] feat(cloud-sql): update GKE Cloud SQL sample to use v2 proxy --- cloud-sql/mysql/mysql/deployment.yaml | 15 ++++++++------ cloud-sql/postgres/knex/deployment.yaml | 25 ++++++++++++++++------- cloud-sql/sqlserver/mssql/deployment.yaml | 11 +++++----- 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/cloud-sql/mysql/mysql/deployment.yaml b/cloud-sql/mysql/mysql/deployment.yaml index 2c046b0d02..b39cff0020 100644 --- a/cloud-sql/mysql/mysql/deployment.yaml +++ b/cloud-sql/mysql/mysql/deployment.yaml @@ -61,18 +61,21 @@ spec: # This uses the latest version of the Cloud SQL proxy # It is recommended to use a specific version for production environments. # See: https://github.com/GoogleCloudPlatform/cloudsql-proxy - image: gcr.io/cloudsql-docker/gce-proxy:latest - command: - - "/cloud_sql_proxy" - + image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest + args: # If connecting from a VPC-native GKE cluster, you can use the # following flag to have the proxy connect over private IP - # - "-ip_address_types=PRIVATE" + # - "--private-ip" + + # If you are not connecting with Automatic IAM, you can delete + # the following flag. + - "--auto-iam-authn" # tcp should be set to the port the proxy should listen on # and should match the DB_PORT value set above. # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433 - - "-instances==tcp:3306" + - "--port=3306" + - "" securityContext: # The default Cloud SQL proxy image runs as the # "nonroot" user and group (uid: 65532) by default. diff --git a/cloud-sql/postgres/knex/deployment.yaml b/cloud-sql/postgres/knex/deployment.yaml index 56142a66b8..972d167e70 100644 --- a/cloud-sql/postgres/knex/deployment.yaml +++ b/cloud-sql/postgres/knex/deployment.yaml @@ -38,10 +38,18 @@ spec: env: - name: PORT value: "8080" + # This project uses environment variables to determine + # how you would like to run your application + # To use the Node.js connector (recommended) - use INSTANCE_CONNECTION_NAME (proj:region:instance) + # To use TCP - Setting INSTANCE_HOST will use TCP (e.g., 127.0.0.1) + # To use Unix, use INSTANCE_UNIX_SOCKET (e.g., /cloudsql/proj:region:instance) - name: INSTANCE_HOST value: "127.0.0.1" - name: DB_PORT - value: "5432" + value: "5432" + # To use Automatic IAM Authentication (recommended) + # use DB_IAM_USER instead of DB_USER + # you may also remove the DB_PASS environment variable - name: DB_USER valueFrom: secretKeyRef: @@ -61,18 +69,21 @@ spec: # This uses the latest version of the Cloud SQL proxy # It is recommended to use a specific version for production environments. # See: https://github.com/GoogleCloudPlatform/cloudsql-proxy - image: gcr.io/cloudsql-docker/gce-proxy:latest - command: - - "/cloud_sql_proxy" - + image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest + args: # If connecting from a VPC-native GKE cluster, you can use the # following flag to have the proxy connect over private IP - # - "-ip_address_types=PRIVATE" + # - "--private-ip" + + # If you are not connecting with Automatic IAM, you can delete + # the following flag. + - "--auto-iam-authn" # tcp should be set to the port the proxy should listen on # and should match the DB_PORT value set above. # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433 - - "-instances==tcp:5432" + - "--port=5432" + - "" securityContext: # The default Cloud SQL proxy image runs as the # "nonroot" user and group (uid: 65532) by default. diff --git a/cloud-sql/sqlserver/mssql/deployment.yaml b/cloud-sql/sqlserver/mssql/deployment.yaml index 5a0116ef9a..02a0154993 100644 --- a/cloud-sql/sqlserver/mssql/deployment.yaml +++ b/cloud-sql/sqlserver/mssql/deployment.yaml @@ -61,18 +61,17 @@ spec: # This uses the latest version of the Cloud SQL proxy # It is recommended to use a specific version for production environments. # See: https://github.com/GoogleCloudPlatform/cloudsql-proxy - image: gcr.io/cloudsql-docker/gce-proxy:latest - command: - - "/cloud_sql_proxy" - + image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest + args: # If connecting from a VPC-native GKE cluster, you can use the # following flag to have the proxy connect over private IP - # - "-ip_address_types=PRIVATE" + # - "--private-ip" # tcp should be set to the port the proxy should listen on # and should match the DB_PORT value set above. # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433 - - "-instances==tcp:1433" + - "--port=1433" + - "" securityContext: # The default Cloud SQL proxy image runs as the # "nonroot" user and group (uid: 65532) by default. From b00a67ed72d99e848cab62064cc77b38ca747266 Mon Sep 17 00:00:00 2001 From: jackwotherspoon Date: Thu, 27 Jul 2023 16:37:56 +0000 Subject: [PATCH 2/2] chore: update comments --- cloud-sql/postgres/knex/deployment.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/cloud-sql/postgres/knex/deployment.yaml b/cloud-sql/postgres/knex/deployment.yaml index 972d167e70..dbc6ea6977 100644 --- a/cloud-sql/postgres/knex/deployment.yaml +++ b/cloud-sql/postgres/knex/deployment.yaml @@ -47,9 +47,10 @@ spec: value: "127.0.0.1" - name: DB_PORT value: "5432" - # To use Automatic IAM Authentication (recommended) - # use DB_IAM_USER instead of DB_USER - # you may also remove the DB_PASS environment variable + # For Automatic IAM Authentication with the Node.js Connector + # use DB_IAM_USER instead of DB_USER (recommended) + # You may also remove the DB_PASS environment variable if + # you use Automatic IAM Authentication - name: DB_USER valueFrom: secretKeyRef: @@ -65,6 +66,8 @@ spec: secretKeyRef: name: key: database + # If you are using the Node.js Connector (recommended), you can + # remove cloud-sql-proxy (everything below this line) - name: cloud-sql-proxy # This uses the latest version of the Cloud SQL proxy # It is recommended to use a specific version for production environments.