Tutorial: Use Google Config Connector to Manage a GCP Cloud SQL Database
Google Cloud Platform’s Config Connector exposes Google Cloud Platform resources as Kubernetes objects. In this tutorial, we will use Config Connector deployed locally on Minikube to provision and manage a Cloud SQL database instance in GCP.
Assuming you have Minikube up and running, and the Google Cloud SDK installed and configured, the very first step is to create a secret based on the GCP service account with the owner role.
The below commands creates a GCP service account and binds to the owner role.
export PROJECT= # replace this with your GCP project id
gcloud iam service-accounts create cnrm-system
gcloud projects add-iam-policy-binding ${PROJECT} \
--member serviceAccount:cnrm-system@${PROJECT}.iam.gserviceaccount.com \
--role roles/owner
Let’s download the JSON key associated with the service account to the development machine and register it as a secret in Minikube in the cnrm-system namespace.
gcloud iam service-accounts keys create --iam-account \
cnrm-system@${PROJECT}.iam.gserviceaccount.com key.json
kubectl create namespace cnrm-system
kubectl create secret generic gcp-key \ --from-file key.json \ --namespace cnrm-system
Let’s download the Config Connector YAML files to install it in Minikube. This results in a set of Custom Resource Definitions (CRD) deployed in Kubernetes.
curl -X GET -sLO \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ --location-trusted \ https://us-central1-cnrm-eap.cloudfunctions.net/download/latest/infra/install-bundle.tar.gz
tar zxvf install-bundle.tar.gz
kubectl apply -f install-bundle/
We can check all the CRDs deployed in Minikube by Config Connector.
A pod is also deployed in the cnrm-system namespace. Before we create Cloud SQL instance, let’s make sure that the Cloud SQL and Cloud SQL Admin APIs are enabled in our GCP account:
gcloud services enable sql-component.googleapis.com gcloud services enable sqladmin.googleapis.com
The Config Connector expects a Kubernetes namespace that matches GCP project id. This is a mandatory requirement that we need to follow.
kubectl create namespace ${PROJECT}
Since we want to create a Cloud SQL instance, let’s take a closer look at the CRD.
kubectl describe crd sqlinstances.sql.cnrm.cloud.google.com
The output has been snipped for brevity.
Create the below YAML file to provision a GCP Cloud SQL DB Instance based on MySQL in us-central region.
apiVersion: sql.cnrm.cloud.google.com/v1alpha3 kind: SQLInstance metadata: name: storedb-instance-001 spec: databaseVersion: MYSQL_5_7 region: us-central1 settings: tier: db-f1-micro
kubectl --namespace ${PROJECT} create -f sql-instance.yaml
This results in the creation of the Cloud SQL instance which can be verified with gcloud CLI. 
You can also access this resource from kubectl.
If you are curious, use kubectl describe command to take a closer look at the SQLInstance object.
kubectl describe sqlinstance storedb-instance-001 -n=${PROJECT}
Wait for the DB instance to become ready. You can now create a DB user to access the instance. The user definition is also submitted to the CRD as a YAML file.
apiVersion: sql.cnrm.cloud.google.com/v1alpha3 kind: SQLUser metadata: name: storedb-user spec: instanceRef: name: storedb-instance-001 host: "%" password: Password@123
kubectl --namespace ${PROJECT} create -f sql-user.yaml
If you have MySQL client installed on your local machine, you can access the Cloud SQL shell.
Finally, you can terminate the Cloud SQL instance by deleting the SQLInstance and SQLUser objects running in Minikube.
Config Connector from Google is an indication of how Kubernetes is becoming the universal control plane to manage the resource lifecycle.
Janakiram MSV’s Webinar series, “Machine Intelligence and Modern Infrastructure (MI2)” offers informative and insightful sessions covering cutting-edge technologies. Sign up for the upcoming MI2 webinar at http://mi2.live.
