Using Cloud SQL and SQL Auth Proxy

1. Using Cloud SQL and SQL Auth Proxy

Cloud SQL is a fully managed database service that simplifies the process of setting up, maintaining, and scaling relational databases. Available for MySQL, PostgreSQL, and Microsoft SQL Server, Cloud SQL is designed to hand off mundane, but necessary and often time-consuming, tasks to Google—like applying patches and updates, managing backups, and configuring replications—so your focus can be on building great applications. And then there is the Cloud SQL Auth Proxy, which is a tool designed to streamline and secure connections to your Cloud SQL database instances. It acts as a middleman between your application and your database, eliminating the need to manage complex network configurations or expose your database directly to the internet. In-transit traffic is automatically encrypted, and authentication is handled with SQL. All Pods that compose your application can reliably access the database, even if they're dynamic. In GKE, Cloud SQL Auth Proxy is set up as a “sidecar” container in the same Pod that contains your application. Your application can communicate with the Cloud SQL Auth Proxy container using the localhost network address. To complete this setup, you'll first need to enable the necessary API. This includes Cloud SQL API, and sqladmin API. Next, create an IAM service account. And third, use Workload Identity to link the IAM service account to a Kubernetes service account. Be sure to use Secrets to securely provide credentials to your Pods.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.

This exercise is part of the course

Architecting with Google Kubernetes Engine: Production

IntermediateSkill Level

5.0+

Start Course for Free

In this introduction, you'll explore the course goals and preview each section.

Exercise 1: Production Course introduction

In this section of the course, you'll learn about Kubernetes security, focusing on authentication and authorization. You'll explore Kubernetes Role-Based Access Control (RBAC) and its integration with IAM to secure GKE clusters. You'll also learn how to configure Workload Identity, secure GKE with Pod Security Standards and Pod Security Admission, and implement RBAC within your GKE environment.

Exercise 1: Introduction Exercise 2: Authentication and authorization Exercise 3: Kubernetes role-based access control Exercise 4: Workload Identity Exercise 5: Kubernetes control plane security Exercise 6: Pod security Exercise 7: PodSecurityAdmission Exercise 8: Quiz Question 1 Exercise 9: Quiz Question 2 Exercise 10: Quiz Question 3 Exercise 11: Quiz Question 4

In this section of the course, you'll learn how to monitor and log your Kubernetes applications using Google Cloud's observability tools. You'll configure Google Cloud Observability to monitor the availability and performance of your applications and gain hands-on experience inspecting logs using both the kubectl command and the Google Cloud Observability tools. You'll then learn how to configure GKE-native monitoring and logging, allowing you to proactively identify and troubleshoot issues within your Kubernetes clusters.

Exercise 1: Introduction Exercise 2: Google Cloud Observability Exercise 3: Cloud Logging Exercise 4: Cloud Monitoring Exercise 5: Inspecting logs with the kubectl command Exercise 6: Inspecting logs with Cloud Logging and Logging Agents Exercise 7: StackdriverMonitoringAndLogging16 Exercise 8: Quiz Question 1 Exercise 9: Quiz Question 2 Exercise 10: Quiz Question 3 Exercise 11: Quiz Question 4

In this section of the course, you'll explore the storage and database options available for your Kubernetes applications on Google Cloud. You'll compare managed and self-managed storage, learn about Cloud Storage for Kubernetes, and get an overview of Google Cloud's managed database services. You'll then learn how to securely connect to Cloud SQL from your GKE clusters and gain hands-on experience integrating Cloud SQL with Google Kubernetes Engine.

Exercise 1: Introduction Exercise 2: Using Google Cloud Services Exercise 3: Using Cloud Storage Exercise 4: Using Google Cloud Databases Exercise 5: Using Cloud SQL and SQL Auth Proxy

Current Exercise

Exercise 6: Comparing storage options Exercise 7: GKE and Cloud SQL Exercise 8: Quiz Question 1 Exercise 9: Quiz Question 2 Exercise 10: Quiz Question 3 Exercise 11: Quiz Question 4

In this section of the course, you'll discover the benefits of Continuous Integration and Continuous Delivery (CI/CD) for streamlining your development and deployment workflows. You'll learn what CI/CD is, why it's important, and how it can optimize application releases. You'll explore CI/CD tools supported by Google Cloud and learn Google's best practices for building CI/CD pipelines on Google Kubernetes Engine.

Exercise 1: Introduction Exercise 2: What is CI/CD?Exercise 3: Constructing a CI/CD pipeline Exercise 4: CI/CD tools available in Google Cloud Exercise 5: Best practices for using CI/CD on Google Cloud Exercise 6: CICD with cloud deploy Exercise 7: Quiz Question 1 Exercise 8: Quiz Question 2 Exercise 9: Quiz Question 3 Exercise 10: Quiz Question 4

The course closes with a summary of the key points covered in each section.

Exercise 1: Course summary

Student PDF links to all modules

Exercise 1: Course Resources