Command

1. Tạo service account key và tải về Cloud Shell:

# Tạo service account key mới
gcloud iam service-accounts keys create key.json \\\\
    --iam-account=YOUR-SERVICE-ACCOUNT@YOUR-PROJECT.iam.gserviceaccount.com

# Key sẽ tự động tải về Cloud Shell

1. Tạo secret từ file key.json trong Cloud Shell:

kubectl create secret generic cloud-sql-creds \\\\
    --from-file=service_account.json=key.json

vd

gcloud iam service-accounts keys create key.json \\
    --iam-account=cloud-sql-proxy@deep-freehold-437008-j5.iam.gserviceaccount.com

1. Tạo file deployment.yaml:

nano deployment.yaml

1. Copy nội dung sau vào deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: your-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: your-app
  template:
    metadata:
      labels:
        app: your-app
    spec:
      containers:
      - name: app
        image: nginx:latest
        env:
        - name: DB_HOST
          value: "127.0.0.1"
        - name: DB_PORT
          value: "5432"
       
      - name: cloud-sql-proxy
        image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest
        command:
          - "/cloud_sql_proxy"
          - "-instances=deep-freehold-437008-j5:us-central1:my-first-cloud-sql-database=tcp:5432"
          - "-credential_file=/secrets/service_account.json"
        securityContext:
          runAsNonRoot: true
        volumeMounts:
        - name: cloud-sql-creds
          mountPath: /secrets/
          readOnly: true

      volumes:
      - name: cloud-sql-creds
        secret:
          secretName: cloud-sql-creds

1. Lấy connection name của Cloud SQL instance:

gcloud sql instances describe YOUR-INSTANCE-NAME --format='value(connectionName)'

vd:

gcloud sql instances describe my-first-cloud-sql-database --format='value(connectionName)'

trả về:

deep-freehold-437008-j5:us-central1:my-first-cloud-sql-database

1. Update deployment.yaml với connection name thực tế và apply:

kubectl apply -f deployment.yaml