Google Cloud Platform’s Config Connector exposes Google Cloud Platform resources as Kubernetes objects. In this tutorial, we will use Config Connector deployed locally on Minikube to provision and manage a Cloud SQL database instance in GCP.
Assuming you have Minikube up and running, and the Google Cloud SDK installed and configured, the very first step is to create a secret based on the GCP service account with the owner role.
The below commands creates a GCP service account and binds to the owner role.
1 | export PROJECT= # replace this with your GCP project id |
1 | gcloud iam service–accounts create cnrm–system |
1 2 3 4 5 | gcloud projects add–iam–policy–binding ${PROJECT} —member serviceAccount:cnrm–system@${PROJECT}.iam.gserviceaccount.com —role roles/owner |
Let’s download the JSON key associated with the service account to the development machine and register it as a secret in Minikube in the cnrm-system namespace.
1 2 3 | gcloud iam service–accounts keys create —iam–account cnrm–system@${PROJECT}.iam.gserviceaccount.com key.json |
1 | kubectl create namespace cnrm–system |
1 2 3 4 5 | kubectl create secret generic gcp–key —from–file key.json —namespace cnrm–system |
Let’s download the Config Connector YAML files to install it in Minikube. This results in a set of Custom Resource Definitions (CRD) deployed in Kubernetes.
1 2 3 4 5 6 7 | curl –X GET –sLO –H “Authorization: Bearer $(gcloud auth print-access-token)” —location–trusted https://us-central1-cnrm-eap.cloudfunctions.net/download/latest/infra/install-bundle.tar.gz |
1 | tar zxvf install–bundle.tar.gz |
1 | kubectl apply –f install–bundle/ |
We can check all the CRDs deployed in Minikube by Config Connector.
A pod is also deployed in the cnrm-system namespace. Before we create Cloud SQL instance, let’s make sure that the Cloud SQL and Cloud SQL Admin APIs are enabled in our GCP account:
1 2 3 | gcloud services enable sql–component.googleapis.com gcloud services enable sqladmin.googleapis.com |
The Config Connector expects a Kubernetes namespace that matches GCP project id. This is a mandatory requirement that we need to follow.
1 | kubectl create namespace ${PROJECT} |
Since we want to create a Cloud SQL instance, let’s take a closer look at the CRD.
1 | kubectl describe crd sqlinstances.sql.cnrm.cloud.google.com |
The output has been snipped for brevity.
Create the below YAML file to provision a GCP Cloud SQL DB Instance based on MySQL in us-central region.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | apiVersion: sql.cnrm.cloud.google.com/v1alpha3 kind: SQLInstance metadata: name: storedb–instance–001 spec: databaseVersion: MYSQL_5_7 region: us–central1 settings: tier: db–f1–micro |
1 | kubectl —namespace ${PROJECT} create –f sql–instance.yaml |
This results in the creation of the Cloud SQL instance which can be verified with gcloud CLI. 
You can also access this resource from kubectl.
If you are curious, use kubectl describe command to take a closer look at the SQLInstance object.
1 | kubectl describe sqlinstance storedb–instance–001 –n=${PROJECT} |
Wait for the DB instance to become ready. You can now create a DB user to access the instance. The user definition is also submitted to the CRD as a YAML file.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | apiVersion: sql.cnrm.cloud.google.com/v1alpha3 kind: SQLUser metadata: name: storedb–user spec: instanceRef: name: storedb–instance–001 host: “%” password: Password@123 |
1 | kubectl —namespace ${PROJECT} create –f sql–user.yaml |
If you have MySQL client installed on your local machine, you can access the Cloud SQL shell.
Finally, you can terminate the Cloud SQL instance by deleting the SQLInstance and SQLUser objects running in Minikube.
Config Connector from Google is an indication of how Kubernetes is becoming the universal control plane to manage the resource lifecycle.
Janakiram MSV’s Webinar series, “Machine Intelligence and Modern Infrastructure (MI2)” offers informative and insightful sessions covering cutting-edge technologies. Sign up for the upcoming MI2 webinar at http://mi2.live.
