I have been exploring ways to securely connect to Google Cloud SQL database. We use Google Kubernetes Engine for deployment of our Java Spring application.
So, https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine mentions of two methods to connect to cloud sql from kubernetes. We cannot use private IP method since we do not have VPC native clusters. So we choose Cloud SQL Proxy docker image as the connection medium.
Then, considering https://cloud.google.com/sql/docs/postgres/external-connection-methods, there are following options mentioned:
We cannot go by Public IP approach since our kubernetes pod IP address will be ever changing. We have already shortlisted Cloud SQL Proxy docker image. So we are left with JDBC Socket Library.
So, comparing Cloud SQL proxy and JDBC Socket Library:
- Cloud SQL proxy would be a sidecar container in our kubernetes pod along with our application container. The application container will connect to 'localhost:5432' (proxy) with the cloud sql credentials. The proxy will be given the service account for accessing the cloud sql database. The proxy provides secure connection to cloud sql.
- JDBC Socket Library also provides secure connection to cloud sql. A Maven dependency needs to added in the application, and the application just has to provide correct database connection string.
From the above comparison, JDBC Socket Library seems to be the better way since we won't be needing a sidecar container - cloud sql proxy.
Is there any advantage that the Cloud SQL Proxy would provide as compared to JDBC Socket Library in the case where the application is deployed in Google Kubernetes Engine?
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/2fa64237-801f-4864-acd2-754705127ca8%40googlegroups.com.
No comments:
Post a Comment