Member-only story
TCP load balancing with Cloud SQL-Proxy MIGS to connect Private Cloud SQL
Cloud sql proxy provides secure access to your instances without the need for Authorized networks or for configuring SSL. It provides secure connectivity and easier connection management. In this blog post , we are going to see how we can configure TCP load balancer with managed compute instances running cloud sql proxy as a service to connect the private cloud sql instance.
The reasons to go for cloud sql proxy MIGS are given below,
- An on-prem application wants to establish connection to the private cloud sql in GCP via Hybrid connection ( VPN or Interconnects )
- The instance running cloud-sql-proxy should withstand a zonal compute failure / outage.
- Need to have single static ip address to connect from on-prem but still provide zonal high availability to connect the private cloud sql instance.
The entire network communication will happen over the private network address space, with none of the systems exposed to the internet via public ips.
Below are the steps to be take to configure this setup.
Step 1:
Verify the Hybrid connection between On-Prem and GCP. You should be able to reach the instances deployed in the VPC of your cloud project from your on-prem systems. Make sure the required ip segments are advertised appropriately. ( Dynamic routing using cloud routers is preferred )
Step 2:
Configure an instance with cloud sql proxy.
You need to create a service account with the below roles and download the JSON key.
Cloud SQL AdminCloud SQL ClientCloud SQL Editor
Create a storage bucket and upload the key to the storage bucket. Make sure it is not public and the required ACLs are set as per your organization standards.
Also upload the below script file to the storage bucket. Edit the bucket name and the connection string as per the details of your project resources.
This script file will do the following,
- Create a key directory to store the json key file under /var/sa-key
