1
votes

I have been exploring ways to securely connect to Google Cloud SQL database. We use Google Kubernetes Engine for deployment of our Java Spring application.

So, https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine mentions of two methods to connect to cloud sql from kubernetes. We cannot use private IP method since we do not have VPC native clusters. So we choose Cloud SQL Proxy docker image as the connection medium.

Then, considering https://cloud.google.com/sql/docs/postgres/external-connection-methods, there are following options mentioned:

enter image description here

We cannot go by Public IP approach since our kubernetes pod IP address will be ever changing. We have already shortlisted Cloud SQL Proxy docker image. So we are left with JDBC Socket Library.

So, comparing Cloud SQL proxy and JDBC Socket Library:

  • Cloud SQL proxy would be a sidecar container in our kubernetes pod along with our application container. The application container will connect to 'localhost:5432' (proxy) with the cloud sql credentials. The proxy will be given the service account for accessing the cloud sql database. The proxy provides secure connection to cloud sql.
  • JDBC Socket Library also provides secure connection to cloud sql. A Maven dependency needs to added in the application, and the application just has to provide correct database connection string.

From the above comparison, JDBC Socket Library seems to be the better way since we won't be needing a sidecar container - cloud sql proxy.

Is there any advantage that the Cloud SQL Proxy would provide as compared to JDBC Socket Library in the case where the application is deployed in Google Kubernetes Engine?

1

1 Answers

2
votes

There are no advantages of the Cloud SQL proxy over the socket factory, other than the proxy can provide authentication to a wider range of applications, languages, and frameworks.

If your project is already compatible with the Cloud SQL JDBC Socket Factory, you should use it instead. It is more efficient since it can create direct connections for your application.