Use hasura with Google Cloud Run and Google Cloud SQL

4
votes

The docs describe that hasura needs the postgres connection string with the HASURA_GRAPHQL_DATABASE_URL env var.

Example:

docker run -d -p 8080:8080 \
  -e HASURA_GRAPHQL_DATABASE_URL=postgres://username:password@hostname:port/dbname \
  hasura/graphql-engine:latest

It looks like that my problem is that the server instance connection name for google cloud sql looks like PROJECT_ID:REGION:INSTANCE_ID is not TCP

From the cloud run docs (https://cloud.google.com/sql/docs/postgres/connect-run) I got this example:

postgres://<db_user>:<db_pass>@/<db_name>?unix_sock=/cloudsql/<cloud_sql_instance_name>/.s.PGSQL.5432 but it does not seem to work. Ideas?

I'm currently adding the cloud_sql_proxy as a workaround to the container so that I can connect to TCP 127.0.0.1:5432, but I'm looking for a direct connection to google-cloud-sql.

// EDIT Thanks for the comments, beta8 did mostly the trick, but I also missed the set-cloudsql-instances parameter: https://cloud.google.com/sdk/gcloud/reference/beta/run/deploy#--set-cloudsql-instances

My full cloud-run command:

gcloud beta run deploy \
    --image gcr.io/<PROJECT_ID>/graphql-server:latest \
    --region <CLOUD_RUN_REGION> \
    --platform managed \
    --set-env-vars HASURA_GRAPHQL_DATABASE_URL="postgres://<DB_USER>:<DB_PASS>@/<DB_NAME>?host=/cloudsql/<PROJECT_ID>:<CLOUD_SQL_REGION>:<INSTANCE_ID>" \
    --timeout 900 \
    --set-cloudsql-instances <PROJECT_ID>:<CLOUD_SQL_REGION>:<INSTANCE_ID>
2
postgresqlgoogle-cloud-sqlgoogle-cloud-runhasura

2 Answers

4
votes

As per v1.0.0-beta.8, which has better support for Postgres connection string parameters, I've managed to make the unix connection to work, from Cloud Run to Cloud SQL, without embedding the proxy into the container.

The connection should look something like this:

postgres://<user>:<password>@/<database>?host=/cloudsql/<instance_name>

Notice that the client will add the suffix /.s.PGSQL.5432 for you.

Make sure you added also the Cloud SQL client permission.

2
votes

If the Hasura database requires that exact connection string format, you can use it. However, you cannot use Cloud Run's Cloud SQL support. You will need to whitelist the entire Internet so that your Cloud Run instance can connect. Cloud Run does not publish a CIDR block of addresses. This method is not recommended.

The Unix Socket method is for Cloud SQL Proxy that Cloud Run supports. This is the connection method used internally to your container when Cloud Run is managing the connection to Cloud SQL. Note, for this method IP based hostnames are not supported in your client to connect to Cloud Run's Cloud SQL Proxy.

You can embed the Cloud SQL Proxy directly in your container. Then you can use 127.0.0.1 as the hostname part for the connection string. This will require that you create a shell script as your Cloud Run entrypoint to launch both the proxy and your application. Based on your scenario, I recommend this method.

The Cloud SQL Proxy is written in Go and the source code is published.

If you choose to embed the proxy, don't forget to add the Cloud SQL Client role to the Cloud Run service account.