Reputation: 165
GCP CloudSQL, IAM and Hasura
I'm rolling out Hasura on GKE, and I need for it to connect to CloudSQL via IAM.
While most of the tutorials online describe the use of k8s secrets for usernames and passwords, I would like for Hasura to connect via IAM. That means no passwords.
What's the best way to craft the HASURA_GRAPHQL_DATABASE_URL to make that happen?
Upvotes: 2
Views: 286
Answers (2)
Reputation: 165
So in the end it was postgres' paramspec to the rescue. By crafting the connection string as follows for the HASURA_GRAPHQL_DATABASE_URL:
postgres://localhost:5432/[email protected]
I was able connect successfully, with workload-identity and a sidecar with cloudsql-proxy as @kurtisvg suggested
Upvotes: 0
Reputation: 3565
I'd suggest using automatic IAM database authentication, using the Cloud SQL Auth proxy. You can follow the Connect from GKE instructions, and just modify the sidecar command to use the -enable_iam_login instead of a secret for the password.
Upvotes: 3
Related Questions
- How to create GCP Cloud SQL IAM Users
- Connection between Private GKE and Cloud SQL
- How to Connect to Cloud SQL Through Kubernetes
- GCP: IAM and BigQuery
- Spring boot Cloud SQL with Kubernetes engine GKE Google Cloud
- how can i access cloud sql from google kubernetes engine
- Which service account to use to connect from GKE to cloud SQL?
- GKE pod connectivity to Cloud SQL
- Use hasura with Google Cloud Run and Google Cloud SQL
- GKE Using multiple clusters with one CloudSQL instance