### Start Proxy with Admin Server Enabled Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_shutdown.md To use the shutdown command, the proxy must first be started with the admin server enabled. This example shows how to start the proxy with the --quitquitquit flag, which enables the admin server. ```bash ./cloud-sql-proxy --quitquitquit ``` -------------------------------- ### Install Cloud SQL Proxy from Source Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Installs the latest version of the Cloud SQL Proxy from source using Go. Ensure you have Go installed. The proxy will be placed in your Go bin directory. ```shell go install github.com/GoogleCloudPlatform/cloud-sql-proxy/v2@latest ``` -------------------------------- ### Cloud SQL Proxy Configuration File Example (Multiple Instances) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Example TOML configuration file for multiple instance connection names using indexed keys. ```toml instance-connection-name-0 = "my-project:us-central1:my-db-server" instance-connection-name-1 = "my-other-project:us-central1:my-other-server" ``` -------------------------------- ### Cloud SQL Proxy Configuration File Example (Other Settings) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Example TOML configuration file demonstrating other settings like debug logging and max connections. ```toml auto-iam-authn = true debug = true max-connections = 5 ``` -------------------------------- ### Start Cloud SQL Proxy with Multiple Instances Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Starts the Cloud SQL Proxy to handle connections for multiple Cloud SQL instances simultaneously. ```shell ./cloud-sql-proxy ``` -------------------------------- ### Start Cloud SQL Proxy Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Starts the Cloud SQL Proxy listening on localhost with the default database engine port. This is the basic command to initiate the proxy. ```shell ./cloud-sql-proxy ``` -------------------------------- ### Start Cloud SQL Proxy with Custom Port Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Start the proxy and specify a custom port for the listener. This is useful when running multiple instances of the same database engine. ```bash ./cloud-sql-proxy --port=3000 my-project:us-central1:my-db-server ``` -------------------------------- ### Cloud SQL Proxy Configuration File Example (TOML) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Example TOML configuration file for the Cloud SQL Proxy, specifying instance connection name and auto IAM authentication. ```toml instance-connection-name = "my-project:us-central1:my-server-instance" auto-iam-authn = true ``` -------------------------------- ### Example Verification of Cloud SQL Proxy Binary Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md This example demonstrates the successful verification of the v2.1.0 Linux AMD64 Proxy binary using its SHA256 sum. ```shell $ echo "547b24faf0dfe5e3d16bbc9f751dfa6b34dfd5e83f618f43a2988283de5208f2 *cloud-sql-proxy" | shasum -c cloud-sql-proxy: OK ``` -------------------------------- ### Start Cloud SQL Proxy with Custom Address Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Start the proxy and specify a custom network interface address for the listener. By default, listeners use localhost. ```bash ./cloud-sql-proxy --address=0.0.0.0 my-project:us-central1:my-db-server ``` -------------------------------- ### Start Cloud SQL Proxy for a Single Instance Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Start the proxy for a given instance connection name. The proxy will automatically determine the database engine and listen on the default port for that engine on localhost. ```bash ./cloud-sql-proxy my-project:us-central1:my-db-server ``` -------------------------------- ### Enable Prometheus Metrics Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Start an HTTP server on localhost with a /metrics endpoint to expose Prometheus metrics. The namespace can be configured. ```bash cloud-sql-proxy --prometheus --prometheus-namespace= ``` -------------------------------- ### Install Bash Completions for Linux Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_bash.md To enable bash completions for all new sessions on Linux, redirect the output of the completion command to a file in the /etc/bash_completion.d/ directory. ```bash cloud-sql-proxy completion bash > /etc/bash_completion.d/cloud-sql-proxy ``` -------------------------------- ### Download Cloud SQL Proxy for Windows (x64) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Downloads the Cloud SQL Proxy executable for Windows x64. Ensure you have curl installed. ```shell # see Releases for other versions curl https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.22.1/cloud-sql-proxy.x64.exe -o cloud-sql-proxy.exe ``` -------------------------------- ### Cloud SQL Proxy Configuration via Environment Variables Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Configure the proxy using environment variables prefixed with CSQL_PROXY. This example enables automatic IAM authentication. ```bash CSQL_PROXY_AUTO_IAM_AUTHN=true \ ./cloud-sql-proxy my-project:us-central1:my-db-server ``` -------------------------------- ### Enable Private IP Connection Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Starts the Cloud SQL Proxy to connect to the instance's private IP address. Requires a network path to the instance. ```shell ./cloud-sql-proxy --private-ip ``` -------------------------------- ### Download Cloud SQL Proxy for Linux (386) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Downloads the Cloud SQL Proxy binary for Linux with 386 architecture. Ensure you have curl installed. The binary is made executable after download. ```shell # see Releases for other versions URL="https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.22.1" curl "$URL/cloud-sql-proxy.linux.386" -o cloud-sql-proxy chmod +x cloud-sql-proxy ``` -------------------------------- ### Download Cloud SQL Proxy for Linux (arm64) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Downloads the Cloud SQL Proxy binary for Linux with arm64 architecture. Ensure you have curl installed. The binary is made executable after download. ```shell # see Releases for other versions URL="https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.22.1" curl "$URL/cloud-sql-proxy.linux.arm64" -o cloud-sql-proxy chmod +x cloud-sql-proxy ``` -------------------------------- ### Download Cloud SQL Proxy for Windows (x86) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Downloads the Cloud SQL Proxy executable for Windows x86. Ensure you have curl installed. ```shell # see Releases for other versions curl https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.22.1/cloud-sql-proxy.x86.exe -o cloud-sql-proxy.exe ``` -------------------------------- ### Get Instance Connection Name Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Use the gcloud command to retrieve the connection name for your Cloud SQL instance. This name is required to start the proxy. ```bash gcloud sql instances describe INSTANCE --format='value(connectionName)' ``` -------------------------------- ### Download Cloud SQL Proxy for Linux (arm) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Downloads the Cloud SQL Proxy binary for Linux with arm architecture. Ensure you have curl installed. The binary is made executable after download. ```shell # see Releases for other versions URL="https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.22.1" curl "$URL/cloud-sql-proxy.linux.arm" -o cloud-sql-proxy chmod +x cloud-sql-proxy ``` -------------------------------- ### Example TOML Configuration for Cloud SQL Proxy Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md This TOML configuration demonstrates how to set instance connection names, enable IAM authentication, and enable debug logging for the Cloud SQL Proxy. Multiple instances can be specified using 'instance-connection-name-0', 'instance-connection-name-1', etc. ```toml # use instance-connection-name-0, instance-connection-name-1, etc. # for multiple instances instance-connection-name = "proj:region:inst" auto-iam-authn = true debug = true debug-logs = true ``` -------------------------------- ### Configure Incremental Ports for Multiple Instances Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Starts listeners for multiple instances with ports incrementing from the specified base port. Ensures unique ports for each instance. ```shell ./cloud-sql-proxy --port 6000 ``` -------------------------------- ### Download Cloud SQL Proxy for Linux (amd64) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Downloads the Cloud SQL Proxy binary for Linux with amd64 architecture. Ensure you have curl installed. The binary is made executable after download. ```shell # see Releases for other versions URL="https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.22.1" curl "$URL/cloud-sql-proxy.linux.amd64" -o cloud-sql-proxy chmod +x cloud-sql-proxy ``` -------------------------------- ### Enable Admin Server for Graceful Shutdown Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Pass the `--quitquitquit` flag to enable the admin server on localhost:9091, which adds a /quitquitquit endpoint for graceful shutdown via GET or POST requests. ```shell cloud-sql-proxy --quitquitquit ``` -------------------------------- ### Install Bash Completions for macOS Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_bash.md To enable bash completions for all new sessions on macOS using Homebrew, redirect the output of the completion command to a file in the appropriate Homebrew directory. ```bash cloud-sql-proxy completion bash > $(brew --prefix)/etc/bash_completion.d/cloud-sql-proxy ``` -------------------------------- ### Download Cloud SQL Proxy for Mac (Intel) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Downloads the Cloud SQL Proxy binary for macOS on Intel (amd64) architecture. Ensure you have curl installed. The binary is made executable after download. ```shell # see Releases for other versions URL="https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.22.1" curl "$URL/cloud-sql-proxy.darwin.amd64" -o cloud-sql-proxy chmod +x cloud-sql-proxy ``` -------------------------------- ### Listen on Multiple TCP Sockets with Incrementing Ports: v1 vs v2 Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/migration-guide.md For multiple instances, v2 can automatically increment ports starting from a specified base port. ```shell # v1 ./cloud_sql_proxy -instances==tcp:5000,=tcp:5001 ``` ```shell # v2 # starts listener on port 5000, increments for additional listeners ./cloud-sql-proxy --port 5000 ``` -------------------------------- ### Download Cloud SQL Proxy for Mac (Apple Silicon) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Downloads the Cloud SQL Proxy binary for macOS on Apple Silicon (arm64) architecture. Ensure you have curl installed. The binary is made executable after download. ```shell # see Releases for other versions URL="https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.22.1" curl "$URL/cloud-sql-proxy.darwin.arm64" -o cloud-sql-proxy chmod +x cloud-sql-proxy ``` -------------------------------- ### Shut Down the Proxy Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_shutdown.md This command signals a running proxy process to shut down gracefully. Ensure the proxy was started with the admin server enabled. ```bash ./cloud-sql-proxy shutdown ``` -------------------------------- ### Wait with Custom HTTP Address and Port Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_wait.md When the Cloud SQL Proxy is started with custom HTTP addresses and ports for its health check, the wait command must be configured to use the same values to correctly check the startup endpoint. ```bash ./cloud-sql-proxy wait \ --http-address 0.0.0.0 \ --http-port 9191 ``` -------------------------------- ### Enable Health Checks Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Enable the --health-check flag to start an HTTP server on localhost for monitoring the proxy's status. Use --http-address and --http-port to configure the server's address and port. ```bash ./cloud-sql-proxy --health-check my-project:us-central1:my-db-server ``` -------------------------------- ### Configure Windows Unix Domain Socket Path Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md On Windows, colons in Unix domain socket paths are replaced with periods. This example shows how to configure a Unix domain socket path on Windows. ```shell # Starts a Unix domain socket at the path: # C:\cloudsql\myproject.my-region.mysql ./cloud-sql-proxy --unix-socket C:\cloudsql myproject:my-region:mysql ``` -------------------------------- ### Generate Fish Autocompletion Script Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_fish.md Use this command to generate the autocompletion script for the fish shell. You can pipe the output to source for immediate use or redirect it to a file for permanent installation. ```bash cloud-sql-proxy completion fish | source ``` ```bash cloud-sql-proxy completion fish > ~/.config/fish/completions/cloud-sql-proxy.fish ``` -------------------------------- ### Display Cloud SQL Proxy Help Information Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Run the --help flag to view all available command-line options for the Cloud SQL Proxy. ```shell ./cloud-sql-proxy --help ``` -------------------------------- ### Run Connection Test on Startup Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Execute this command to test the proxy's connectivity to the specified Cloud SQL instance upon startup. The proxy will exit with a non-zero status code if the instance is unreachable, aiding in quick debugging. ```shell ./cloud-sql-proxy --run-connection-test ``` -------------------------------- ### Enable Admin Server with Debug Profiling Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Pass the `--debug` flag to enable the admin server on localhost:9091, which includes Go's profiler at /debug/pprof/. ```shell cloud-sql-proxy --debug ``` -------------------------------- ### Listen on All Interfaces: v1 vs v2 Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/migration-guide.md To listen on all interfaces, specify the address and port in v2 using `--address` and `--port` flags. ```shell # v1 ./cloud_sql_proxy -instances==tcp:0.0.0.0:6000 ``` ```shell # v2 ./cloud-sql-proxy --address 0.0.0.0 --port 6000 ``` -------------------------------- ### Generate Bash Completion Script Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_bash.md This command generates the autocompletion script for the bash shell. It is typically used in conjunction with redirection to install the script. ```bash cloud-sql-proxy completion bash ``` -------------------------------- ### Listen on TCP Socket: v1 vs v2 Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/migration-guide.md Migrate TCP socket listening commands. v2 simplifies this by automatically selecting the database's default port if not specified. ```shell # v1 ./cloud_sql_proxy -instances==tcp:5432 ``` ```shell # v2 # Using automatic database port selection (MySQL 3306, Postgres 5432, SQL Server 1433) ./cloud-sql-proxy ``` -------------------------------- ### Run Cloud SQL Proxy with Docker and a Credentials File Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Launch the Cloud SQL Proxy in Docker, mounting a local service account JSON file as a volume and specifying its path for authentication. This method requires careful handling of file permissions. ```shell docker run \ --publish : \ --mount type=bind,source="$(pwd)"/sa.json,target=/config/sa.json \ gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest \ --address 0.0.0.0 \ --port \ --credentials-file /config/sa.json ``` -------------------------------- ### Load Proxy Configuration from File Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Use this command to load proxy configuration from a TOML, JSON, or YAML file. The configuration file can specify various proxy settings, including instance connection names and authentication methods. ```shell ./cloud-sql-proxy --config-file /path/to/config.[toml|json|yaml] ``` -------------------------------- ### Annotate Kubernetes Service Account for Workload Identity Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-sidecar/README.md Annotates a Kubernetes Service Account to link it with a Google Service Account, completing the Workload Identity setup. ```sh kubectl annotate serviceaccount \ \ iam.gke.io/gcp-service-account=@.iam.gserviceaccount.com ``` -------------------------------- ### Wait for Proxy Startup Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_wait.md Waits for another Cloud SQL Proxy process's startup endpoint to respond. This command assumes the other proxy is running with HTTP health check or Prometheus enabled. ```bash ./cloud-sql-proxy wait ``` -------------------------------- ### Configure Instance-Level Settings with Query String Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Override configuration settings like address and port for a specific instance by appending a query string to its connection name. Ensure the entire string is quoted. ```bash ./cloud-sql-proxy \ my-project:us-central1:my-db-server \ 'my-project:us-central1:my-other-server?address=0.0.0.0&port=7000' ``` -------------------------------- ### Configure Database Connection Environment Variables Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-service/README.md Sets up environment variables within the application container for connecting to the database. This includes database credentials, host, port, and the path to the CA certificate. ```yaml env: - name: DB_HOST value: ".default.svc.cluster.local" # using the "default" namespace - name: DB_USER valueFrom: secretKeyRef: name: key: username - name: DB_PASS valueFrom: secretKeyRef: name: key: password - name: DB_NAME valueFrom: secretKeyRef: name: key: database - name: DB_PORT value: "5432" - name: CA_CERT value: "/etc/ca/cert.pem" ``` -------------------------------- ### Configure Per-Instance Listening Addresses Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Sets specific listening addresses for individual instances using the 'address' query parameter. Enables flexible network binding for each instance. ```shell ./cloud-sql-proxy \ 'myproject:my-region:postgres?address=0.0.0.0' \ 'myproject:my-region:mysql?address=10.0.0.1' ``` -------------------------------- ### Enable Cloud SQL Proxy Admin Server with Debug Logging Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Enable the localhost admin server on port 9091 by passing the --debug flag. This also enables Go's profiler at /debug/pprof/. ```bash ./cloud-sql-proxy --debug ``` -------------------------------- ### Enable Cloud Monitoring and Cloud Trace Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Enable telemetry for Cloud Monitoring and Cloud Trace by specifying a project. Metrics prefix can also be configured. ```bash cloud-sql-proxy --telemetry-project= --telemetry-prefix= ``` -------------------------------- ### Enable Cloud SQL Proxy Admin Server for Graceful Shutdown Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Enable the localhost admin server on port 9091 by passing the --quitquitquit flag. This adds a /quitquitquit endpoint for graceful exit. ```bash ./cloud-sql-proxy --quitquitquit ``` -------------------------------- ### Environment Variable Configuration: v1 vs v2 Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/migration-guide.md v2 significantly expands environment variable support, allowing all flags, including instance connection names and authentication settings, to be configured via environment variables. ```shell # v1 export INSTANCES="=tcp:3306,=tcp:5432" ./cloud_sql_proxy ``` ```shell # v2 export CSQL_PROXY_INSTANCE_CONNECTION_NAME_0="?port=3306" export CSQL_PROXY_INSTANCE_CONNECTION_NAME_1="?port=5432" export CSQL_PROXY_AUTO_IAM_AUTHN=true ./cloud-sql-proxy ``` -------------------------------- ### Configure Per-Instance Ports Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Sets specific ports for individual instances using the 'port' query parameter. Allows fine-grained control over port assignments. ```shell ./cloud-sql-proxy \ 'myproject:my-region:postgres?port=5000' \ 'myproject:my-region:mysql?port=6000' ``` -------------------------------- ### Generate CA Private Key and Certificate Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-service/README.md Initializes the certificate authority by generating a private key and a CA certificate using CFSSL. ```shell cfssl genkey -initca ca_csr.json | cfssljson -bare ca ``` -------------------------------- ### Cloud SQL Proxy Configuration via File Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Invoke the proxy using a configuration file specified with the --config-file flag. The file can be in TOML, YAML, or JSON format. ```bash ./cloud-sql-proxy --config-file=config.toml ``` -------------------------------- ### Build Container Image Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/multi-container/ruby/README.md Builds a Docker container image for the main application using Google Cloud Build. Replace with your actual Google Cloud project ID. ```bash gcloud builds submit --tag gcr.io//run-cloudsql ``` -------------------------------- ### Configure Unix Socket Path for an Instance Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Specify a custom Unix socket path for an instance using the 'unix-socket-path' query parameter. The parent directory must exist. For Postgres, the socket name will be appended. ```bash ./cloud-sql-proxy \ 'my-project:us-central1:my-db-server?unix-socket-path=/path/to/socket' ``` -------------------------------- ### Listen on Unix Socket: v1 vs v2 Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/migration-guide.md Adapt Unix socket commands for v2. The directory is now specified with the `--unix-socket` flag. ```shell # v1 ./cloud_sql_proxy -dir /cloudsql -instances= ``` ```shell # v2 ./cloud-sql-proxy --unix-socket /cloudsql ``` -------------------------------- ### Kubernetes Readiness Probe for Database Failover Drills Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-health-check/README.md Configure a readiness probe to terminate the pod after 3 minutes of consecutive failures, suitable for scenarios like database failover drills where a prolonged connection loss is critical. ```yaml readinessProbe: httpGet: path: /readiness port: 9801 initialDelaySeconds: 30 # 30 sec period x 6 failures = 3 min until the pod is terminated periodSeconds: 30 failureThreshold: 6 timeoutSeconds: 10 successThreshold: 1 ``` -------------------------------- ### Cloud SQL Proxy with Multiple Instance Connection Names via Environment Variables Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Configure multiple instance connection names using indexed environment variables CSQL_PROXY_INSTANCE_CONNECTION_NAME_N. ```bash CSQL_PROXY_INSTANCE_CONNECTION_NAME_0=my-project:us-central1:my-db-server \ CSQL_PROXY_INSTANCE_CONNECTION_NAME_1=my-other-project:us-central1:my-other-server \ ./cloud-sql-proxy ``` -------------------------------- ### Configure Per-Instance Unix Domain Sockets Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Configure Unix domain sockets on a per-instance basis using the `unix-socket` query parameter. This allows for simultaneous TCP listeners and Unix domain sockets for different instances. ```shell # Starts a TCP listener on localhost:5432 for "postgres" # and creates a Unix domain socket for "mysql": # /cloudsql/myproject:myregion:mysql ./cloud-sql-proxy \ myproject:my-region:postgres \ 'myproject:my-region:mysql?unix-socket=/cloudsql' ``` -------------------------------- ### Listen on Multiple TCP Sockets with Non-Sequential Ports: v1 vs v2 Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/migration-guide.md Specify custom, non-sequential ports for multiple instances in v2 using the `?port=` query parameter. ```shell # v1 ./cloud_sql_proxy -instances==tcp:6000,=tcp:7000 ``` ```shell # v2 ./cloud-sql-proxy '?port=6000' '?port=7000' ``` -------------------------------- ### Cloud SQL Proxy Wait Command Synopsis Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_wait.md The general syntax for the cloud-sql-proxy wait command, including available flags. ```bash cloud-sql-proxy wait [flags] ``` -------------------------------- ### Cloud SQL Proxy with Impersonation Delegation Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Configure the proxy to use a chain of service accounts for impersonation. The first service account is the target, and subsequent accounts are delegates. ```bash ./cloud-sql-proxy \ --impersonate-service-account=SERVICE_ACCOUNT_1,SERVICE_ACCOUNT_2,SERVICE_ACCOUNT_3 my-project:us-central1:my-db-server ``` -------------------------------- ### Verify Cloud SQL Proxy Binary SHA256 Sum Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md After downloading a binary, use this command to verify its integrity against the release page SHA. Ensure the asterisk is placed correctly before the filename. ```shell echo ' *' | shasum -c ``` -------------------------------- ### Configure Cloud SQL Proxy with Environment Variables Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Set environment variables to configure the Cloud SQL Proxy. The prefix is CSQL_PROXY, followed by the uppercase flag name with underscores. ```shell CSQL_PROXY_AUTO_IAM_AUTHN=true \ ./cloud-sql-proxy ``` -------------------------------- ### Cloud SQL Proxy Basic Usage Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Basic invocation of the cloud-sql-proxy command with an instance connection name. ```bash cloud-sql-proxy INSTANCE_CONNECTION_NAME... ``` -------------------------------- ### Configure Unix Domain Socket Directory Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Use this command to create a Unix domain socket in a specified directory. The socket path will be dynamically generated based on the instance connection name. ```shell # Uses the directory "/mycooldir" to create a Unix socket # For example, the following directory would be created: # /mycooldir/myproject:myregion:myinstance ./cloud-sql-proxy --unix-socket /mycooldir ``` -------------------------------- ### Cloud SQL Auth Proxy with Service Account Key Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-sidecar/README.md This snippet demonstrates how to configure the Cloud SQL Auth Proxy to use a service account key. It shows the necessary arguments for the credentials file path and volume mounts for the secret. ```yaml # This flag specifies where the service account key can be found - "--credentials-file=/secrets/service_account.json" securityContext: # The default Cloud SQL Auth Proxy image runs as the # "nonroot" user and group (uid: 65532) by default. runAsNonRoot: true volumeMounts: - name: mountPath: /secrets/ readOnly: true ``` -------------------------------- ### Cloud SQL Proxy with Single Instance Connection Name via Environment Variable Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Specify a single instance connection name using the CSQL_PROXY_INSTANCE_CONNECTION_NAME environment variable. ```bash CSQL_PROXY_INSTANCE_CONNECTION_NAME=my-project:us-central1:my-db-server \ ./cloud-sql-proxy ``` -------------------------------- ### Configure Proxy with DNS Domain Name Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Use this command to configure the Cloud SQL Auth Proxy to connect to an instance using its DNS domain name instead of a direct instance connection name. Ensure the DNS records are correctly set up beforehand. ```sh ./cloud-sql-proxy prod-db.mycompany.example.com ``` -------------------------------- ### Enable Cloud SQL Proxy Debug Logging Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Enable debug logging for internal certificate refresh operations by using the --debug-logs flag. ```bash ./cloud-sql-proxy --debug-logs ``` -------------------------------- ### Knative Service Configuration with Sidecar Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/multi-container/ruby/README.md Defines a Knative Service for Google Cloud Run, deploying a Ruby application container alongside the Cloud SQL Auth Proxy as an init container. Ensure all placeholder values like , , , , and are replaced with your specific configuration. ```yaml apiVersion: serving.knative.dev/v1 kind: Service metadata: annotations: run.googleapis.com/launch-stage: ALPHA name: multicontainer-service spec: template: metadata: annotations: run.googleapis.com/execution-environment: gen1 #or gen2 spec: containers: - name: my-app image: gcr.io//run-cloudsql ports: - containerPort: 8080 env: - name: DB_USER value: - name: DB_PASS value: - name: DB_NAME value: - name: INSTANCE_HOST value: "127.0.0.1" - name: DB_PORT value: "5432" initContainers: - name: cloud-sql-proxy restartPolicy: Always image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest args: # Ensure the port number on the --port argument matches the value of # the DB_PORT env var on the my-app container. - "--port=5432" - "" ``` -------------------------------- ### Create Service Account Key File Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-sidecar/README.md Generates a JSON key file for a Google Service Account using gcloud. This key can be used by the Cloud SQL Auth Proxy. ```sh gcloud iam service-accounts keys create ~/key.json \ --iam-account @project-id.iam.gserviceaccount.com ``` -------------------------------- ### Kubernetes Readiness Probe for Application Restart on Connection Pool Leak Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-health-check/README.md Configure a readiness probe for an application container to automatically restart the pod if it consumes 50 database connections for more than 1 minute, addressing potential connection pool leaks. ```yaml containers: - name: my-application image: gcr.io/my-container/my-application:1.1 initContainers: - name: cloud-sql-proxy restartPolicy: Always image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.22.1 args: # Set the --max-connections flag to 50 - "--max-connections" - "50" - "--port=" - "" # ... readinessProbe: httpGet: path: /readiness port: 9801 initialDelaySeconds: 10 # 5 sec period x 12 failures = 60 sec until the pod is terminated periodSeconds: 5 failureThreshold: 12 timeoutSeconds: 5 successThreshold: 1 ``` -------------------------------- ### Cloud SQL Auth Proxy Sidecar Configuration Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-service/README.md Configure the Cloud SQL Auth proxy as an init container in the Kubernetes deployment. Ensure the correct image version and arguments, including the port and instance connection name, are used. ```yaml initContainers: - name: cloud-sql-proxy restartPolicy: Always image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.22.1 # make sure to use the latest version args: # Replace DB_PORT with the port the proxy should listen on - "--port=" - "" securityContext: runAsNonRoot: true ``` -------------------------------- ### Save zsh Completions to File (macOS) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_zsh.md Redirect the output of the completion command to a file in the zsh site-functions directory for permanent loading on macOS using Homebrew. ```shell cloud-sql-proxy completion zsh > $(brew --prefix)/share/zsh/site-functions/_cloud-sql-proxy ``` -------------------------------- ### Run Cloud SQL Auth Proxy with SOCKS5 Proxy Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Configure the Cloud SQL Auth Proxy to route traffic through a SOCKS5 proxy. Use ALL_PROXY for general traffic and HTTPS_PROXY for SQL Admin API traffic. ```bash ALL_PROXY=socks5://localhost:8000 \ HTTPS_PROXY=socks5://localhost:8000 \ cloud-sql-proxy ``` -------------------------------- ### Load zsh Completions in Current Session Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_zsh.md Source the output of the completion command to enable autocompletion for the current zsh session. ```shell source <(cloud-sql-proxy completion zsh) ``` -------------------------------- ### cloud-sql-proxy completion zsh Command Usage Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_zsh.md The base command for generating zsh autocompletion scripts. Flags can modify its behavior. ```shell cloud-sql-proxy completion zsh [flags] ``` -------------------------------- ### Cloud SQL Auth Proxy Kubernetes Configuration with Environment Variables Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-health-check/README.md Configuration for the Cloud SQL Auth Proxy container using environment variables, including enabling HTTP health checks on port 9801. This is the recommended approach. ```yaml args: # Replace with the instance connection # name in the format: "project_name:region:instance_name" - env: # It can be easier to manage the k8s configuration file when you # use environment variables instead of CLI flags. This is the # recommended configuration. This configuration is enabled by default # when the cloud-sql-proxy-operator configures a proxy image # Replace with the port that the proxy should open # to listen for database connections from the application - name: CSQL_PROXY_PORT value: # Enable HTTP healthchecks on port 9801. This enables /liveness, # /readiness and /startup health check endpoints. Allow connections # listen for connections on any interface (0.0.0.0) so that the # k8s management components can reach these endpoints. - name: CSQL_PROXY_HEALTH_CHECK value: "true" - name: CSQL_PROXY_HTTP_PORT value: "9801" - name: CSQL_PROXY_HTTP_ADDRESS value: 0.0.0.0 # Configure the proxy to exit gracefully when sent a k8s configuration # file. - name: CSQL_PROXY_EXIT_ZERO_ON_SIGTERM value: "true" ``` -------------------------------- ### Generate Server Private Key and Certificate Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-service/README.md Generates the private key and certificate for the server (PgBouncer) to encrypt traffic from the application. ```shell cfssl gencert -ca cert -ca-key key server_csr.json | cfssljson -bare server ``` -------------------------------- ### Cloud SQL Proxy Address Flag Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy.md Configure the address to which the Cloud SQL instance listeners will bind using the --address flag. ```bash ./cloud-sql-proxy -a 127.0.0.1 ``` -------------------------------- ### Restart Cloud SQL Auth Proxy on Secret Change (Bash) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/disaster-recovery/README.md Use this bash script to wrap the Cloud SQL Auth Proxy. It monitors a Secret Manager secret for changes and restarts the proxy with the new primary instance details when detected. Configure the SECRET_ID, REFRESH_INTERVAL, and PORT variables. ```bash #! /bin/bash SECRET_ID="my-secret-id" # TODO(developer): replace this value REFRESH_INTERVAL=5 PORT=5432 # Get the latest version of the secret and start the Proxy INSTANCE=$(gcloud secrets versions access "latest" --secret="$SECRET_ID") cloud-sql-proxy --port "$PORT" "$INSTANCE" & PID=$! # Every 5s, get the latest version of the secret. If it's changed, restart the # Proxy with the new value. while true; do sleep $REFRESH_INTERVAL NEW=$(gcloud secrets versions access "latest" --secret="$SECRET_ID") if [ "$INSTANCE" != "$NEW" ]; then INSTANCE=$NEW kill $PID wait $PID cloud-sql-proxy --port "$PORT" "$INSTANCE" & PID=$! fi done ``` -------------------------------- ### Save zsh Completions to File (Linux) Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_zsh.md Redirect the output of the completion command to a file in the zsh site-functions directory for permanent loading on Linux. ```shell cloud-sql-proxy completion zsh > "${fpath[1]}/_cloud-sql-proxy" ``` -------------------------------- ### Cloud SQL Proxy Completion Fish Command Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_fish.md This is the base command for generating fish shell autocompletions for cloud-sql-proxy. Flags can be appended to modify its behavior. ```bash cloud-sql-proxy completion fish [flags] ``` -------------------------------- ### PgBouncer Environment Variables Configuration Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-service/README.md Configure PgBouncer using environment variables for database connection details, including host, credentials, database name, port, and TLS settings. ```yaml env: - name: DB_HOST value: "127.0.0.1" - name: DB_USER valueFrom: secretKeyRef: name: key: username - name: DB_PASSWORD valueFrom: secretKeyRef: name: key: password - name: DB_NAME valueFrom: secretKeyRef: name: key: database - name: DB_PORT value: "5431" - name: CLIENT_TLS_SSLMODE value: "require" - name: CLIENT_TLS_CA_FILE value: "/etc/ca/cert.pem" - name: CLIENT_TLS_KEY_FILE value: "/etc/server/key.pem" - name: CLIENT_TLS_CERT_FILE value: "/etc/server/cert.pem" ``` -------------------------------- ### Enable Debug Logging Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Use the `--debug-logs` flag to enable internal certificate refresh operations logging. This is useful for diagnosing unexpected behavior or reporting issues. ```shell cloud-sql-proxy --debug-logs ``` -------------------------------- ### Configure Listening Address Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Overrides the default listening address ('localhost') to bind the proxy to a different network interface. Use '0.0.0.0' to listen on all available interfaces. ```shell ./cloud-sql-proxy --address 0.0.0.0 ``` -------------------------------- ### Cloud SQL Proxy Completion Fish Flags Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_fish.md These flags can be used with the 'cloud-sql-proxy completion fish' command to customize the generated autocompletion script. The --no-descriptions flag disables descriptions for completions. ```bash -h, --help help for fish --no-descriptions disable completion descriptions ``` -------------------------------- ### Deploy Knative Service Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/multi-container/ruby/README.md Deploys the Knative service defined in the multicontainer.yaml file to Google Cloud Run. This command replaces any existing service with the same name. ```bash gcloud run services replace multicontainer.yaml ``` -------------------------------- ### Wait with Maximum Duration Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_wait.md Sets a maximum duration for the wait command to poll the proxy's startup endpoint. If the endpoint does not respond within this time, the command will exit. ```bash ./cloud-sql-proxy wait --max 10s ``` -------------------------------- ### Disable Cloud Trace Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Enable telemetry for Cloud Monitoring while disabling Cloud Trace. ```bash cloud-sql-proxy --telemetry-project= --disable-traces ``` -------------------------------- ### Cloud SQL Proxy Shutdown Command Syntax Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_shutdown.md This is the general syntax for the cloud-sql-proxy shutdown command, including available flags. ```bash cloud-sql-proxy shutdown [flags] ``` -------------------------------- ### Load Bash Completions in Current Session Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_bash.md To load bash completions in your current shell session, pipe the output of the completion command to the source command. ```bash source <(cloud-sql-proxy completion bash) ``` -------------------------------- ### Create a Kubernetes Secret for Database Credentials Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-sidecar/README.md Use this command to create a Kubernetes Secret containing your database username, password, and name. These values will be used to configure your application and the Cloud SQL Auth Proxy. ```shell kubectl create secret generic \ --from-literal=username= \ --from-literal=password= \ --from-literal=database= ``` -------------------------------- ### Load PowerShell Autocompletion Script Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_powershell.md This command loads the generated PowerShell autocompletion script into your current session. Ensure you have the cloud-sql-proxy binary in your PATH. ```powershell cloud-sql-proxy completion powershell | Out-String | Invoke-Expression ``` -------------------------------- ### Configure Ruby App Connection Pool Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/multi-container/ruby/README.md Configures a connection pool for a Ruby Sinatra application to connect to the Cloud SQL Proxy via TCP. Ensure environment variables for database credentials and instance details are set. ```ruby require 'sinatra' require 'sequel' set :bind, '0.0.0.0' set :port, 8080 # Configure a connection pool that connects to the proxy via TCP def connect_tcp Sequel.connect( adapter: 'postgres', host: ENV["INSTANCE_HOST"], port: ENV["DB_PORT"], database: ENV["DB_NAME"], user: ENV["DB_USER"], password: ENV["DB_PASS"], pool_timeout: 5, max_connections: 5, ) end DB = connect_tcp() ``` -------------------------------- ### Pull a Specific Cloud SQL Proxy Docker Image Version Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Use the docker pull command to download a specific version of the Cloud SQL Proxy container image from Artifact Registry. Replace $VERSION with the desired proxy version. ```shell # $VERSION is 2.22.1 docker pull gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.22.1 ``` -------------------------------- ### Test Deployed Service Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/multi-container/ruby/README.md Tests the deployed Cloud Run service by sending a curl request with an identity token for authentication. Replace with the actual URL of your deployed service. ```bash curl -H \ "Authorization: Bearer $(gcloud auth print-identity-token)" \ ``` -------------------------------- ### Run Cloud SQL Proxy in a Docker Container Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Execute the Cloud SQL Proxy within a Docker container, exposing the proxy's port to the host and specifying connection details. Ensure the proxy listens on all interfaces with --address "0.0.0.0". ```shell docker run --publish : \ gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest \ --address "0.0.0.0" --port ``` -------------------------------- ### Enable Automatic IAM Database Authentication Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Enable automatic IAM database authentication for MySQL and Postgres instances. Ensure your Cloud SQL instance is configured to allow IAM authentication and your IAM principal is added as a database user. ```shell ./cloud-sql-proxy --auto-iam-authn ``` -------------------------------- ### Disable Cloud Monitoring Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/README.md Enable telemetry for Cloud Trace while disabling Cloud Monitoring. ```bash cloud-sql-proxy --telemetry-project= --disable-metrics ``` -------------------------------- ### Create Kubernetes Secret from Service Account Key Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/examples/k8s-sidecar/README.md Creates a Kubernetes Secret to securely store the service account key file. This secret can then be mounted into pods. ```sh kubectl create secret generic \ --from-file=service_account.json=~/key.json ``` -------------------------------- ### zsh Completion Flags Source: https://github.com/googlecloudplatform/cloud-sql-proxy/blob/main/docs/cmd/cloud-sql-proxy_completion_zsh.md Options specific to the zsh completion script generation. Use `--no-descriptions` to disable descriptive text for completions. ```shell --no-descriptions disable completion descriptions ```