SQLBee pollinates your unsuspecting pods with cloud sql proxy sidecars so your services can easily connect to your cloud sql instance. When using GCP Cloud SQL it is recommended to use cloudsql-proxy as a sidecar in your pods. Of course you can add this sidecar manually to all your pods requiting database access, but this is a tedious and possibly error prone (outdated images, typos etc.) process. SQLBee simply injects the same sidecar into all your pods. In case you some of your pods are little different than others you can customize the injection via annotations.
Deploy SQLBee (docker.io/connctd/sqlbee) as a mutating admission webhook (see https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/). In the deployment folder an example configuration is provided. You will need have secret with a credentials.json with permissions for Cloud SQL to be used by the sidecar. Other authentication aren't currently supported You can either use the same secret everywhere or customize it per pod via annotations.
Depending on whether you set the annotationRequired parameter you either need to add the annotation
sqlbee.connctd.io.inject: "true" to your pod specifications or you need to add nothing at all
to inject your pods with a cloud-sql-proxy sidecar.
| Name | Default value | Description | Required |
|---|---|---|---|
| cert | none | Path to the server certificate to be used | yes |
| key | none | Path to the servers private key | yes |
| instance | none | Name of the default cloud sql instance if not specified via annotation | no |
| secret | none | Name of a secret containing the GCP credentials for this cloud-sql-proxy | no |
| ca-map | none | Name of a config map containing root certificates | no |
| annotationRequired | false | Whether to only inject the sidecar if the annotation is present | no |
| loglevel | info | The log level | no |
| Name | Description | Required |
|---|---|---|
| sqlbee.connctd.io.inject | Wether to inject with a cloud-sql-proxy | no |
| sqlbee.connctd.io.image | Image to be used, default gcr.io/cloudsql-docker/gce-proxy:1.13 | no |
| sqlbee.connctd.io.instance | cloud-sql instance to connect to, required if no default is set | maybe |
| sqlbee.connctd.io.secret | Secret containing credentials | no |
| sqlbee.connctd.io.caMap | Config map containing root certificates | no |
| sqlbee.connctd.io.cpuRequest | value of the sidecar cpu request, defaults to "30m" | no |
| sqlbee.connctd.io.memRequest | value of the sidecar memory request, defaults to "50Mi" | no |