1. Introduction
In one of my past articles, we’ve learned how to deploy the Spring Boot Kotlin application to the Google Kubernetes Engine. According to your feedback, you really enjoyed it and some of you asked me to write something more about connecting to the databases in such an environment.
In the beginning, I’d like to thank you so much for the inspiration. You can be sure, that in the future I will prepare more articles on this topic.
In this guide, I’d like to show you how to deploy Spring Boot Kotlin application to the GKE with Cloud SQL using a sidecar pattern. It will be the continuation of this post, so I highly recommend spending some time checking it.
2. Create Cloud SQL Instance
As the first step, let’s head to the GCP Cloud SQL console and click the Create Instance button.
On the next page, let’s select the MySQL database:
Let’s provide the instance ID and root password for our database. As you can see on the below screenshot, we can also specify other things, like region, zone, or database version:
Finally, let’s click the Create button and start the process of creating the instance.
3. Create a Service Account
As the next step, let’s switch to the service accounts panel of the IAM management. We need to prepare the service account, which will be used later to establish the connection between the GKE and Cloud SQL.
Let’s click the Create Service Account button. Then, let’s specify the service account name and click Create:
Nextly, let’s grant the Cloud SQL Admin Role to our service account:
Please note: for the tutorial, we are using the admin role, but in the real-life scenarios we should always remember about the Principle of Least Privilege (POLP).
4. Enable Cloud SQL Admin API
Before we will be able to connect using the Cloud SQL Proxy, we need to enable the Cloud SQL Admin API. To do that, let’s head to the API management page and click the Enable button:
5. Connecting Using the Cloud SQL Proxy
There are a few approaches on how to connect to our SQL instance. For a better understanding of the topic, I highly recommend checking out this Google guide.
In this tutorial, we will add the proxy to our application’s pod using the sidecar container pattern. If you would be interested in tutorials covering other ways of connection, please let me know about it.
5.1. Add Proxy Container
Let’s start by adding the proxy to the deployment file. Let’s head to the previously created deployment.yaml file and put the following config under the containers:
- image: gcr.io/cloudsql-docker/gce-proxy:1.18.0 name: cloud-sql-proxy command: - "/cloud_sql_proxy" - "-instances=<PROJECT_ID>:<ZONE>:<INSTANCE_NAME>=tcp:3306" securityContext: runAsNonRoot: true
The second command in our configuration requires us to specify the list of comma-separated fully qualified instances connections names. You can check your connection name in the Cloud SQL console.
5.2. Connect Service Account
As the next step, we will provide the service account for our proxy. We will do it using GKE’s Workload Identity feature, which is the preferred method. To put it simply, we will bind the Kubernetes Service Account (KSA) to a Google Service Account (GSA).
Let’s start by enabling the Workload Identity on our existing cluster:
gcloud container clusters update \ --workload-pool=<PROJECT-ID>.svc.id.goog --zone=<ZONE>
We will need to wait for some time for the changes to be applied.
Nextly, let’s create the service-account.yaml file and put there the configuration for the KSA:
apiVersion: v1 kind: ServiceAccount metadata: name: cloud-sql-sa
And create the KSA in our cluster:
kubectl apply -f service-account.yaml
With that being done, we can enable the IAM binding between the <GSA-NAME> and <KSA-NAME>:
gcloud iam service-accounts add-iam-policy-binding \ --role roles/iam.workloadIdentityUser \ --member "serviceAccount:<PROJECT-ID>.svc.id.goog[<K8S-NAMESPACE>/<KSA-NAME>]" \ <GSA-NAME>@<PROJECT-ID>.iam.gserviceaccount.com
As the next step, let’s add an annotation to <KSA-NAME> to complete the binding:
kubectl annotate serviceaccount \ <KSA-NAME> \ iam.gke.io/gcp-service-account=<GSA-NAME>@<PROJECT-ID>.iam.gserviceaccount.com
Finally, please make sure to specify the service account for the Kubernetes object:
spec: serviceAccountName: cloud-sql-sa
6. Configure Spring Boot App
After all the above steps, we can finally switch to our Spring Boot project to set up the connection.
6.1. Imports
Let’s start by adding necessary imports:
runtimeOnly("mysql:mysql-connector-java")
As you can see, we are adding MySQL Connector dependency. If we had chosen another database in step 2, we would have to import the appropriate driver here.
6.2. Edit Application Properties
As the next step, let’s edit the application.yaml file and put the following configuration there:
spring: datasource: url: jdbc:mysql://127.0.0.1:3306/${DB_NAME} username: ${DB_USERNAME} password: ${DB_PASSWORD}
Please notice, that the environment variables should be set to, or replaced with the correct values. For the learning purposes, as the user, we can use root with the password we’ve set in step 2. Also, to create the database, we can head to the Cloud SQL Databases console.
7. Deploy Spring Boot App to GKE
As the last step, let’s deploy our application to the Google Kubernetes Engine. Let’s build and push our container with the following commands:
docker build -t spring-boot-example . docker tag spring-boot-example gcr.io//spring-boot-example:0.0.2 docker push gcr.io//spring-boot-example:0.0.2
Please notice, that you can use the tag whatever you like. I’m just using 0.0.2 to keep it concise with the previous article.
Finally, let’s update our deployment file:
containers: - image: gcr.io//spring-boot-example:0.0.2
And submit our changes to the cluster:
kubectl apply -f deployment.yaml
After all, we can check the status of changes, for instance with the get pods command:
kubectl get pods //example response NAME READY STATUS RESTARTS AGE spring-boot-example-799bb5dd97-whwdb 2/2 Running 0 55s
As you can see, the Pod is running and both containers are ready.
8. Summary
And that would be all for this article. We’ve covered step by step how to deploy the Spring Boot application to the Google Kubernetes Engine with Cloud SQL. I believe, that some of the steps may seem pretty difficult, but I can guarantee you that over time, you will get a much better understanding of this topic.
Hope you had a great time reading this article. Please remember, that you can always contact me through the fan page, group, or contact form. Don’t be afraid to ask any questions- I will be more than happy to answer them.
And of course, you can find the full source code here.
2 Responses
Where can I find the first part of the article? Really nice material. Thanks.
Hello Rafael,
Thank you very much for your kind words. The first article can be find here: https://codersee.com/deploy-spring-boot-application-to-gke/
Hope you’re gonna enjoy it too 🙂