This page describes how to use the Database Service to create and manage databases in Google Distributed Cloud (GDC) air-gapped.
Authorization and roles
Users must be authorized to access the Database Service. Authorization is required to access Database Service with both the GDC console and the Distributed Cloud CLI.
The following roles grant permissions to users:
project-viewer
- Users with this role can access the GDC console.
project-db-viewer
- Users with this role can view database clusters.
project-db-editor
- Users with this role have the capabilities conferred by
project-db-viewer
and can also edit database clusters. project-db-admin
- Users with this role have the capability conferred by
project-db-editor
and can also create and delete database clusters. project-bucket-object-viewer
- Users with this role can use the storage browser in the Database Service interface in the GDC console. This interface is used to specify files for database imports and to specify destinations for files generated by database exports.
project-monitoring-viewer
- Users with this role can access the monitoring instance. See Observe metrics for more information about observing Database Service metrics. You should only grant this role to users who need to access the monitoring instance.
project_mp_admin
- Users with this role have the capabilities conferred by both
project_mp_editor
andproject_mpb_editor
roles, so they can create, edit, and delete both maintenance policies and maintenance policy bindings. project_mp_viewer
- Users with this role can view maintenance policies.
project_mp_editor
- Users with this role have the capabilities conferred by the
project_mp_viewer
role, and can also create, edit, and delete maintenance policies. project_mpb_viewer
- Users with this role can view maintenance policy bindings.
project_mpb_editor
- Users with this role have the capabilities conferred by the
project_mpb_viewer
role, and can also create, edit, and delete maintenance policy bindings.
Available database engines
The following database engines are available to use in a GDC environment:
Database | Versions |
---|---|
AlloyDB Omni | 15 |
Oracle | 19 |
PostgreSQL | 13, 14, 15 |
Choose a database engine type and create a database cluster
If you want to enable backups for the database cluster, first create a
Distributed Cloud storage bucket or any bucket that is accessible with a S3-compatible endpoint, then create a backup repository named dbs-backup-repository
. If using storage bucket outside of Distributed Cloud, it's your responsibility to ensure the bucket is properly encrypted.
The following is a sample BackupRepository
custom resource created for Database Service backups:
apiVersion: backup.gdc.goog/v1
kind: BackupRepository
metadata:
name: dbs-backup-repository
spec:
secretReference:
namespace: "object-storage-secret-ns"
name: "object-storage-secret"
endpoint: "https://objectstorage.google.gdch.test"
type: S3
s3Options:
bucket: "fully-qualified-bucket-name"
region: "us-east-1"
forcePathStyle: true
importPolicy: ReadWrite
A user with the Project DB Admin role must perform the following steps. Use either the GDC console or the Distributed Cloud CLI to create database clusters:
Console
- From the main menu, choose Database Service.
- Click Create Database Cluster.
In the Choose a database engine dialog, choose a database engine.
In the Configure your cluster dialog, specify the cluster ID, password, and database version. You can enable backups and configure the backup retention period.
If you chose the PostgreSQL database engine, you can enable high availability for your database cluster. If enabled, the Database Service provisions a standby instance in the same zone as your primary instance to protect against failure. See High availability for more information.
In the Configure your primary instance dialog, specify the CPU, memory, and storage capacity of the primary instance of the database cluster. We recommend you choose enough memory to hold your largest table.
Click Create. Creating the database cluster can take a few minutes. Check the status of the cluster from the Cluster overview page. The status changes from Creating to Ready when the cluster is ready.
gdcloud
Before using Distributed Cloud CLI, install and initialize it. Then, authenticate with your organization.
Run the following command to create a database cluster:
gdcloud database clusters create CLUSTER_NAME \ --database-version DB_VERSION \ --admin-password ADMIN_PASSWORD
Replace the following variables:
CLUSTER_NAME
with the name for the new cluster.DB_VERSION
with the version string for the new cluster. For example,POSTGRESQL_13
,ORACLE_19_ENTERPRISE
orALLOYDBOMNI_15
ADMIN_PASSWORD
with the administrator password for the new cluster.
For more information on configuring the CPU, memory, and storage resources for the database cluster, configuring backup, enabling high availability, and for other available options, run:
gdcloud database clusters create --help
API
For AlloyDB or PostgreSQL databases:
apiVersion: v1
kind: Secret
metadata:
name: db-pw-DBCLUSTER_NAME
namespace: USER_PROJECT
type: Opaque
data:
DBCLUSTER_NAME: "BASE64_PASSWORD"
---
apiVersion: DBENGINE_NAME.dbadmin.gdc.goog/v1
kind: DBCluster
metadata:
name: DBCLUSTER_NAME
namespace: USER_PROJECT
spec:
primarySpec:
adminUser:
passwordRef:
name: db-pw-DBCLUSTER_NAME
version: "DB_VERSION"
resources:
memory: DB_MEMORY
cpu: DB_CPU
disks:
- name: DataDisk
size: DB_DATA_DISK
For Oracle databases:
apiVersion: v1
kind: Secret
metadata:
name: db-pw-DBCLUSTER_NAME
namespace: USER_PROJECT
type: Opaque
data:
DBCLUSTER_NAME: "BASE64_PASSWORD"
---
apiVersion: oracle.dbadmin.gdc.goog/v1
kind: DBCluster
metadata:
name: DBCLUSTER_NAME
namespace: USER_PROJECT
spec:
primarySpec:
adminUser:
passwordRef:
name: db-pw-DBCLUSTER_NAME
version: "DB_VERSION"
cdbName: GCLOUD
resources:
memory: DB_MEMORY
cpu: DB_CPU
disks:
- name: DataDisk
size: DB_DATA_DISK
- name: LogDisk
size: DB_LOG_DISK
Replace the following variables:
DBCLUSTER_NAME
, the name of the database cluster.USER_PROJECT
, the name of the user project where the database cluster will be created.BASE64_PASSWORD
, the base64 encoding of the database's administrator password.DBENGINE_NAME
, the name of the database engine. This is one ofalloydbomni
, orpostgresql
.DB_VERSION
, the version of the database engine.DB_MEMORY
, the amount of memory allocated to the DB Cluster, for example5Gi
.DB_CPU
, the amount of CPUs allocated to the DB Cluster, for example2
.DB_DATA_DISK
, amount of space allocated to the DB Cluster, for example10 Gi
.DB_LOG_DISK
, the amount of space allocated to the log disk of the Oracle database (Oracle only).