GDC Sandbox provides the Database Service to test and manage database clusters.
Create Database
To create and manage a database cluster, see Create and Manage database cluster.
Available Database Engines
GDC Sandbox supports only PostgreSQL and AlloyDB.
Use either the GDC console or the Distributed Cloud CLI to create database clusters:
Console
- From the main menu, choose Database Service.
- Click Create Database Cluster.
In the Choose a database engine dialog, choose a database engine.
In the Configure your cluster dialog, specify the cluster ID, password, and database version. You can enable backups and configure the backup retention period.
In the Configure your primary instance dialog, specify the CPU, memory, and storage capacity of the primary instance of the database cluster. We recommend you choose enough memory to hold your largest table.
Click Create. Creating the database cluster can take a few minutes. Check the status of the cluster from the Cluster overview page. The status changes from Creating to Ready when the cluster is ready.
gdcloud
Before using Distributed Cloud CLI, install and initialize it. Then, authenticate with your organization.
Run the following command to create a database cluster:
gdcloud database clusters create CLUSTER_NAME \ --database-version DB_VERSION \ --admin-password ADMIN_PASSWORD
Replace the following variables:
CLUSTER_NAME
with the name for the new cluster.DB_VERSION
with the version string for the new cluster. For example,POSTGRESQL_13
orALLOYDBOMNI_15
ADMIN_PASSWORD
with the administrator password for the new cluster.
For more information on configuring the CPU, memory, and storage resources for the database cluster, configuring backup, enabling high availability, and for other available options, run:
gdcloud database clusters create --help
API
Create a file
db-cluster-create.yaml
with contentsapiVersion: v1 kind: Secret metadata: name: db-pw-DBCLUSTER_NAME namespace: USER_PROJECT type: Opaque data: DBCLUSTER_NAME: "BASE64_PASSWORD" --- apiVersion: DBENGINE_NAME.dbadmin.gdc.goog/v1 kind: DBCluster metadata: name: DBCLUSTER_NAME namespace: USER_PROJECT spec: primarySpec: adminUser: passwordRef: name: db-pw-DBCLUSTER_NAME version: "DB_VERSION" resources: memory: DB_MEMORY cpu: DB_CPU disks: - name: DataDisk size: DB_DATA_DISK
Replace the following variables:
DBCLUSTER_NAME
, the name of the database cluster.USER_PROJECT
, the name of the user project where the database cluster will be created.BASE64_PASSWORD
, the base64 encoding of the database's administrator password.DBENGINE_NAME
, the name of the database engine. This is one ofalloydbomni
, orpostgresql
.DB_VERSION
, the version of the database engine.DB_MEMORY
, the amount of memory allocated to the DB Cluster, for example5Gi
.DB_CPU
, the amount of CPUs allocated to the DB Cluster, for example2
.DB_DATA_DISK
, amount of space allocated to the DB Cluster, for example10 Gi
.
kubectl --kubeconfig MANAGEMENT_API apply -f db-cluster-create.yaml
Connect to the Database
By default, a database cluster only allows connection from within the user cluster and the same project.
To enable connections to all database clusters in your project from another project, see Enable cross-project connections.
To connect to the database from IP addresses outside your GDC Sandbox organization, follow the instructions at Connect to DB to enable the external connections.
You can use sshuttle
to connect to your database with a local database client like psql
:
Navigate to the Connectivity section of the Database Service page for the database cluster. This page includes:
- The password of the administrator account (the username is
dbsadmin
) - Hostname and port number of the database cluster's primary endpoint
- A
psql
command for connecting to the cluster (for PostgreSQL and AlloyDB Omni database clusters) - A link to download the certificate authority (CA) certificate of the database cluster
- The password of the administrator account (the username is
Download the CA certificate from the GDC console in the Connectivity section of the Database Service page for your database cluster.
Configure your client to use the CA certificate to verify the database. For
psql
clients, set thePGSSLROOTCERT
env variable to the path of the certificate file and thePGSSLMODE
env variable to your preference:export PGSSLROOTCERT=path/to/accounts_cert.pem export PGSSLMODE="verify-full"
Initiate a secure tunnel. If you have a running instance of
sshuttle
as described in Connect to your instance, terminate that process.sshuttle -r zone1-org-1-data@GDC_SANDBOX_INSTANCE_NAME --no-latency-control \ --ssh-cmd 'gcloud compute ssh --project PROJECT_NAME --zone ZONE --tunnel-through-iap' \ 10.200.0.0/16 --dns
Replace the following with the values provided to you by the GDC Sandbox team:
GDC_SANDBOX_INSTANCE_NAME
: the name of your GDC Sandbox instance.PROJECT_NAME
: the project containing your GDC Sandbox environment.ZONE
: the zone containing your GDC Sandbox environment.
While the tunnel is active, run the command using
psql
in a different terminalPGPASSWORD=DB_PASSWORD psql -h DB_HOSTNAME -p PORT -U USERNAME -d postgres
Replace the following variables:
DB_PASSWORD
: the password from the console UI.DB_HOSTNAME
: the database hostname from the console.DB_PORT
: the database port number from the console.DB_USERNAME
: the database username from the console.