En esta página, se describe cómo conectarse a tu instancia de Cloud SQL con el operador de proxy de Cloud SQL. Para obtener más información sobre cómo funciona el operador de proxy de Cloud SQL, consulta Acerca del operador de proxy de Cloud SQL.
Descripción general
El operador de proxy de Cloud SQL configura aplicaciones implementadas en Google Kubernetes Engine (GKE) para conectarse a las instancias de base de datos de Cloud SQL mediante el proxy de autenticación de Cloud SQL. Usar el proxy de autenticación de Cloud SQL es el método recomendado para conectarse a una instancia de Cloud SQL. Para obtener más información sobre el proxy de autenticación de Cloud SQL, consulta Información sobre el proxy de autenticación de Cloud SQL.
Las aplicaciones que se ejecutan en GKE pueden conectarse mediante el proxy de autenticación de Cloud SQL.
Antes de comenzar
Antes de que puedas conectarte a una instancia de Cloud SQL, haz lo siguiente:
Para una cuenta de servicio o usuario, asegúrate de que tenga el rol de cliente de Cloud SQL. Este rol contiene el permiso cloudsql.instances.connect, que autoriza a una principal a conectarse a todas las instancias de Cloud SQL de un proyecto.
De manera opcional, puedes incluir una condición de IAM en la vinculación de la política de IAM que otorgue al permiso la cuenta para conectarse solo a una instancia específica de Cloud SQL.
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-04 (UTC)"],[],[],null,["# Connect using the Cloud SQL Proxy Operator\n\n\u003cbr /\u003e\n\nMySQL \\| [PostgreSQL](/sql/docs/postgres/connect-proxy-operator \"View this page for the PostgreSQL database engine\") \\| [SQL Server](/sql/docs/sqlserver/connect-proxy-operator \"View this page for the SQL Server database engine\")\n\n\u003cbr /\u003e\n\nThis page describes how to connect to your Cloud SQL instance using the\nCloud SQL Proxy Operator. For more information about how the Cloud SQL Proxy Operator works, see\n[About the Cloud SQL Proxy Operator](/sql/docs/mysql/sql-proxy#proxy-operator).\n\nOverview\n--------\n\nThe Cloud SQL Proxy Operator configures applications deployed on Google Kubernetes Engine\n(GKE) to connect to Cloud SQL database instances\nusing the Cloud SQL Auth Proxy. Using the\n[Cloud SQL Auth Proxy](/sql/docs/mysql/sql-proxy) is the recommended\nmethod for connecting to a Cloud SQL instance. To learn more about\nthe Cloud SQL Auth Proxy, see [About the Cloud SQL Auth Proxy](/sql/docs/mysql/sql-proxy).\n\nApplications running in [GKE](/sql/docs/mysql/connect-kubernetes-engine#proxy) can connect using the Cloud SQL Auth Proxy.\n\nBefore you begin\n----------------\n\nBefore you can connect to a Cloud SQL instance, do the following:\n\n1. For a user or service account, make sure the account has the\n Cloud SQL Client role. This role contains the\n `cloudsql.instances.connect` permission,\n which authorizes a principal to connect to all Cloud SQL instances\n in a project.\n\n [Go to the IAM page](https://console.cloud.google.com/iam-admin/iam)\n\n You can optionally include an\n [IAM condition](/sql/docs/mysql/project-access-control#allow_users_to_connect_to_specific_instances)\n in the IAM policy binding that grants the account permission\n to connect only to one specific Cloud SQL instance.\n2.\n\n\n Enable the Cloud SQL Admin API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=sqladmin)\n3. Install and initialize the [gcloud CLI](/sdk/docs/install).\n\nInstall the Cloud SQL Proxy Operator\n------------------------------------\n\nUse the following steps to install the Cloud SQL Proxy Operator.\n\n1. Confirm that `kubectl` can connect to your GKE cluster. \n\n ```bash\n kubectl cluster-info\n ```\n For more information about connecting Google Kubernetes Engine to Cloud SQL, see [Connect from Google Kubernetes Engine](/sql/docs/mysql/connect-kubernetes-engine).\n2. Install `cert-manager` using helm. You will need to use the version and cli arguments specified here to use `cert-manager` on your GKE cluster. \n\n ```bash\n helm repo add jetstack https://charts.jetstack.io\n helm repo update\n helm install \\\n cert-manager jetstack/cert-manager \\\n --namespace cert-manager \\\n --version \"v1.9.1\" \\\n --create-namespace \\\n --set global.leaderElection.namespace=cert-manager \\\n --set installCRDs=true\n \n ```\n3. Install the Cloud SQL Proxy Operator to your kubernetes cluster: \n\n ```bash\n kubectl apply -f https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator/v1.6.1/cloud-sql-proxy-operator.yaml\n \n ```\n4. Wait for the Cloud SQL Proxy Operator to start. \n\n ```bash\n kubectl rollout status deployment -n cloud-sql-proxy-operator-system cloud-sql-proxy-operator-controller-manager --timeout=90s\n \n ```\n5. Confirm that the Cloud SQL Proxy Operator is installed and running: \n\n ```bash\n kubectl get pods -n cloud-sql-proxy-operator-system\n \n ```\n\nWhat's next\n-----------\n\n\u003cbr /\u003e\n\n- Learn more about the [Cloud SQL Auth Proxy](/sql/docs/mysql/sql-proxy).\n- Learn more about [Identity and Access Management (IAM)](/iam/docs/overview).\n- Learn more about [Service Accounts](/iam/docs/understanding-service-accounts).\n- Learn about the [two levels of access control](/sql/docs/mysql/instance-access-control) for Cloud SQL instances.\n- Create [users](/sql/docs/mysql/create-manage-users) and [databases](/sql/docs/mysql/create-manage-databases).\n- Learn about [connecting to your instance from your application](/sql/docs/mysql/instance-access-control#instanceaccess).\n- Learn about [MySQL Client](https://dev.mysql.com/doc/refman/8.0/en/mysql.html).\n- Learn about [options for support](/sql/docs/support).\n\n\u003cbr /\u003e"]]
