Learn how to deploy a sample app on Cloud Run
connected to a SQL Server instance by using the Google Cloud console and a client
application.
Assuming that you complete all the steps in a timely manner, the resources
created in this quickstart typically cost less than one dollar (USD).
Before you begin
Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
In the Google Cloud console, on the project selector page,
select or create a Google Cloud project.
Click the following button to open Cloud Shell, which provides
command-line access to your Google Cloud resources directly from the browser.
Cloud Shell can be used to run the gcloud commands presented throughout this quickstart.
gcloud compute addresses create google-managed-services-default \
--global --purpose=VPC_PEERING --prefix-length=16 \
--description="peering range for Google" --network=default
Run the gcloud services vpc-peerings connect
command to create a private connection to the allocated IP address range. Replace YOUR_PROJECT_ID with your project's project ID.
Create an instance with private IP address and SSL enabled
Before running the command as follows, replace DB_ROOT_PASSWORD with the password of your database user.
Optionally, modify the values for the following parameters:
--database-version: The database engine type and version.
If left unspecified, the API default is used.
See the gcloud database versions
documentation to see the current available versions.
--cpu: The number of cores in the machine.
--memory: A whole number value indicating how
much memory to include in the machine. A size unit can be
provided (for example, 3072MB or 9GB). If no units are specified,
GB is assumed.
--region: The regional location of the instance
(for example asia-east1, us-east1). If left unspecified, the default
us-central1 is used.
See the full list of regions.
With a Cloud SQL instance, database, and service account with client
permissions, you can now configure a sample application to connect to your
Cloud SQL instance.
Public IP
Cloud Run does not support connecting to Cloud SQL
for SQL Server over public IP. Use private IP instead.
Private IP
For private IP paths, your application connects directly to your
instance through Serverless VPC Access. This method uses a TCP socket to
connect directly to the Cloud SQL instance without using the Cloud SQL Auth Proxy.
Go
Create and download SSL server certificate
In the Google Cloud console, go to the Cloud SQL Instances page.
In the Open in Cloud Shell dialog, click Confirm to
download the sample app code and open the sample app directory in Cloud Shell Editor.
Upload the SSL server certificate file to the certs folder.
Right-click the certs folder in Cloud Shell Editor and select Upload Files.
Select the following file on your local machine: server-ca.pem.
With the SSL server certificate file selected, click Open to complete the process of uploading the file to Cloud Shell Editor.
Run the following command in Cloud Shell to build a Docker container and publish it to Container Registry.
Replace YOUR_PROJECT_ID with your project's project ID.
In the Open in Cloud Shell dialog, click Confirm to
download the sample app code and open the sample app directory in Cloud Shell Editor.
Run the following command in Cloud Shell to build a Docker container and publish it to Container Registry.
Replace YOUR_PROJECT_ID with your project's project ID.
In the Open in Cloud Shell dialog, click Confirm to
download the sample app code and open the sample app directory in Cloud Shell Editor.
Upload SSL server certificate file to the certs folder.
Right-click the certs folder in Cloud Shell Editor and select Upload Files
Select following file on your local machine: server-ca.pem.
With the SSL server certificate file selected, click Open to complete the process of uploading the file to Cloud Shell Editor.
Run the following command in Cloud Shell to build a Docker container and publish it to Container Registry.
Replace YOUR_PROJECT_ID with your project's project ID.
Click Create container and select Service to display the
Create service form.
Retain the option to deploy from an existing container image and click Select to specify the gcr.io/YOUR_PROJECT_ID/run-sql container image you created in the previous step.
Enter quickstart-service for the Service name.
In the Authentication section, select
the Allow unauthenticated invocations option. If you
don't have permissions (Cloud Run Admin role) to select
this, the service will deploy and require authentication.
Expand the
Container, Variables & Secrets, Connections, Security
section.
Create the following environment variables by clicking Add variable
under Environment variables. Set the values for the environment variables, as follows:
INSTANCE_CONNECTION_NAME: Set to your instance's Connection name that appears
on the Cloud SQL instances page in the Google Cloud console.
DB_PORT: Set to 1433.
INSTANCE_HOST: Set to the private IP address of your instance as mentioned in the Cloud SQL instance Overview page.
DB_ROOT_CERT: Set to certs/server-ca.pem.
PRIVATE_IP: Set to TRUE.
Enable connecting to Cloud SQL:
Click Connections.
Click Add Connection in the Cloud SQL connections section.
Select the quickstart-instance Cloud SQL instance that you previously created.
Select default: Serverless VPC Access Connector "quickstart-connector"
from the VPC Network drop-down menu.
Select the option Route all traffic through the VPC connector.
Click Create to finish creating the Cloud Run service.
After the Cloud Run service is deployed, the
Service details page displays the
URL of the running service at the top of the page.
Click the URL link to see the deployed sample app on Cloud Run connected to
Cloud SQL.
gcloud
Before running the following command, make the following replacements:
YOUR_PROJECT_ID with your project ID.
INSTANCE_CONNECTION_NAME with your instance's Connection name
that appears on the Cloud SQL instances page in the Google Cloud console.
Java users should run the gcloud run deploy command without
the INSTANCE_HOST, DB_ROOT_CERT, and PRIVATE_IP --set-env-vars flags, as follows, to create the Cloud Run service
because the Java connector already provides a secure connection:
Enter the numeric choice provided for us-central1 when prompted to specify a region.
When you see a confirmation message that the Cloud Run service has been deployed, click the
Service URL link in the message to see the sample app on Cloud Run that is connected to Cloud SQL.
Clean up
To avoid incurring charges to your Google Cloud account for
the resources used on this page, follow these steps.
In the Google Cloud console, go to the Cloud SQL Instances page.