0

I have a DOTNET Core C# Console Application and i have a string for my connection string, right now, to connect to a local MySql database i use the following connection string:

Server=127.0.0.1;Database=database;Uid=root;Pwd=123;

I have set up a Google Cloud SQL MySql instance and created a database there and assigned a private IP to it. I have also created a GKE cluster. I was following this documentation on connecting from GKE to Cloud SQL using private IP:

https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine

In that doc, it says i need 2 kubernetes secrets, 1 for the service account credentials, that i used a key generated in the Cloud SQL instance. The other is supposed to be the database credentials. How is this secret supposed to look like, and what is my connection string supposed to look like in order to use the values indicated in the secret.

I have tried to ignore the database credentials secret and used the connection string as it is, only changing the ip to the given private IP, thinking that, for testing purposes should be enough, but with no success.

Improve this question
1
  • The question is not specific to GKE but applicable to kubernetes in general. Commented Jun 26, 2021 at 7:56

2 Answers 2

Reset to default
1

This is how i got my connectiong string:

var dbHost     = Environment.GetEnvironmentVariable("DB_HOST");
var dbName     = Environment.GetEnvironmentVariable("DB_NAME");
var dbUser     = Environment.GetEnvironmentVariable("DB_USER");
var dbPassword = Environment.GetEnvironmentVariable("DB_PASSWORD");

string connectionString = $"server={dbHost};database={dbName};uid={dbUser};pwd={dbPassword};";

And use the env on the container in the deployment yml file like this:

     env:
        - name: DB_HOST
          value: 127.0.0.1
        - name: DB_NAME
          value: name
        - name: DB_USER
          valueFrom:
            secretKeyRef:
              name: cloudsql-db-credentials
              key: username
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: cloudsql-db-credentials
              key: password

And i created a generic secret with this command:

kubectl create secret generic cloudsql-db-credentials --from-literal=username=root --from-literal=password=123
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

in the link you provided, you have everything you need to bring the secret information into your application pods.

First you create the secret with kubectl create which takes several key-value pairs as input.

kubectl create secret generic <YOUR-DB-SECRET> \
  --from-literal=username=<YOUR-DATABASE-USER> \
  --from-literal=password=<YOUR-DATABASE-PASSWORD> \
  --from-literal=database=<YOUR-DATABASE-NAME>

Then you mount the secret as a volume in your pod:

volumes:
- name: <YOUR-DB-SECRET-VOLUME>
  secret:
    secretName: <YOUR-DB-SECRET>

Then you specify a mount path in the pod file-system for your volume:

volumeMounts:
- name: <YOUR-DB-SECRET-VOLUME>
  mountPath: /secrets/
  readOnly: true

At this point, your key value pairs are accessible from your pod's /secrets folder where each key-value pair is stored as a file having its key as name and its value as file contents.

Your /secrets/ folder listing should be :

username
password
database

To access them from your app, you just have to get /secrets/ folder file listing and read the contents of each file.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.