{"id":18941542,"url":"https://github.com/mchmarny/cloud-sql-for-cloud-run-example","last_synced_at":"2025-06-21T00:07:07.704Z","repository":{"id":77051284,"uuid":"202791507","full_name":"mchmarny/cloud-sql-for-cloud-run-example","owner":"mchmarny","description":"Sample outlining a process of setting up Cloud SQL instance with secure (TLS) access that will work the same way from developer workstation as well as from within Cloud Run","archived":false,"fork":false,"pushed_at":"2023-02-09T20:34:24.000Z","size":5460,"stargazers_count":3,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-25T10:41:17.222Z","etag":null,"topics":["certificate","cloud","cloud-sql","golang","kms","sql","tls"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mchmarny.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-16T19:58:37.000Z","updated_at":"2023-09-27T03:06:57.000Z","dependencies_parsed_at":null,"dependency_job_id":"2212e8de-ef15-4086-8b01-32566fece7cb","html_url":"https://github.com/mchmarny/cloud-sql-for-cloud-run-example","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mchmarny/cloud-sql-for-cloud-run-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mchmarny%2Fcloud-sql-for-cloud-run-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mchmarny%2Fcloud-sql-for-cloud-run-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mchmarny%2Fcloud-sql-for-cloud-run-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mchmarny%2Fcloud-sql-for-cloud-run-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mchmarny","download_url":"https://codeload.github.com/mchmarny/cloud-sql-for-cloud-run-example/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mchmarny%2Fcloud-sql-for-cloud-run-example/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261039081,"owners_count":23100969,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","cloud","cloud-sql","golang","kms","sql","tls"],"created_at":"2024-11-08T12:28:27.145Z","updated_at":"2025-06-21T00:07:02.682Z","avatar_url":"https://github.com/mchmarny.png","language":"Shell","readme":"# cloud-sql-for-cloud-run-example\n\nThe current Cloud SQL integration in Cloud Run is not yet 100% idiomatic and does require couple GCP-specific steps:\n\n1. Side-effects import `_ \"github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/dialers/mysql\"`\n2. Needing to run [Cloud SQL Proxy](https://cloud.google.com/sql/docs/mysql/quickstart-proxy-test) during local development or testing\n\nThis sample outlines a process of setting up a highly available (multi-zone) Cloud SQL instance with secure (TLS) access that works the same way from the developer workstation as it does from within Cloud Run.\n\n\u003e Note, to keep this readme short, I will be asking you to execute scripts rather than listing here complete commands. You should really review each one of these scripts for content, and, to understand the individual commands so you can use them in the future.\n\n## Pre-requirements\n\n### GCP Project and gcloud SDK\n\nIf you don't have one already, start by creating new project and configuring [Google Cloud SDK](https://cloud.google.com/sdk/docs/). Similarly, if you have not done so already, you will have [set up Cloud Run](https://cloud.google.com/run/docs/setup).\n\n## API\n\nIn case you have not used some of the required GCP APIs, run [bin/api](bin/api) script to make sure they are all enabled:\n\n\n```shell\nbin/api\n```\n\n## Setup\n\nTo setup this service you will need to clone this repo:\n\n```shell\ngit clone https://github.com/mchmarny/logo-identifier.git\n```\n\nAnd navigate into that directory:\n\n```shell\ncd logo-identifier\n```\n\n## Cloud SQL\n\n### Passwords\n\nThe [bin/password](bin/password) script will generate root and app user passwords and saved them in a project scoped path under `.cloud-sql` folder in your home directory.\n\n```shell\nbin/password\n```\n\n### Instance\n\nThe [bin/instance](bin/instance) script will:\n\n* Create a Cloud SQL instance\n* Set the default (root) user credentials\n* Configure MySQL database in the new Cloud SQL instance\n* Set up application database user and its credentials\n* Create and download client SSL certificates from the newly created instance\n\n\u003e Note, while the created Cloud SQL instance will be exposed to the world (`0.0.0.0/0`), it allow only SSL connections. Also, the root and app user passwords created in first step. If you ever decide to remove the SSL connection requirements, you can reset the root password in the Cloud SQL UI.\n\n```shell\nbin/instance\n```\n\n### Schema\n\nThe [bin/schema](bin/schema) script applies database schema located in [sql/schema.ddl](sql/schema.ddl).\n\n\u003e The provided script checks for existence of all the objects before creating them so you can run it multiple times. it only creates one simple table right now so feel free to edit it before executing the schema script\n\n```shell\nbin/schema\n```\n\n### Test Connection\n\nAt this point you should be able to connect to the newly created database with this command:\n\n```shell\nbin/connect\n```\n\n### Certificates\n\nThe [bin/secret](bin/secret) script creates KMS keys, encrypts Cloud SQL certificates, and save them to a GCS bucket so that the Cloud Run service can securely obtain them while connecting to Cloud SQL DB\n\n```shell\nbin/secret\n```\n\n## Cloud Run\n\nOnce the Cloud SQL instance is configured, you can now deploy the Cloud Run service. First though, you will have to build the image and create a specific service account under which the new service will run.\n\n### Container Image\n\nFirst, build container image from the included source using the [bin/image](bin/image) script\n\n```shell\nbin/image\n```\n\n### Service Account\n\n\u003e This is specific right now to the managed version of Cloud Run, skip it if you are deploying to Cloud Run on GKE\n\nAfter that, create a service account and assign it the necessary roles using the [bin/user](bin/user) script\n\n```shell\nbin/user\n```\n\n### Managed Service Deployment\n\nOnce the container image and service account are ready, you can deploy the new service using either [bin/deploy-managed](bin/deploy-managed) or [bin/deploy-gke](bin/deploy-gke) scripts\n\n```shell\nbin/deploy-managed\n```\n\nor\n\n```shell\nbin/deploy-gke\n```\n\n### Testing Service on Cloud Run\n\nAt this point you should be able to access your deployed service.\n\n\u003e Note, there is currently no way tp predict the service URL, specifically the bit between the service name (`cloudsql-demo`) and the static Cloud Run domain (`uc.a.run.app`).\n\n\nNow, navigate in browser to the service URL which will return a JSON response.\n\n```json\n{\n    \"request_id\":  \"1224d739-cfa5-4500-9a8e-97df6a583aee\",\n    \"request_on\":  \"2019-08-19 21:14:58.565436028 +0000 UTC\",\n    \"info\":        \"Success - records saved: 1\"\n}\n```\n\nIf for some reason there were errors while inviting the service, the response will include the error details in the `info` field.\n\n### Testing Service Locally\n\nYou can run the sample service locally by executing the [bin/run-local](bin/run-local) script\n\n```shell\nbin/run-local\n```\n\nAnd navigating to http://localhost:8080/v1/test\n\n## Disclaimer\n\nThis is my personal project and it does not represent my employer. I take no responsibility for issues caused by this code. I do my best to ensure that everything works, but if something goes wrong, my apologies is all you will get.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmchmarny%2Fcloud-sql-for-cloud-run-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmchmarny%2Fcloud-sql-for-cloud-run-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmchmarny%2Fcloud-sql-for-cloud-run-example/lists"}