This page describes how to connect to your Cloud SQL instance using the Cloud SQL Proxy Operator. For more information about how the Cloud SQL Proxy Operator works, see About the Cloud SQL Proxy Operator.
Overview
The Cloud SQL Proxy Operator configures applications deployed on Google Kubernetes Engine (GKE) to connect to Cloud SQL database instances using the Cloud SQL Auth Proxy. Using the Cloud SQL Auth Proxy is the recommended method for connecting to a Cloud SQL instance. To learn more about the Cloud SQL Auth Proxy, see About the Cloud SQL Auth Proxy.
Applications running in GKE can connect using the Cloud SQL Auth Proxy.
Before you begin
Before you can connect to a Cloud SQL instance, do the following:
- 
        For a user or service account, make sure the account has the Cloud SQL Client role. This role contains the cloudsql.instances.connectpermission, which authorizes a principal to connect to all Cloud SQL instances in a project.You can optionally include an IAM condition in the IAM policy binding that grants the account permission to connect only to one specific Cloud SQL instance. 
- 
  
  
    
      Enable the Cloud SQL Admin API. Roles required to enable APIs To enable APIs, you need the Service Usage Admin IAM role ( roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.
- Install and initialize the gcloud CLI.
Install the Cloud SQL Proxy Operator
Use the following steps to install the Cloud SQL Proxy Operator.
- Confirm that kubectlcan connect to your GKE cluster.kubectl cluster-info
- Install cert-managerusing helm. You will need to use the version and cli arguments specified here to usecert-manageron your GKE cluster.helm repo add jetstack https://charts.jetstack.io helm repo update helm install \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --version "v1.9.1" \ --create-namespace \ --set global.leaderElection.namespace=cert-manager \ --set installCRDs=true 
- Install the Cloud SQL Proxy Operator to your kubernetes cluster:
    kubectl apply -f https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator/v1.6.1/cloud-sql-proxy-operator.yaml 
- Wait for the Cloud SQL Proxy Operator to start.
    kubectl rollout status deployment -n cloud-sql-proxy-operator-system cloud-sql-proxy-operator-controller-manager --timeout=90s 
- Confirm that the Cloud SQL Proxy Operator is installed and running:
  kubectl get pods -n cloud-sql-proxy-operator-system 
What's next
- Learn more about the Cloud SQL Auth Proxy.
- Learn more about Identity and Access Management (IAM).
- Learn more about Service Accounts.
- Learn about the two levels of access control for Cloud SQL instances.
- Create users and databases.
- Learn about connecting to your instance from your application.
- Learn about options for support.