cloud-sql-proxy icon indicating copy to clipboard operation
cloud-sql-proxy copied to clipboard

Published 20 hours ago verified publisher icon GoogleCloudPlatform

Feature request: sidecar injection on kubernetes

Open evankanderson opened this issue 6 years ago • 6 comments

It would be great to be able to automatically inject the cloudsql proxy into pods using a mutating admission webhook, like istio does.

Using an admission controller like this would allow cluster operators to standardize the format and location of the cloudsql endpoint, and developers could simply use an annotation like cloudsql.googleapis.com/inject=true or cloudsql.googleapis.com/inject={config settings} to opt in to cloud sql without needing to manage and upgrade their sql proxy containers directly.

evankanderson avatar Nov 30 '18 18:11 evankanderson

By coincidence I had the same thought and created a small project to do just this. We have just started using it internally and it is kinda quick and dirty but works so far. Feel free to have a look: https://github.com/connctd/sqlbee

dereulenspiegel avatar Feb 07 '19 18:02 dereulenspiegel

Same for us and we built a small (quick and dirty) CLI in order to do this. Basically it takes in argument a deployment yaml file and output the same deployment with the cloudsql-proxy sidecar injected into it. We're using it in our CI/CD.

Anyway I prefer your approach @dereulenspiegel with the kubernetes admission controller, but we were urged by time (as always).

nboukeffa avatar Feb 12 '19 17:02 nboukeffa

@nboukeffa feel free to try our solution. Feedback and contributions are always welcome. We want to sqlbee be a project others can use and which (in the long term) should not only be specific to our environment.

dereulenspiegel avatar Feb 13 '19 08:02 dereulenspiegel

You might also want to take a look at this project: https://github.com/tumblr/k8s-sidecar-injector/. There you only have to put an annotation requesting a certain sidecar type on your pods and it will automatically inject everything that you defined in a configmap into the pod definition before deployment.

iwilltry42 avatar Feb 27 '19 10:02 iwilltry42

Thanks for the tipp. Although this could be used, sqlbee is still a little bit easier if you only want to inject could sql proxy sidecars. With sqlbee you can i.e. control the cloud sql instance connects with a single annotation, set different secrets for credentials with a single annotation. With the k8s-sidecar-injector I would need to create a config for every cloud sql instance. It works for sure, but is less specific to cloud sql and more to configure. Also, honestly, I didn't knew about k8s-sidecar-injector when I started sqlbee ;) So yeah, it might have saved some time, but now we are having pretty easy to use solution for our developers.

dereulenspiegel avatar Feb 27 '19 14:02 dereulenspiegel

FYI @hessjcg

enocom avatar Aug 29 '22 20:08 enocom

Hello all. In response to this feature request, we just released the public preview of the Cloud SQL Auth Proxy Operator. We're very interested in your feedback. Please try it out (not in production quite yet though) and let us know what you think.

Also, kindly file new issues and requests related to sidecar containers on the Cloud SQL Auth Proxy Operator project.

hessjcg avatar Dec 13 '22 20:12 hessjcg