September 10 2022
Just continuing now with the instructions found on this article
I created a new environment variable in gitlab called GC_CLOUDSQL_INSTANCE_NAME and added this stage here:
add_db:
image: google/cloud-sdk:alpine
stage: add database connection
before_script:
- echo ${GC_CLOUDRUN_SVC_ACCOUNT_KEY} > ${HOME}/key.json
- gcloud auth activate-service-account --key-file ${HOME}/key.json
- gcloud config set project ${GC_PROJECT}
script:
- >
export GC_INSTANCE_CONNECTION_NAME=$(gcloud sql instances describe ${GC_CLOUDSQL_INSTANCE_NAME} | grep connectionName | sed 's/connectionName: //')
- >
gcloud run services update ${CI_PROJECT_NAME} --add-cloudsql-instances=${GC_INSTANCE_CONNECTION_NAME}
--service-account ${GC_CLOUDRUN_SVC_ACCOUNT_EMAIL} --region ${GC_REGION}
--allow-unauthenticated --platform managed
after_script:
- rm ${HOME}/key.json
Still debugging deploying this but one thing you gotta do is enable this API in order to set your GC project in your gitlab-ci file
I keep getting this error on Gitlab
Which means I (probably) either need to
- extend the role of the current Cloud Run service account to include Cloud SQL
- activate a separate service account and manage 2 of them
I like option 1 better. Less keys to manage is better. Plus it’ll make transitioning to that Workload Identity Federation thing easier later on
That worked
I just added Cloud SQL Client as a role
Next time I’ll make a connection in the code using the SDK
