3. Create a database to access from the web module

Introduction

This article is a continuation of 2 below.

1. Quickly run Java web module with Google Kubernetes Engine (GKE)
2. Create Docker image and register registry
3. Create a database to access from the Web module
4. Create Manifest and Run Web Module (https://qiita.com/Turtle-child-No2/items/23982059d188e44618df)

3-1. Creating a database

Step 3-1.1

Create a database to access from the web module. Click SQL in the side menu. When the details screen appears, click "Create Instance".

Step 3-1.2

Then click "PostgreSQL".

Step 3-1.3

On the details screen, enter "sample-app-ist" for the instance ID and "123456" for the default user password.

Step 3-1.4

Then click Show Configuration Options.

Step 3-1.5

Check the private IP.

Step 3-1.6

If the details screen is displayed, click "Enable API".

Step 3-1.7

Click "Create".

Step 3-1.8

After a while, the database instance was created.

Step 3-1.9

Then click the database instance and then click the database on the details screen. Then click "Create Database".

Step 3-1.10

Enter "sample-app-db" as the database name and click "Create".

Step 3-1.11

The database has been created.

Step 3-1.12

Immediately connect to the database instance. Enter "123456" when prompted for a password.

[userid]@cloudshell:~ ([project_id])$ sudo gcloud sql connect sample-app-ist --user=postgres
Whitelisting your IP for incoming connection for 5 minutes...done.
Connecting to database with SQL user [postgres].Password for user postgres:
psql (9.6.11, server 9.6.10)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 128, compression: off)
Type "help" for help.

Step 3-1.13

Since the database to be operated is postgres, switch to the sample-app-db created earlier. Enter "123456" when prompted for a password.

postgres=> \connect sample-app-db
Password for user postgres:
psql (9.6.11, server 9.6.10)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 128, compression: off)
You are now connected to database "sample-app-db" as user "postgres".

Step 3-1.14

Then create a proxyuser for later use and give it connection and permissions to the database. After switching to proxyuser (enter "123456" when prompted for password), create a t_sample table and insert one test data.

sample-app-db=> CREATE ROLE proxyuser WITH LOGIN PASSWORD '123456';
CREATE ROLE
sample-app-db=> GRANT CONNECT ON DATABASE "sample-app-db" TO proxyuser;
sample-app-db=> \connect - proxyuser
Password for user proxyuser:
psql (9.6.11, server 9.6.10)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 128, compression: off)
You are now connected to database "sample-app-db" as user "proxyuser".
sample-app-db=> CREATE TABLE t_sample (order_no BIGINT NOT NULL, cre_dt TIMESTAMP NOT NULL default CURRENT_TIMESTAMP, nickname VARCHAR(30), order_id VARCHAR(5000));
CREATE TABLE
sample-app-db=> INSERT INTO t_sample (order_no, cre_dt, nickname, order_id) VALUES (1, '1999-01-08 04:05:06', 'test', 'ABC');
INSERT 0 1

Step 3-1.15

Check the created table.

sample-app-db=> \dt
           List of relations
 Schema |   Name   | Type  |   Owner
--------+----------+-------+-----------
 public | t_sample | table | proxyuser
(1 row)

3-2. Settings required to connect to the database instance

Step 3-2.1

Make the necessary settings to connect GKE to the database instance. First, click Enable Cloud SQL Administration API (https://console.cloud.google.com/flows/enableapi?apiid=sqladmin&hl=ja&_ga=2.250044038.-1219564708.1545700047).

Step 3-2.2

Enter "Select a project to register the application" and click "Continue".

Step 3-2.3

The Cloud SQL Administration API is now enabled. Click Cancel to add credentials to the project.

Step 3-2.4

Then click IAM & Administration-> Service Accounts.

• A service account is a special Google account that belongs to an application or virtual machine (VM), not an individual end user. Applications can use a service account to call Google's service API without the need for user involvement.
• Be sure to enable the Cloud SQL Administration API first.

Step 3-2.5

Click Create Service Account.

Step 3-2.6

Enter "sample-app-db-client" as the service account name and click "Create".

Step 3-2.7

Enter Cloud SQL Client for the role and click Continue.

Step 3-2.8

Finally, click "Create Key".

Step 3-2.9

Make sure "JSON" is selected on the details screen and click "Create".

Step 3-2.10

The JSON file will be downloaded to your browser.

Step 3-2.11

Upload the downloaded JSON file to your browser.

Step 3-2.12

Check if the file has been uploaded.

[userid]@cloudshell:~ ([project_id])$ ls -Fal
-rw-r--r-- 1 [userid] xxxxxxx      2361 Mar 10 09:25 [project_id]-xxxxxxxxxxxx.json

Step 3-2.13

Create a secret by specifying the JSON you uploaded earlier.

• Please rewrite the [project_id] -xxxxxxxxxxxx part according to your environment.

[userid]@cloudshell:~ ([project_id])$ kubectl create secret generic cloudsql-instance-credentials --from-file=credentials.json=[project_id]-xxxxxxxxxxxx.json
secret "cloudsql-instance-credentials" created

Step 3-2.14

Create a secret by specifying the user and password that Cloud Sql Proxy will use to access the database.

[userid]@cloudshell:~ ([project_id])$ kubectl create secret generic cloudsql-db-credentials --from-literal=username=proxyuser --from-literal=password=123456
secret "cloudsql-db-credentials" created

that's all