Creating Google CloudSQL instances by using a Carvel package (experimental)

This topic describes how to create, update, and delete CloudSQL service instances using a Carvel package. For a more detailed and low-level alternative procedure, see Creating Service Instances that are compatible with Tanzu Application Platform.

Prerequisite

Meet the prerequisites and keep the following information to hand:

• NAT-IP - the cluster’s egress NAT IP

The Package Repository and service instance Package Bundles for this guide can be found in the Reference Service Packages GitHub repository.

Create an CloudSQL service instance using a Carvel package

Follow the steps in the following procedures.

Add a reference package repository to the cluster

To add a reference package repository to the cluster:

1. Use the Tanzu CLI to add the new Service Reference packages repository:

   tanzu package repository add tap-reference-service-packages \
     --url ghcr.io/vmware-tanzu/tanzu-application-platform-reference-packages/tap-service-reference-package-repo:0.0.2 \
     -n tanzu-package-repo-global
   

2. Create a ServiceAccount that is used to provision PackageInstall resources by using the following example. The namespace of this ServiceAccount must match the namespace of the tanzu package install command in the next step.

   kubectl apply -f - <<'EOF'
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: cloudsql-install
     namespace: service-instances
   ---
   kind: Role
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
     name: cloudsql-install
     namespace: service-instances
   rules:
   - apiGroups: ["sql.cnrm.cloud.google.com"]
     resources: ["sqlinstances","sqldatabases","sqlusers"]
     verbs:     ["*"]
   - apiGroups: ["secretgen.carvel.dev", "secretgen.k14s.io"]
     resources: ["secrettemplates","passwords"]
     verbs:     ["*"]
   - apiGroups: [""]
     resources: ["serviceaccounts","configmaps"]
     verbs:     ["*"]
   - apiGroups: ["rbac.authorization.k8s.io"]
     resources: ["roles","rolebindings"]
     verbs:     ["*"]
   ---
   kind: RoleBinding
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
     name: cloudsql-install
     namespace: service-instances
   subjects:
   - kind: ServiceAccount
     name: cloudsql-install
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: Role
     name: cloudsql-install
   EOF
   

Create a CloudSQL service instance through the Tanzu CLI

1. Create a file holding the configuration of the CloudSQL service instance:

   cat <<'EOF' > demo-pg-instance-values.yml
   ---
   name: demo-pg-instance
   namespace: service-instances
   allowedNetworks:
   - name: service-instances-cluster-snat
     #! replace that with the cluster's egress IP, see NAT-IP in Prerequisite
     value: 34.65.178.24/32
   EOF
   

   Note

   : To understand which settings are available for this package you can run:

   tanzu package available get \
     --values-schema \
     psql.google.references.services.apps.tanzu.vmware.com/0.0.1-alpha
   

   This shows a list of all configuration options you can use in the demo-pg-instance-values.yml file.

   : By default the package will create a claimable Secret which is labeled with services.apps.tanzu.vmware.com/class: cloudsql-postgres. While you can overwrite that by setting the serviceInstanceLabels setting above, you don’t have to do that and it will still be aligned with the ClusterInstanceClass we will set up later.

2. Use the Tanzu CLI to install an instance of the reference service instance Package.

   tanzu package install demo-pg-instance \
      --package-name psql.google.references.services.apps.tanzu.vmware.com \
      --version 0.0.1-alpha \
      --namespace service-instances \
      --service-account-name cloudsql-install \
      --values-file demo-pg-instance-values.yml \
      --wait
   

You can install the psql.google.references.services.apps.tanzu.vmware.com package multiple times to produce multiple CloudSQL Service instances. For that you need to prepare a separate <INSTANCE-NAME>-values.yml and then install the package with a different name and the above mentioned separate data values file for each CloudSQL service instance.

Verify

1. Verify the creation status for the CloudSQL instance by inspecting the conditions in the Kubernetes API. To do so, run:

   kubectl get sqlinstance demo-pg-instance -n service-instances -o yaml
   

2. After some time has passed, sometimes up to 20 minutes, you are able to find the binding-compliant secret produced by PackageInstall. To do so, run:

   kubectl get secrettemplate demo-pg-instance -n service-instances -o jsonpath="{.status.secret.name}"
   

Delete a CloudSQL service instance

To delete the CloudSQL service instance run:

tanzu package installed delete demo-pg-instance -n service-instances

Summary

You have learned how to use Carvel’s Package and PackageInstall APIs to create a CloudSQL service instance. If you want to learn more about the pieces that comprise this service instance package, see Creating Google CloudSQL Instances manually using kubectl.

Now that you have this available in the cluster, you can learn how to make use of it by continuing where you left off in [Consuming Google Cloud SQL on Tanzu Application Platform (TAP) with Config Connector][create-class].