mirror of
https://github.com/ryboe/private-ip-cloud-sql-db.git
synced 2025-12-19 10:00:37 -05:00
24 lines
1.6 KiB
Smarty
24 lines
1.6 KiB
Smarty
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
# We write the key to /var because it's one of the few directories that A) is
|
|
# writeable, and B) persists between reboots. B is important because GCP will
|
|
# automatically reboot the server if it goes down. We don't want to lose the
|
|
# key after a reboot.
|
|
echo '${service_account_key}' >/var/svc_account_key.json
|
|
chmod 400 /var/svc_account_key.json
|
|
|
|
# TODO: delete this line and add the `--pull=always` flag to `docker run`
|
|
docker pull gcr.io/cloudsql-docker/gce-proxy:latest
|
|
|
|
# -p 127.0.0.1:5432:3306 -- cloud_sql_proxy exposes port 3306 on the container, even for Postgres.
|
|
# We map 3306 in the container to 5432 on the host. '127.0.0.1' means
|
|
# that you can only connect to host port 5432 over localhost.
|
|
# -v /var/svc_account_key.json:/key.json:ro -- The file provisioner will copy the service account key file to /key.json
|
|
# on the host. We will mount it read-only into the container at the
|
|
# same path.
|
|
# -ip_address_types=PRIVATE -- The proxy should only try to connect to the db's private IP.
|
|
# -instances=${db_instance_name}=tcp:0.0.0.0:3306 -- The instance name will be something like 'my-project:us-central1:my-db'.
|
|
# The proxy should accept incoming TCP connections on port 3306.
|
|
docker run --rm -p 127.0.0.1:5432:3306 -v /var/svc_account_key.json:/key.json:ro gcr.io/cloudsql-docker/gce-proxy:latest /cloud_sql_proxy -credential_file=/key.json -ip_address_types=PRIVATE -instances=${db_instance_name}=tcp:0.0.0.0:3306
|