Skip to main content

Cloud SQL Proxy

Overview

The Cloud SQL Proxy feature enables users to create and manage Google Cloud SQL proxy connections within the Shakudo platform. This feature allows users to configure secure connections to Google Cloud SQL instances by setting up proxy configurations with optional authentication via service account credentials. The proxy acts as an intermediary that facilitates secure connections to Cloud SQL databases from within the Kubernetes cluster.

Access & Location

  • Route: ?panel=cloud-sql-proxy
  • Navigation: Shakudo Objects → Cloud SQL Proxies
  • Access Requirements:
    • View: All authenticated users can view their own Cloud SQL proxies
    • View All: dashboard-admin or dashboard-maintainer roles required to view all proxies across the organization
    • Create: All authenticated users can create Cloud SQL proxies
    • Deactivate: dashboard-admin role required (users can only deactivate their own proxies)
  • Feature Flags: None

Key Capabilities

Create Cloud SQL Proxy

Configure a new Cloud SQL proxy connection with customizable settings including:

  • Custom proxy name and description
  • One or more Cloud SQL instance connection strings
  • Optional custom container image URL (must support wget, Cloud SQL Proxy v2+ only)
  • Optional service account credentials file name
  • Optional secret reference for authentication (supports both workloads and development namespaces)

List and Search Proxies

View all configured Cloud SQL proxies with searchable and sortable table display showing:

  • Proxy ID, name, and description
  • Custom image URL (if specified)
  • Credentials file name (if specified)
  • Creator email
  • Copy-to-clipboard functionality for all key fields

Deactivate Proxy

Permanently remove a Cloud SQL proxy configuration. This action:

  • Requires admin privileges or ownership of the proxy
  • Shows confirmation dialog before deletion
  • Cannot be undone once confirmed

User Interface

Main View

The main panel displays a data grid table showing all Cloud SQL proxies the user has permission to view. The table includes:

  • Search/filter bar with real-time filtering across all proxy properties
  • Column visibility controls
  • Refresh button to reload data
  • Create button in the top-right corner
  • Rows are styled based on activation status

Dialogs & Modals

  1. Create Cloud SQL Proxy Dialog

    • Purpose: Full-screen form for creating new Cloud SQL proxy configurations
    • Tabs:
      • General: Basic proxy information and authentication settings
        • Name (required, alphanumeric with dashes/underscores/dots, max 128 chars)
        • Description (optional)
        • Image URL (optional, overrides default Cloud SQL proxy image)
        • File Name (optional, service account key file name for --credentials-file)
        • Secret (optional, select from existing Hyperplane secrets in workloads or development namespaces)
      • Instances: Cloud SQL instance connection strings
        • At least one instance required
        • Dynamic field array to add multiple instances
    • Live summary panel on the right showing all configured settings
    • Actions: Create Cloud SQL Proxy button (validates form before submission)

  2. Deactivate Cloud SQL Proxy Dialog

    • Purpose: Confirmation dialog for deleting a proxy
    • Fields: Shows proxy name in confirmation message
    • Actions: Deactivate (confirm) or Cancel

Tables & Data Grids

  1. Cloud SQL Proxies Table
    • Columns:
      • Actions (deactivate icon button)
      • ID (6-character short ID with copy button)
      • Name (truncated to 30 chars with copy button)
      • Image URL (copy button if specified)
      • File Name (copy button if specified)
      • Created By (creator's email)
      • Description (truncated to 64 chars)
    • Actions:
      • Row-level deactivate button (role-based access)
      • Copy to clipboard for ID, name, image URL, and file name
    • Filtering: Real-time search across ID, name, description, and user ID fields
    • Sorting: Default sort by name (ascending)

Technical Details

GraphQL Operations

Queries:

  • getHyperplaneCloudSqlProxies - Retrieves list of Cloud SQL proxies with optional filtering and pagination
    • Returns: id, name, instances, description, imageUrl, hyperplaneUserEmail, hyperplaneSecretId, fileName
    • Supports where clause filtering by user, name, description, etc.
    • Orders results by name (ascending)

Mutations:

  • createHyperplaneCloudSqlProxy - Creates a new Cloud SQL proxy configuration

    • Required inputs: name, instances (array)
    • Optional inputs: description, imageUrl, fileName, hyperplaneUserEmail, hyperplaneSecretName, hyperplaneSecretNamespace
    • Returns: id, name, instances, description, imageUrl, hyperplaneUserEmail, fileName

  • deleteHyperplaneCloudSqlProxy - Permanently deletes a Cloud SQL proxy

    • Required input: id
    • Returns: id, name of deleted proxy

Subscriptions:

  • None

Component Structure

  • Main Component: components/CloudSqlProxy/CloudSqlProxyPanel.tsx
  • Table View: components/CloudSqlProxy/CloudSqlProxyTables.tsx
  • Dialogs: components/CloudSqlProxy/Dialogs/
    • CloudSqlProxyCreateDialog.tsx - Full-screen creation form
    • CloudSqlProxyDeactivateDialog.tsx - Deletion confirmation
  • Hooks: hooks/useCloudSqlProxys.ts
  • GraphQL: graphql/cloudsqlproxy/

Common Workflows

Creating a Cloud SQL Proxy with Default Settings

  1. Navigate to Shakudo Objects → Cloud SQL Proxies
  2. Click "Create Cloud SQL Proxy" button
  3. Enter a unique name (alphanumeric with dashes/dots/underscores)
  4. Optionally add a description
  5. Switch to "Instances" tab
  6. Add one or more Cloud SQL instance connection strings
  7. Review the summary panel on the right
  8. Click "Create Cloud SQL Proxy"
  9. System validates name availability and creates the proxy
  10. Success notification appears and view returns to table

Creating a Cloud SQL Proxy with Custom Authentication

  1. Navigate to Shakudo Objects → Cloud SQL Proxies
  2. Click "Create Cloud SQL Proxy" button
  3. Enter proxy name and description
  4. Specify a custom Image URL (must support wget, Cloud SQL Proxy v2+)
  5. Enter the File Name of your service account key in the secret
  6. Select a Secret from the dropdown (choose namespace: Workloads or Development)
  7. Switch to "Instances" tab and add instance connection strings
  8. Review configuration in the summary panel
  9. Click "Create Cloud SQL Proxy"
  10. System creates proxy with custom authentication settings

Searching for Specific Proxies

  1. Navigate to Cloud SQL Proxies panel
  2. Use the filter input field at the top of the table
  3. Enter search term (searches across ID, name, description, user email)
  4. Table updates in real-time with matching results
  5. Click "X" to clear filter and show all proxies

Deactivating a Cloud SQL Proxy

  1. Locate the proxy in the table
  2. Click the deactivate icon (circle with X) in the leftmost column
  3. Confirmation dialog appears with proxy name
  4. Click "Deactivate" to confirm deletion
  5. Success notification appears and proxy is removed from table
  6. Note: Only admins or the proxy owner can perform this action
  • Secrets - Manage service account credentials referenced by Cloud SQL proxies
  • Service Accounts - Configure service accounts for authentication
  • Pipeline Jobs - Can utilize Cloud SQL proxies for database connections
  • Microservices - Can access databases through configured Cloud SQL proxies

Notes & Tips

  • Proxy Names: Must start and end with alphanumeric characters, can contain dashes, underscores, and dots in between, maximum 128 characters
  • Default Image: If no custom image URL is provided, the system uses the default Google Cloud SQL Proxy image
  • Custom Images: When using a custom image URL, ensure the image includes wget and supports Cloud SQL Proxy v2 or later
  • Service Account Files: The fileName field corresponds to the --credentials-file flag in Cloud SQL Proxy and should match a file within the selected secret
  • Public Instances: If connecting to a public Cloud SQL instance or using workload identity, the secret selection is optional
  • Namespace Selection: Secrets can be selected from either the "Workloads" (hyperplane-pipelines) or "Development" (hyperplane-jhub) namespace
  • Instance Format: Instance connection strings should follow the Google Cloud SQL connection format (project:region:instance)
  • Role-Based Access: Standard users can only see and delete their own proxies; admins and maintainers can view all proxies across the organization
  • Permanent Deletion: Deactivating a Cloud SQL proxy is permanent and cannot be undone
  • Name Validation: The system checks for name uniqueness before creating a new proxy
  • Real-time Filtering: The search filter applies OR logic across multiple fields for flexible searching
Last updated on by chyuen-devsentient