This repository compares latencies between connection via proxy and connection via private IP.
- Proxy
- Min: At least 10ms
- Avg: 20ms
- Max: Around 40ms in this time span, but there can be peaks more than that with several reasons (ex. the credential of Cloud SQL is expired etc)
- Private IP
- Min: At least 7ms
- Avg: 7ms
- Max: Around1 15ms in this time span, but there can be peaks more than that with several reasons (ex. a pod creation of the new SQL connection etc)
- Create a GCP project: see Creating and Managing Projects
- You can create a GCP project on browser or
gcloud projects create [Your Project ID]
if you already havegcloud
on your machine.
- You can create a GCP project on browser or
- Billing is enabled for the project
- Install
gcloud
: see Cloud SDK Quickstarts - Install
kubectl
: see Install and Set Up kubectl
gcloud components update
gcloud components install beta
gcloud auth application-default login
gcloud config set project [Your Project ID]
./enable_services.sh
cd flask-api
docker build -t gcr.io/[Your Project ID]/flask-api:latest .
gcloud auth configure-docker
docker push gcr.io/[Your Project ID]/flask-api:latest
cd terraform
to move the directory- Install tfenv
- Run
tfenv install
to download terraform with version specified in.terraform-version
file terraform init
terraform apply
and enter[Your Project ID]
orterraform apply -var-file=your.tfvars
something like this:
project = "[Your Project ID]"
gcloud container clusters get-credentials my-gke-cluster
This step creates a service account to connect with Cloud SQL using proxy. If you want to use only Private IP connection, you can skip this step.
- SA NAME: Service Account Name
- ex) proxy-db
- SA DISPLAY NAME: Service Display Name
- ex) proxy-db
gcloud beta iam service-accounts create [SA NAME] \
--display-name "[SA DISPLAY NAME]" \
--project [Your Project ID]
gcloud projects add-iam-policy-binding [Your Project ID] \
--member serviceAccount:[SA NAME]@[Your Project ID].iam.gserviceaccount.com \
--role roles/cloudsql.admin
gcloud iam service-accounts keys create ./k8s/credentials.json \
--iam-account [SA NAME]@[YOur Project ID].iam.gserviceaccount.com
Create a secret from credential file (json)
cd k8s
kubectl create secret generic cloudsql-instance-credentials --from-file=./credentials.json
Before deployment, replace the below values in k8s_proxy.yaml
:
- [Your Project ID]: Your Project ID
- [INSTANCE_CONNECTION_NAME]: Your can check it on browser like below:
kubectl apply -f k8s_proxy.yaml
Before deployment, replace the below values in k8s_private_ip.yaml
:
- [Your Project ID]: Your Project ID
- [DB_PRIVATE_IP]: Private IP address of your Cloud SQL Instance
- [ROOT_USER_PASSWORD]: Password for database root user
- you can see it after you run
terraform apply
with something like this:
- you can see it after you run
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
sql_password_root = [root user password]
kubectl apply -f k8s_private_ip.yaml
Access to Stackdriver Trace and now you can see latency!
You may have to delete all the pods before applying new pods because of insufficient resources for the new pods. In that case, run the following command to delete all the pods before applying the new ones:
kubectl delete deployment test
Simply your can delete the GCP project
gcloud projects delete [Your Projecdt ID]
To delete all the resources created by terraform you can run:
cd terraform
terraform destroy # and type [Your Project ID]
It should work but this will be failed because google_service_networking_connection.private_vpc_connection
cannot be destroyed with the error Error: project: required field is not set
for some reasons.