This module creates a MySQL GCP Cloud SQL database. It is made with the private service access, ensuring private communication.
Opta will provision your database with 7 days of automatic daily backups in the form of Cloud SQL Backups. You can find them either programmatically via the gcloud cli, or through the GCP web console inside your db description page.
When linked to a k8s-service, it adds connection credentials to your container’s environment variables as:
The permission list can optionally have one entry which should be a map for renaming the default environment variable names to a user-defined value:
links: - db: - db_user: DBUSER db_host: DBHOST db_name: DBNAME db_password: DBPASS
If present, this map must have renames for all 4 fields.
These values are passed securely into your environment by using a kubernetes secret created by opta within your k8s-service’s isolated k8s namespace. These secrets are then passed as environment variables directly into your container. Take note that since opta’s AWS/EKS clusters always have the disk encryption enabled, your secret never touches an unencrypted disk. Furthermore, because of k8’s RBAC, no other opta-managed k8s service can access this instance of the creds as a k8s secret without manual override of the RBAC, nor can any other entities/users unless given “read secret” permission on this namespace.
To those with the permissions, you can view it via the following command (MANIFEST_NAME is the
name field in your yaml):
kubectl get secrets -n MANIFEST_NAME secret -o yaml
||This is the RDS instance type used for the cloud sql instance instances.||
||Set to “true”, if you want to disable the database deletion in Opta. You would have to manually set this “false” to enable DB deletion.||
||The version of the database to use.||
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.