Skip to content
d-centralize handbook

gcloud

Great! You’ve followed the setup procedure for the Google Cloud SDK. You’re now ready to use the gcloud command-line tool to interact with Google Cloud Platform services. You might even want to use it to connect two different projects together. For example, the big overarching project has several subprojects, and you want to keep a central database. So you go to the big project and create a database, then you go to the subproject and connect to the database in the big project. Turns out, it’s not as simple. Here’s what you’ll need to actually make it work:

Service account

You’ll need a service account that is shared between the two different google cloud projects. This is a special type of account that is used by applications to access data in Google Cloud Platform services. Usually you’ll have a default service account that comes with, for example, google cloud run. That’s fine, we can use that.

IAM roles

You’ll need to give the service account the appropriate IAM roles. For example, if you want to connect to a Cloud SQL database, you’ll need to give the service account the Cloud SQL Client role. Note that for this to successfully work, you’ll need to give it the Cloud SQL Client role in both the big project and the subproject.

APIs

You might need some APIs enabled. For Cloud SQL, you’ll need the following:

  • Compute Engine API
  • Cloud SQL Admin API
  • Cloud Run API
  • Container Registry API
  • Cloud Build API
  • Service Networking API

Lucky you, Google has provided a page with documentation where they even have a button that enables them all at once. Note that these APIs need to be enabled for both the big project and the subproject.

Cloud SQL

Permissions

Of course, you already made a postgresql user for your project. Be sure to give it at least read (SELECT) permissions on the relevant tables of the database. Seems logical, but easy to forget.

Connecting Sequelize

Sequelize is a great ORM for Node.js. It’s easy to use and has a lot of features. It also has a lot of documentation, so I won’t go into too much detail here. To connect to a Cloud SQL instance from a Cloud Run instance, it’s important to have the --add-cloudsql-instances parameter set up in your Cloud Run deploy script. Once that’s set, you can hook up Sequelize to the Cloud SQL instance by passing the unix socket (something like /cloudsql/<project-id>:<region>:<instance-name>) as the host parameter as well as in dialectOptions.socketPath. Now you should be able to connect to the database from your Cloud Run instance via Sequelize.

Cloud Run

Cloud Run is great for running your docker containers in a serverless environment. It also has a built-in proxy to Cloud SQL, so you don’t have to do firewall stuff. Good to know: When deploying to cloud run from the command-line, you might run into issues with your service. If you already created a dummy service with the same name to link a custom domain, you might need to delete it entirely (the service, not the domain), then redeploy it from the command line (or CI/CD) for it to fully work. When deploying a new revision, make sure that your CI/CD script checks what revision tags are available. Duplicate tags are not accepted and will cause your deployment to fail.

Public access

Sometimes you want a service to be publicly accessible. That’s fine. Please refer to this page for more information.