README
¶
Connecting to AlloyDB from a Go web app
This repo contains the Go source code for a simple web app that can be deployed to App Engine Standard. It is a demonstration of how to connect to AlloyDB cluster.
Before you begin
-
Enable access to AlloyDB in your project by following these instructions
-
Create a VPC network and configure Private Services Access for AlloyDB
-
Create an AlloyDB cluster and its primary instance by following these instructions. Make note of the Cluster ID, Instance ID, IP Address and Password
-
Create a database for your application by following these instructions. Note the database name.
-
Create a user in your database by following these instructions. Note the username.
-
Create a service account and then grant that service acount the 'AlloyDB Client' permissions by following these instructions. Download the service account's JSON key to use to authenticate your connection.
-
Use the information noted in the previous steps:
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service/account/key.json
export DB_USER='<YOUR_DB_USER_NAME>'
export DB_PASS='<YOUR_DB_PASSWORD>'
export DB_NAME='<YOUR_DB_NAME>'
export INSTANCE_HOST='<IP Address of Cluster or 127.0.0.1 if using auth proxy>'
export DB_PORT=5432
Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.
Deploying to App Engine Standard
To run the sample on GAE-Standard, create an App Engine project by following the setup for these instructions.
First, update app.standard.yaml with the correct values to pass the environment
variables into the runtime. Your app.standard.yaml file should look like this:
runtime: go116
env_variables:
INSTANCE_HOST: 127.0.0.1
DB_PORT: 5432
DB_USER: <YOUR_DB_USER_NAME>
DB_PASS: <YOUR_DB_PASSWORD>
DB_NAME: <YOUR_DB_NAME>
Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Cloud Secret Manager to help keep secrets safe.
Next, the following command will deploy the application to your Google Cloud project:
gcloud app deploy cmd/app/app.standard.yaml
Deploy to Cloud Run
Before deploying the application, you will need to configure a Serverless VPC Connector to be able to connect to the VPC in which your AlloyDB cluster is running.
- Build the container image:
gcloud builds submit --tag gcr.io/[YOUR_PROJECT_ID]/run-alloydb
- Deploy the service to Cloud Run:
gcloud run deploy run-alloydb --image gcr.io/[YOUR_PROJECT_ID]/run-alloydb \
--platform managed \
--vpc-connector=[YOUR_VPC_CONNECTOR] \
--allow-unauthenticated \
--region <REGION> \
--update-env-vars INSTANCE_HOST='<INSTANCE_HOST>' \
--update-env-vars DB_PORT='<DB_PORT>' \
--update-env-vars DB_USER='<YOUR_DB_USER_NAME>' \
--update-env-vars DB_PASS='<YOUR_DB_PASSWORD>' \
--update-env-vars DB_NAME='<YOUR_DB_NAME>'
Take note of the URL output at the end of the deployment process.
Replace environment variables with the correct values for your AlloyDB configuration.
It is recommended to use the Secret Manager integration for Cloud Run instead of using environment variables for the SQL configuration. The service injects the AlloyDB credentials from Secret Manager at runtime via an environment variable.
Create secrets via the command line:
echo -n $DB_USER | \
gcloud secrets versions add DB_USER_SECRET --data-file=-
Deploy the service to Cloud Run specifying the env var name and secret name:
gcloud beta run deploy SERVICE --image gcr.io/[YOUR_PROJECT_ID]/run-alloydb \
--update-secrets INSTANCE_HOST=[INSTANCE_HOST_SECRET]:latest,\
DB_PORT=[DB_PORT_SECRET]:latest,\
DB_USER=[DB_USER_SECRET]:latest, \
DB_PASS=[DB_PASS_SECRET]:latest, \
DB_NAME=[DB_NAME_SECRET]:latest
- Navigate your browser to the URL noted in step 2.
For more details about using Cloud Run see http://cloud.run.
Documentation
Source Files
Directories