As a relational database, we create a Google Cloud SQL instance with MySQL 5.7. Use the following commands to create the database instance:
MYSQL_INSTANCE_NAME=gitpod-mysql
gcloud sql instances create "${MYSQL_INSTANCE_NAME}" \
--database-version=MYSQL_5_7 \
--storage-size=20 \
--storage-auto-increase \
--tier=db-n1-standard-2 \
--region="${REGION}" \
--replica-type=FAILOVER \
--enable-bin-log
gcloud sql instances patch "${MYSQL_INSTANCE_NAME}" --database-flags \
explicit_defaults_for_timestamp=off
After that, we create the database named gitpod
as well as a dedicated Gitpod database user with a random password.
gcloud sql databases create gitpod --instance="${MYSQL_INSTANCE_NAME}"
MYSQL_GITPOD_USERNAME=gitpod
MYSQL_GITPOD_PASSWORD=$(openssl rand -base64 20)
gcloud sql users create "${MYSQL_GITPOD_USERNAME}" \
--instance="${MYSQL_INSTANCE_NAME}" \
--password="${MYSQL_GITPOD_PASSWORD}"
Finally, you need to create a service account that has the roles/cloudsql.client
role:
MYSQL_SA=gitpod-mysql
MYSQL_SA_EMAIL="${MYSQL_SA}"@"${PROJECT_NAME}".iam.gserviceaccount.com
gcloud iam service-accounts create "${MYSQL_SA}" --display-name "${MYSQL_SA}"
gcloud projects add-iam-policy-binding "${PROJECT_NAME}" \
--member serviceAccount:"${MYSQL_SA_EMAIL}" --role="roles/cloudsql.client"
Save the service account key to the file ./mysql-credentials.json
:
gcloud iam service-accounts keys create --iam-account "${MYSQL_SA_EMAIL}" \
./mysql-credentials.json