This page describes how to connect to your Cloud SQL instance using the
Cloud SQL Proxy Operator. For more information about how the Cloud SQL Proxy Operator works, seeAbout the Cloud SQL Proxy Operator.
Overview
The Cloud SQL Proxy Operator configures applications deployed on Google Kubernetes Engine
(GKE) to connect to Cloud SQL database instances
using the Cloud SQL Auth Proxy. Using theCloud SQL Auth Proxyis the recommended
method for connecting to a Cloud SQL instance. To learn more about
the Cloud SQL Auth Proxy, seeAbout the Cloud SQL Auth Proxy.
Applications running inGKEcan connect using the Cloud SQL Auth Proxy.
Before you begin
Before you can connect to a Cloud SQL instance, do the following:
For a user or service account, make sure the account has the
Cloud SQL Client role. This role contains thecloudsql.instances.connectpermission,
which authorizes a principal to connect to all Cloud SQL instances
in a project.
You can optionally include anIAM conditionin the IAM policy binding that grants the account permission
to connect only to one specific Cloud SQL instance.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Connect using the Cloud SQL Proxy Operator\n\n\u003cbr /\u003e\n\n[MySQL](/sql/docs/mysql/connect-proxy-operator \"View this page for the MySQL database engine\") \\| PostgreSQL \\| [SQL Server](/sql/docs/sqlserver/connect-proxy-operator \"View this page for the SQL Server database engine\")\n\n\u003cbr /\u003e\n\nThis page describes how to connect to your Cloud SQL instance using the\nCloud SQL Proxy Operator. For more information about how the Cloud SQL Proxy Operator works, see\n[About the Cloud SQL Proxy Operator](/sql/docs/postgres/sql-proxy#proxy-operator).\n\nOverview\n--------\n\nThe Cloud SQL Proxy Operator configures applications deployed on Google Kubernetes Engine\n(GKE) to connect to Cloud SQL database instances\nusing the Cloud SQL Auth Proxy. Using the\n[Cloud SQL Auth Proxy](/sql/docs/postgres/sql-proxy) is the recommended\nmethod for connecting to a Cloud SQL instance. To learn more about\nthe Cloud SQL Auth Proxy, see [About the Cloud SQL Auth Proxy](/sql/docs/postgres/sql-proxy).\n\nApplications running in [GKE](/sql/docs/postgres/connect-kubernetes-engine#proxy) can connect using the Cloud SQL Auth Proxy.\n\nBefore you begin\n----------------\n\nBefore you can connect to a Cloud SQL instance, do the following:\n\n1. For a user or service account, make sure the account has the\n Cloud SQL Client role. This role contains the\n `cloudsql.instances.connect` permission,\n which authorizes a principal to connect to all Cloud SQL instances\n in a project.\n\n [Go to the IAM page](https://console.cloud.google.com/iam-admin/iam)\n\n You can optionally include an\n [IAM condition](/sql/docs/mysql/project-access-control#allow_users_to_connect_to_specific_instances)\n in the IAM policy binding that grants the account permission\n to connect only to one specific Cloud SQL instance.\n2.\n\n\n Enable the Cloud SQL Admin API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=sqladmin)\n3. Install and initialize the [gcloud CLI](/sdk/docs/install).\n\nInstall the Cloud SQL Proxy Operator\n------------------------------------\n\nUse the following steps to install the Cloud SQL Proxy Operator.\n\n1. Confirm that `kubectl` can connect to your GKE cluster. \n\n ```bash\n kubectl cluster-info\n ```\n For more information about connecting Google Kubernetes Engine to Cloud SQL, see [Connect from Google Kubernetes Engine](/sql/docs/postgres/connect-kubernetes-engine).\n2. Install `cert-manager` using helm. You will need to use the version and cli arguments specified here to use `cert-manager` on your GKE cluster. \n\n ```bash\n helm repo add jetstack https://charts.jetstack.io\n helm repo update\n helm install \\\n cert-manager jetstack/cert-manager \\\n --namespace cert-manager \\\n --version \"v1.9.1\" \\\n --create-namespace \\\n --set global.leaderElection.namespace=cert-manager \\\n --set installCRDs=true\n \n ```\n3. Install the Cloud SQL Proxy Operator to your kubernetes cluster: \n\n ```bash\n kubectl apply -f https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator/v1.6.1/cloud-sql-proxy-operator.yaml\n \n ```\n4. Wait for the Cloud SQL Proxy Operator to start. \n\n ```bash\n kubectl rollout status deployment -n cloud-sql-proxy-operator-system cloud-sql-proxy-operator-controller-manager --timeout=90s\n \n ```\n5. Confirm that the Cloud SQL Proxy Operator is installed and running: \n\n ```bash\n kubectl get pods -n cloud-sql-proxy-operator-system\n \n ```\n\nWhat's next\n-----------\n\n\u003cbr /\u003e\n\n- Learn more about the [Cloud SQL Auth Proxy](/sql/docs/postgres/sql-proxy).\n- Learn more about [Identity and Access Management (IAM)](/iam/docs/overview).\n- Learn more about [Service Accounts](/iam/docs/understanding-service-accounts).\n- Learn about the [two levels of access control](/sql/docs/postgres/instance-access-control) for Cloud SQL instances.\n- Create [users](/sql/docs/postgres/create-manage-users) and [databases](/sql/docs/postgres/create-manage-databases).\n- Learn about [connecting to your instance from your application](/sql/docs/postgres/instance-access-control#instanceaccess).\n- Learn about [the psql Client](https://www.postgresql.org/docs/current/static/app-psql.html).\n- Learn about [options for support](/sql/docs/support).\n\n\u003cbr /\u003e"]]
