lunar (1) cloud_sql_proxy.1.gz

Provided by: cloudsql-proxy_1.17.0-6_amd64 bug

NAME

       cloud_sql_proxy - connect securely to a 2nd generation cloud sql database

SYNOPSIS

       cloud_sql_proxy

DESCRIPTION

       The  Cloud SQL Proxy allows simple, secure connectivity to Google Cloud SQL. It is a long-
       running process that opens local sockets (either TCP or Unix  sockets)  according  to  the
       parameters passed to it. A local application connects to a Cloud SQL instance by using the
       corresponding socket.

   Authorization
       By default, the proxy will authenticate under the default service account of  the  Compute
       Engine  VM it is running on. Therefore, the VM must have at least the sqlservice.admin API
       scope ⟨https://www.googleapis.com/auth/sqlservice.admin⟩ and the associated  project  must
       have  the  SQL  Admin  API  enabled.   The default service account must also have at least
       WRITER/EDITOR privileges to any projects of target SQL instances.

       •   On Google Compute Engine, the default service account is used.  The Cloud SQL API must
           be enabled for the VM.

       •   When  the  gcloud  command-line  tool  is  installed  on the local machine, the active
           account is used for authentication. Run 'gcloud auth list' to see which  accounts  are
           installed  on  your  local machine and 'gcloud config list account' to view the active
           account.

       •   To configure the proxy using a service account, pass the -credential_file parameter or
           set  the  GOOGLE_APPLICATION_CREDENTIALS  environment  variable.   This  will override
           gcloud or GCE (Google Compute Engine) credentials, if they exist.

OPTIONS

   General
       -quiet Disable log messages (e.g. when new connections are  established).   WARNING:  this
              option disables ALL logging output (including connection errors), which will likely
              make debugging difficult. The -quiet flag takes precedence over the -verbose flag.

       -verbose
              When explicitly set to false, disable log messages that are not errors  nor  first-
              time startup messages (e.g. when new connections are established
               or closed without errors).

       -version
              Print the version of the proxy and exit

   Connection
       -credential_file
              If  provided,  this json file will be used to retrieve Service Account credentials.
              You may set the GOOGLE_APPLICATION_CREDENTIALS environment variable  for  the  same
              effect.

       -token When set, the proxy uses this Bearer token for authorization

       -max_connections
              If  provided,  the  maximum  number of connections to establish before refusing new
              connections. Defaults to 0 (no limit)

       -instances
              To connect to a specific list of instances, set the instances parameter to a comma-
              separated list of ully qualified instance connection strings (project:region:name).
              For example:
                     -instances=my-project:my-region:my-instance

              For connectivity over TCP, you must specify a tcp port  as  part  of  the  instance
              string.  For  example,  the  following  example opens a loopback TCP socket on port
              3306, which will be proxied to connect to the  instance  'my-instance'  in  project
              'my-project':
                     -instances=my-project:my-region:my-instance=tcp:3306

              When connecting over TCP, the -instances parameter is required.

              Supplying  INSTANCES  environment  variable  achieves the same effect.  One can use
              that to keep k8s manifest files constant across multiple environments. If the  name
              has  the  suffix '=tcp:port', a TCP server is opened on the specified port to proxy
              to that instance. Otherwise, one socket file per instance is opened  in  dir.   You
              may  use  INSTANCES  environment  variable for the same effect. Using both will use
              value from flag. Not compatible with -fuse

       -instances_metadata
              When running on GCE (Google Compute Engine) you can avoid the need to  specify  the
              list  of instances on the command line by using the Metadata server. This parameter
              specifies a path to a metadata value which is then  polled  for  a  comma-separated
              list  of  fully  qualified  instances  (project:region:name)  to  connect to in the
              exactly the same way as the -instances parameter. Updates  to  the  metadata  value
              will  be  observed  and  acted  on  by  the Proxy. For example, to use the instance
              metadata     value     named     cloud-sql-instances     you     would      provide
              instance/attributes/cloud-sql-instances.

       -check_region
              If  specified,  the  region  portion  of the connection string is required for Unix
              socket-based connections.

       -projects
              To direct the proxy to open connections for each Cloud SQL Instance in  the  comma-
              separated list of projects specified, set the projects parameter:
                     -projects=my-project

       -refresh_config_throttle
              If set, this flag specifies the amount of forced sleep between successive API calls
              in order to protect client API quota. Minimum allowed value is 1s

       -dir   When using Unix sockets (the default for systems which  support  them),  the  Proxy
              places  the  sockets  representing database instances in the directory specified by
              the -dir parameter.

       -fuse  If your local environment has FUSE installed, you can specify  the  -fuse  flag  to
              avoid  the  requirement  to  specify instances in advance. Mount a directory at dir
              using FUSE for accessing instances. Note that the directory at dir  must  be  empty
              before  this  program is started.  With FUSE, any attempts to open a Unix socket in
              the directory specified by -dir automatically creates that socket and  connects  to
              the corresponding instance.

       -fuse_tmp
              Used  as  a  temporary directory if -fuse is set. Note that files in this directory
              can be removed automatically by this program.

   Automatic instance discovery
       If the Google Cloud SQL is installed on the local machine and no instance connection flags
       are  specified,  the  proxy connects to all instances in the gcloud tool's active project.
       Run 'gcloud config list project' to display the active project.

FILES

       Credentials
              By default user account credentials are acquired by gcloud auth  login  and  stored
              locally  on  the  system.   gcloud  auth activate-service-account authorizes access
              using a service account. As with gcloud init and gcloud auth  login,  this  command
              saves  the service account credentials to the local system on successful completion
              and  sets  the  specified  account  as  the  active  account  in  your  Cloud   SDK
              configuration.    To  configure  the  proxy  using  a  service  account,  pass  the
              -credential_file parameter or set  the  GOOGLE_APPLICATION_CREDENTIALS  environment
              variable.  This will override gcloud or GCE (Google Compute Engine) credentials, if
              they exist.

       sockets directory
              When using Unix sockets (the default for systems which  support  them),  the  Proxy
              places  the sockets rep‐ resenting database instances in the directory specified by
              the -dir parameter. With FUSE one can also interact  with  the  proxy  using  thius
              directory to specify instances of cloud SQL databases to connect to on the fly.

       /dev/fuse
              Optional  functionality  can be enabled ( --fuse ) with access to /dev/fuse as well
              as the fusermount binary.

SEE ALSO

       fusermount(1), mount(8), mount.fuse(8), ulockmgr_server(1), mysql(1), postgres(1).

BUGS

       The       upstream       issue       reporting       system       is       at       github
       ⟨https://github.com/GoogleCloudPlatform/cloudsql-proxy/issues⟩

AUTHOR

       Manoj Srivastava <srivasta@google.com>