I'm rolling out Hasura on GKE, and I need for it to connect to CloudSQL via IAM.
While most of the tutorials online describe the use of k8s secrets for usernames and passwords, I would like for Hasura to connect via IAM. That means no passwords.
What's the best way to craft the HASURA_GRAPHQL_DATABASE_URL
to make that happen?
So in the end it was postgres' paramspec
to the rescue. By crafting the connection string as follows for the HASURA_GRAPHQL_DATABASE_URL
:
postgres://localhost:5432/[email protected]
I was able connect successfully, with workload-identity
and a sidecar with cloudsql-proxy
as @kurtisvg suggested