I'm rolling out Hasura on GKE, and I need for it to connect to CloudSQL via IAM.
While most of the tutorials online describe the use of k8s secrets for usernames and passwords, I would like for Hasura to connect via IAM. That means no passwords.
What's the best way to craft the HASURA_GRAPHQL_DATABASE_URL to make that happen?
So in the end it was postgres' paramspec to the rescue. By crafting the connection string as follows for the HASURA_GRAPHQL_DATABASE_URL:
postgres://localhost:5432/[email protected]
I was able connect successfully, with workload-identity and a sidecar with cloudsql-proxy as @kurtisvg suggested