Manage databases

GDC Sandbox provides the Database Service to test and manage database clusters.

To create a database cluster, see Choose a database engine type and create a database cluster.

Connect to the Database

By default, a database cluster only allows connection from within the user cluster and the same project.

To enable connections to all database clusters in your project from another project, see Enable cross-project connections.

To connect to the database from IP addresses outside your GDC Sandbox organization, follow the instructions at Connect to DB to enable the external connections.

You can use sshuttle to connect to your database with a local database client like psql:

  1. Navigate to the Connectivity section of the Database Service page for the database cluster. This page includes:

    • The password of the administrator account (the username is dbsadmin)
    • Hostname and port number of the database cluster's primary endpoint
    • A psql command for connecting to the cluster (for PostgreSQL and AlloyDB Omni database clusters)
    • A link to download the certificate authority (CA) certificate of the database cluster

  2. Download the CA certificate from the GDC console in the Connectivity section of the Database Service page for your database cluster.

  3. Configure your client to use the CA certificate to verify the database. For psql clients, set the PGSSLROOTCERT env variable to the path of the certificate file and the PGSSLMODE env variable to your preference:

        export PGSSLROOTCERT=path/to/accounts_cert.pem
    export PGSSLMODE="verify-full"

  4. Initiate a secure tunnel. If you have a running instance of sshuttle as described in Connect to your instance, terminate that process.

        sshuttle -r zone1-org-1-data@GDC_SANDBOX_INSTANCE_NAME --no-latency-control \
    --ssh-cmd 'gcloud compute ssh --project PROJECT_NAME --zone ZONE --tunnel-through-iap' \
    10.200.0.0/16 --dns

    Replace the following with the values provided to you by the GDC Sandbox team:

    • GDC_SANDBOX_INSTANCE_NAME: the name of your GDC Sandbox instance.
    • PROJECT_NAME: the project containing your GDC Sandbox environment.
    • ZONE: the zone containing your GDC Sandbox environment.

  5. While the tunnel is active, run the command using psql in a different terminal

        PGPASSWORD=DB_PASSWORD psql -h DB_HOSTNAME -p PORT -U USERNAME -d postgres

    Replace the following variables:

    • path/to/: the path to the accounts_cert.pem certificate.
    • DB_PASSWORD: the password from the console UI.
    • DB_HOSTNAME: the database hostname from the console.
    • DB_PORT: the database port number from the console.
    • DB_USERNAME: the database username from the console.