Solution Architecture: NextJS Application (3 frontend pods) authenticating through Cloud SQL using Workload Identity

Prerequisites:

• Installed Pulumi
• Configured your Google Credentials

Ok, we will be building a solution using the below concepts:

• [ ] Declarative resource definition (IaC)
• [ ] Storage provisioning for a GKE cluster
• [ ] Workload Identity (to manage communication between a workload running within GKE and a Cloud SQL Instance)
• [ ] Google Secret Manager (to manage sql connections secrets)

STOP THIS MADNES AND SHOW ME CODE

Pulumi

There are a couple of good tools that enable us to write code in a declarative way to handle Cloud Resources Provisioning. And for declarative way I mean,

<aside> 💡 We write the desired state for our infrastructure resources. Then a tool build using dark magic make our wishes come true.

</aside>

We could find Terraform by Hashicorp, Deployment Manager by Google, just to name a few. What makes Pulumi so special is that allows us to write code in a variety of languages suck Javascript, Go, etc. So get the joy of coding in our favorite sauce.

And what we are looking for is a predictable way to create and manage cloud resources. Abstracting away cloud specific-provider details and keep our focus on working with APIs.