Use phpMyAdmin with Cloud SQL on Cloud Run

This guide show how to install phpMyAdmin on Cloud Run. You can use phpMyAdmin to administer Cloud SQL over the web.

You will find this tutorial helpful if you:

  • Host applications on Cloud Run.
  • Use Cloud SQL as your database.
  • Want to use phpMyAdmin as an interface for MySQL or prefer a web interface for database administration.

Prerequisites

  1. In the Cloud de Confiance console, on the project selector page, select or create a Cloud de Confiance project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  2. Verify that billing is enabled for your Cloud de Confiance project.

  3. Install the gcloud CLI.

  4. Configure the gcloud CLI to use your federated identity.

    For more information, see Sign in to the gcloud CLI with your federated identity.

  5. To initialize the gcloud CLI, run the following command: 

    gcloud init

  6. Create a Cloud SQL Second Generation instance with a private IP.
  7. Create a database user.

Create a service using the phpMyAdmin image

Console

  1. In the Cloud de Confiance by S3NS console, go to Cloud Run:

    Go to Cloud Run

  2. Select Create service.

    1. In the Container image URL field, enter phpmyadmin. Cloud Run pulls the image from the public Docker Hub.
    2. In the Service name field, enter phpmyadmin.
    3. Check Require authentication.
    4. Click Container(s), volumes, networking, security to set the following options:
      1. In the Port field, enter 80 for the value of the container port.
      2. In Environment variables, add PMA_HOST and set the value to be the internal IP address of the Cloud SQL instance.

    5. In Networking, select Connect to a VPC for outbound traffic and Send traffic directly to a VPC. Choose the same network as the Cloud SQL instance.

Connect to the service using Cloud Run proxy

To securely access the IAM-protected service, use the Cloud Run developer proxy.

  1. To start the proxy on the previously created service, use the following command:

    gcloud run services proxy phpmyadmin --port=8080

    If gcloud CLI prompts you to install the cloud-run-proxy components, then enter Y.

  2. To test the setup, enter the URL and port number (for example, http://127.0.0.1:8080/), and then with the username (admin name) and password. Since you're using the local Cloud Run developer proxy to access the service securely, you might see an error message, which can be ignored: There is a mismatch between HTTPS indicated on the server and client.

Troubleshoot

To obtain information about Cloud Run errors, access the Cloud Run logs in the Cloud de Confiance console.