Best Practices and Additional Resources
Post-Upgrade Checklist
- Database upgrade completed successfully to PostgreSQL 16
- SSL certificate properly configured and accessible
- SSL connections verified
- Application starts without SSL errors
- Database operations working correctly
- SSL connection verified in logs
- Performance testing completed
- Backup verification completed
- Monitoring and alerting updated
- Documentation updated with new configuration
- Team trained on new setup
Security Best Practices
- Never disable SSL verification: Avoid
NODE_TLS_REJECT_UNAUTHORIZED=0 - Use Cloud SQL Proxy when possible: Automatically handles encryption and authentication
- Secure certificate storage: Use Google Secret Manager for certificates
- Enable Cloud SQL audit logs: Monitor database access and changes
- Use IAM database authentication: When supported, use IAM instead of passwords
- Regular security audits: Monitor connection logs for SSL issues
- Network security: Use Private IP for Cloud SQL when possible
- Backup encryption: Ensure backups are encrypted
Performance Optimization
Cloud SQL Performance Settings
# Optimize Cloud SQL instance for PostgreSQL 16
gcloud sql instances patch your-instance-id \
--database-flags=shared_preload_libraries=pg_stat_statements \
--database-flags=log_statement=all \
--database-flags=log_min_duration_statement=1000
Monitoring and Alerting
# Set up monitoring for Cloud SQL
gcloud alpha monitoring policies create --policy-from-file=cloudsql-policy.yaml
Example monitoring policy (cloudsql-policy.yaml):
displayName: "Cloud SQL PostgreSQL Monitoring"
conditions:
- displayName: "High CPU Utilization"
conditionThreshold:
filter: 'resource.type="cloudsql_database" AND metric.type="cloudsql.googleapis.com/database/cpu/utilization"'
comparison: COMPARISON_GT
thresholdValue: 0.8
duration: 300s
Additional Resources
- Google Cloud SQL PostgreSQL Documentation
- Cloud SQL SSL/TLS Documentation
- Google Cloud SQL Proxy Documentation
- ToolJet Environment Variables Documentation
- GKE Workload Identity Documentation
- Cloud Run Security Documentation
note
Important Note: The SSL certificate configuration is critical for secure connections to Cloud SQL PostgreSQL 16. Consider using Cloud SQL Proxy for simplified and secure database connections without manual SSL certificate management.