cloudsql
cloudsql is currently created manually, but it can make sense to create / upsert it on "setup"-time, similarly how we set up namespaces and service accounts for the kubernetes deployment.
this way, we can enforce standards and taggings and make the live for developers much easier.
catladder config already contains (most) information that is required: gcloud projectId and region (and instanceId if you want to customize).
An additional problem that we currently have is that cloudsql requires a service account on the proxy. We currently use a shared one for all instances. It would probably make sense to create one service account for once instance that has only access to this instance, similarly how we create one service account per namespace. The credentials will be added as variable to gitlab.
for that to work the developer invoking the setup requires the right credentials to create cloudsql instances and service accounts.
The google projectId where the database is created does not matter that much, at least not technically. Currently we have them under "skynet" and the cluster is under skynet-swiss. That works without problems. Still, we can also think about how we organize these cloud resources.
it might make sense to already start creating a gcloud project per customer or project and create the db there. Thats more future proof if we e.g. do the app deployment using gcloud or similarly, because then we want to have everything that belongs together in one projectid.