I am using Kubernetes to deploy a Rails application to Google Container Engine.

The database is using Google Cloud SQL.

I know the database's ip address and set it into my Kubernetes config file:

# web-controller.yml
apiVersion: v1
kind: ReplicationController
metadata:
  labels:
    name: web
  name: web-controller
spec:
  replicas: 2
  selector:
    name: web
  template:
    metadata:
      labels:
        name: web
    spec:
      containers:
      - name: web
        image: gcr.io/my-project-id/myapp:v1
        ports:
        - containerPort: 3000
          name: http-server
        env:
          - name: RAILS_ENV
            value: "production"
          - name: DATABASE_URL
            value: "mysql2://[my_username]:[my_password]@[database_ip]/myapp"

Then create:

$ kubectl create -f web-controller.yml

From the pod log I saw:

$ kubectl logs web-controller-038dl
Lost connection to MySQL server at 'reading initial communication packet', system error: 0
/usr/local/bundle/gems/mysql2-0.3.20/lib/mysql2/client.rb:70:in `connect'
/usr/local/bundle/gems/mysql2-0.3.20/lib/mysql2/client.rb:70:in `initialize'
...

I can see the LoadBalancer Ingress ip address from the Kubernetes UI page in web service section.

From the Google Developers Console -> Storage -> SQL, select the running db and click the link. From Access Controler -> Authorization -> Authorized Networks, add a new item and add that IP to there. But the result was the same.

You would need to create the SSL cert like Yu-Ju Hong said, then you would have to tell ruby to use the certificate when connecting something like

http://makandracards.com/makandra/1701-use-ssl-for-amazon-rds-mysql-and-your-rails-app

The bit about:

sslca: /path/to/mysql-ssl-ca-cert.pem

From Cannot access google cloud SQL from google container engine, it seems "using SSL connection with that 0.0.0.0/0 CIDR" is the recommended solution.