diff --git a/terraform/basic_gke/main.tf b/terraform/basic_gke/main.tf
index cd6b3dc..0bb5b87 100644
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@@ -43,6 +43,13 @@ data "google_project" "project" {
   project_id = var.project
 }
 
+#################### Networking ###########################
+
+module "networking" {
+  source  = "../modules/networking"
+  project = var.project
+}
+
 #################### Workload Identity ####################
 
 resource "random_id" "identity_pool" {
@@ -241,3 +248,16 @@ output "gke_connect_command" {
   description = "Command to run to connect to the kubernetes cluster."
   value       = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --region ${var.region} --project ${var.project}"
 }
+
+#################### SQL ##################################
+
+module "cloudsql" {
+  source             = "../modules/cloudsql"
+  project            = var.project
+  region             = var.region
+  private_network_id = module.networking.private_network_id
+
+  depends_on = [
+    module.networking
+  ]
+}
diff --git a/terraform/modules/cloudsql/cloudsql.tf b/terraform/modules/cloudsql/cloudsql.tf
new file mode 100644
index 0000000..44b1d3f
--- /dev/null
+++ b/terraform/modules/cloudsql/cloudsql.tf
@@ -0,0 +1,45 @@
+variable "project" {
+  description = "Project ID."
+  type        = string
+}
+
+variable "region" {
+  description = "Region."
+  type        = string
+}
+
+variable "tier" {
+  description = "DB machine type."
+  type        = string
+  default     = "db-f1-micro"
+}
+
+variable "db_version" {
+  description = "Database version."
+  type        = string
+  default     = "POSTGRES_13"
+}
+
+variable "private_network_id" {
+  description = "Private network id."
+  type        = string
+}
+
+resource "google_sql_database_instance" "instance" {
+  project = var.project
+  region  = var.region
+  name    = "my-database-instance"
+
+  database_version = var.db_version
+
+  settings {
+    tier = var.tier
+
+    ip_configuration {
+      ipv4_enabled    = false
+      private_network = var.private_network_id
+    }
+  }
+
+  deletion_protection = "true"
+}
diff --git a/terraform/modules/networking/networking.tf b/terraform/modules/networking/networking.tf
new file mode 100644
index 0000000..4a7b757
--- /dev/null
+++ b/terraform/modules/networking/networking.tf
@@ -0,0 +1,39 @@
+variable "project" {
+  description = "Project ID."
+  type        = string
+}
+
+output "private_network_id" {
+  description = "Private network id."
+  value       = google_compute_network.private_network.id
+}
+
+resource "google_project_service" "servicenetworking" {
+  project                    = var.project
+  service                    = "servicenetworking.googleapis.com"
+  disable_dependent_services = true
+}
+
+resource "google_compute_network" "private_network" {
+  project                 = var.project
+  name                    = "private-network"
+  auto_create_subnetworks = false
+  depends_on = [
+    google_project_service.servicenetworking
+  ]
+}
+
+resource "google_compute_global_address" "private_ip_address" {
+  project       = google_compute_network.private_network.project
+  name          = "private-ip-address"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.private_network.id
+}
+
+resource "google_service_networking_connection" "private_vpc_connection" {
+  network                 = google_compute_network.private_network.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
+}