diff --git a/manifests/pipecd/templates/deployment.yaml b/manifests/pipecd/templates/deployment.yaml
index 98c01c0a2b..32606b416b 100644
--- a/manifests/pipecd/templates/deployment.yaml
+++ b/manifests/pipecd/templates/deployment.yaml
@@ -85,6 +85,24 @@ spec:
         app.kubernetes.io/component: server
     spec:
       containers:
+{{- if .Value.cloudSQLProxy.enabled }}
+        - name: cloud-sql-proxy
+          image: "gcr.io/cloudsql-docker/gce-proxy:{{ .Values.cloudSQLProxy.version }}"
+          command:
+            - "/cloud_sql_proxy"
+            - "-instances={{ .Values.cloudSQLProxy.args.instanceConnectionName }}=tcp:{{ .Values.cloudSQLProxy.args.port }}"
+            - "-credential_file={{ .Values.secret.mountPath }}/{{ .Values.secret.cloudSQLServiceAccount.fileName }}"
+          securityContext:
+            runAsNonRoot: true
+          volumeMounts:
+            - name: pipecd-secret
+              mountPath: {{ .Values.secret.mountPath }}
+              readOnly: true
+{{- if .Values.cloudSQLProxy.resources }}
+          resources:
+            {{- toYaml .Values.cloudSQLProxy.resources | nindent 12 }}
+{{- end }}
+{{- end }}
         - name: server
           image: "{{ .Values.server.image.repository }}:{{ .Chart.AppVersion }}"
           imagePullPolicy: IfNotPresent
@@ -210,6 +228,20 @@ spec:
         app.kubernetes.io/component: ops
     spec:
       containers:
+{{- if .Value.cloudSQLProxy.enabled }}
+        - name: cloud-sql-proxy
+          image: "gcr.io/cloudsql-docker/gce-proxy:{{ .Values.cloudSQLProxy.version }}"
+          command:
+            - "/cloud_sql_proxy"
+            - "-instances={{ .Values.cloudSQLProxy.args.instanceConnectionName }}=tcp:{{ .Values.cloudSQLProxy.args.port }}"
+            - "-credential_file={{ .Values.secret.mountPath }}/{{ .Values.secret.cloudSQLServiceAccount.fileName }}"
+          securityContext:
+            runAsNonRoot: true
+          volumeMounts:
+            - name: pipecd-secret
+              mountPath: {{ .Values.secret.mountPath }}
+              readOnly: true
+{{- end }}
         - name: ops
           image: "{{ .Values.ops.image.repository }}:{{ .Chart.AppVersion }}"
           imagePullPolicy: IfNotPresent
diff --git a/manifests/pipecd/values.yaml b/manifests/pipecd/values.yaml
index 26a6822ec5..029c3e6c99 100644
--- a/manifests/pipecd/values.yaml
+++ b/manifests/pipecd/values.yaml
@@ -45,6 +45,14 @@ ops:
     metrics: true
   resources: {}
 
+cloudSQLProxy:
+  enabled: false
+  version: 1.17
+  args:
+    instanceConnectionName: ""
+    port: 3306
+  resources: {}
+
 mysql:
   imageTag: "8.0.23"
   resources: {}