diff --git a/components/BUILD.yaml b/components/BUILD.yaml
index 156502d63f0032..b050a8a981a47f 100644
--- a/components/BUILD.yaml
+++ b/components/BUILD.yaml
@@ -70,6 +70,7 @@ packages:
       - components/ws-manager:docker
       - components/ws-proxy:docker
       - components/ide-proxy:docker
+      - components/kots-config-check/database:docker
       - test:docker
       - dev/version-manifest:app
     config:
diff --git a/components/kots-config-check/database/BUILD.yaml b/components/kots-config-check/database/BUILD.yaml
new file mode 100644
index 00000000000000..685fd61f30f2fd
--- /dev/null
+++ b/components/kots-config-check/database/BUILD.yaml
@@ -0,0 +1,18 @@
+# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+# Licensed under the GNU Affero General Public License (AGPL).
+# See License-AGPL.txt in the project root for license information.
+
+packages:
+  - name: docker
+    type: docker
+    argdeps:
+      - imageRepoBase
+    srcs:
+      - entrypoint.sh
+    config:
+      dockerfile: leeway.Dockerfile
+      metadata:
+        helm-component: kots-config-check.database
+      image:
+        - ${imageRepoBase}/kots-config-check/database:${version}
+        - ${imageRepoBase}/kots-config-check/database:commit-${__git_commit}
diff --git a/components/kots-config-check/database/entrypoint.sh b/components/kots-config-check/database/entrypoint.sh
new file mode 100755
index 00000000000000..1b4fe87927365f
--- /dev/null
+++ b/components/kots-config-check/database/entrypoint.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+# Licensed under the GNU Affero General Public License (AGPL).
+# See License-AGPL.txt in the project root for license information.
+
+
+set -euo pipefail
+
+DB_IN_CLUSTER_ENABLED="${1:-""}"
+DB_CLOUDSQL_ENABLED="${2:-""}"
+DB_USERNAME="${3:-""}"
+DB_PASSWORD="${4:-""}"
+DB_HOST="${5:-""}"
+DB_PORT="${6:-""}"
+CSP_INSTANCES="${7:-""}"
+CSP_CREDENTIALS="${8:-""}"
+
+connection="false"
+version=""
+
+DB_TYPE="incluster"
+if [ "${DB_IN_CLUSTER_ENABLED}" == "0" ]; then
+  if [ "${DB_CLOUDSQL_ENABLED}" == "1"  ]; then
+    DB_TYPE="cloudsqlproxy"
+  else
+    DB_TYPE="external"
+  fi
+fi
+
+case "${DB_TYPE}" in
+  cloudsqlproxy | external)
+    if [ "${DB_TYPE}" = "cloudsqlproxy" ]; then
+      echo "Connecting to CloudSQLProxy"
+
+      CREDENTIALS_FILE="/tmp/credentials.json"
+      echo "${CSP_CREDENTIALS}" | base64 -d > "${CREDENTIALS_FILE}"
+
+      # Config overrides
+      DB_HOST="0.0.0.0"
+      DB_PORT="8080"
+
+      # This is a long-running process
+      cloud_sql_proxy \
+        --instances="${CSP_INSTANCES}=tcp:${DB_PORT}" \
+        -credential_file="${CREDENTIALS_FILE}" &
+
+      # Give it a chance to connect
+      sleep 5
+    else
+      echo "Using external database"
+    fi
+
+    # Check the database version
+    version_query=$(mysql \
+      --connect-timeout=5 \
+      --database=gitpod \
+      --user="${DB_USERNAME}" \
+      --password="${DB_PASSWORD}" \
+      --host="${DB_HOST}" \
+      --port="${DB_PORT}" \
+      --execute="SELECT VERSION();" \
+      --silent \
+      --raw \
+      --skip-column-names || echo "fail")
+
+    if [ "${version_query}" != "fail" ]; then
+      connection="true"
+      version="${version_query}"
+    fi
+    ;;
+  incluster)
+    echo "Using in-cluster database"
+    connection="true"
+    version="5.7"
+    ;;
+  *)
+    echo "Unknown database type: '${DB_TYPE}'"
+    exit 1
+    ;;
+esac
+
+if [ "${connection}" = "true" ]; then
+  echo "connection: ok"
+else
+  echo "connection: error"
+fi
+echo "version: ${version}"
diff --git a/components/kots-config-check/database/leeway.Dockerfile b/components/kots-config-check/database/leeway.Dockerfile
new file mode 100644
index 00000000000000..ad823edbc4c0ec
--- /dev/null
+++ b/components/kots-config-check/database/leeway.Dockerfile
@@ -0,0 +1,8 @@
+# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+# Licensed under the GNU Affero General Public License (AGPL).
+# See License-AGPL.txt in the project root for license information.
+
+FROM bitnami/mysql:5.7
+COPY --from=gcr.io/cloudsql-docker/gce-proxy /cloud_sql_proxy /usr/local/bin/cloud_sql_proxy
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/install/kots/manifests/kots-preflight.yaml b/install/kots/manifests/kots-preflight.yaml
index cd01e58f5f25d7..b5a135ca1c2dda 100644
--- a/install/kots/manifests/kots-preflight.yaml
+++ b/install/kots/manifests/kots-preflight.yaml
@@ -7,6 +7,19 @@ metadata:
   name: gitpod
 spec:
   collectors:
+    - run:
+        collectorName: database
+        image: eu.gcr.io/gitpod-core-dev/build/kots-config-check/database:sje-kots-config-check.9
+        name: database
+        args:
+          - '{{repl ConfigOption "db_incluster" }}' # DB_IN_CLUSTER_ENABLED
+          - '{{repl ConfigOption "db_cloudsql_enabled" }}' # DB_CLOUDSQL_ENABLED
+          - '{{repl ConfigOption "db_username" }}' # DB_USERNAME
+          - '{{repl ConfigOption "db_password" }}' # DB_PASSWORD
+          - '{{repl ConfigOption "db_host" }}' # DB_HOST
+          - '{{repl ConfigOption "db_port" }}' # DB_PORT
+          - '{{repl ConfigOption "db_cloudsql_instance" }}' # CloudSQL instances
+          - '{{repl ConfigOption "db_gcp_credentials" }}' # CloudSQL credentials file
     - run:
         collectorName: "kernel"
         image: alpine/semver
@@ -151,3 +164,23 @@ spec:
               message: No default storage class found
           - pass:
               message: Default storage class found
+    - textAnalyze:
+        checkName: Database connection is valid
+        fileName: database/database.log
+        regexGroups: 'connection: (?P<Connection>\w+)'
+        outcomes:
+          - pass:
+              when: "Connection == ok"
+              message: Database connection is valid
+          - fail:
+              message: Database connection is invalid. Please check your settings and that the database is accessible from your cluster
+    - textAnalyze:
+        checkName: Database version is valid
+        fileName: database/database.log
+        regexGroups: 'version: (?P<Version>\d(\.\d+)?)'
+        outcomes:
+          - pass:
+              when: "Version == 5.7"
+              message: Database version is valid
+          - warn:
+              message: Database version could not be verified. This should be MySQL 5.7
diff --git a/install/kots/manifests/kots-support-bundle.yaml b/install/kots/manifests/kots-support-bundle.yaml
index b18fbd00cca3ca..2771cf3c4d1c14 100644
--- a/install/kots/manifests/kots-support-bundle.yaml
+++ b/install/kots/manifests/kots-support-bundle.yaml
@@ -7,6 +7,19 @@ metadata:
   name: gitpod
 spec:
   collectors:
+    - run:
+        collectorName: database
+        image: eu.gcr.io/gitpod-core-dev/build/kots-config-check/database:sje-kots-config-check.9
+        name: database
+        args:
+          - '{{repl ConfigOption "db_incluster" }}' # DB_IN_CLUSTER_ENABLED
+          - '{{repl ConfigOption "db_cloudsql_enabled" }}' # DB_CLOUDSQL_ENABLED
+          - '{{repl ConfigOption "db_username" }}' # DB_USERNAME
+          - '{{repl ConfigOption "db_password" }}' # DB_PASSWORD
+          - '{{repl ConfigOption "db_host" }}' # DB_HOST
+          - '{{repl ConfigOption "db_port" }}' # DB_PORT
+          - '{{repl ConfigOption "db_cloudsql_instance" }}' # CloudSQL instances
+          - '{{repl ConfigOption "db_gcp_credentials" }}' # CloudSQL credentials file
     - clusterInfo: {}
     - clusterResources: {}
     - logs: