堆栈内存溢出
  简体   繁体   English

如何在Cloud SQL中授权我的短暂Google容器引擎实例?

[英]How do I authorize my ephemeral Google Container Engine instances in Cloud SQL?

 原文  2015-09-29 21:41:09       google-app-engine/ google-cloud-sql/ google-kubernetes-engine

问题描述

I am currently test-driving Google Container Engine (GKE) and Kubernetes as a possible replacement to AWS/ElasticBeanstalk deployment. 我目前正在试用Google Container Engine(GKE)和Kubernetes作为AWS / ElasticBeanstalk部署的可能替代品。 It was my understanding that just by the virtue of my dynamic servers being in the same project as the cloud sql instance, that they'd naturally be included in the firewall rules of that project. 我的理解是,由于我的动态服务器与云sql实例在同一个项目中,它们自然会被包含在该项目的防火墙规则中。 However, this appears not to be the case. 但是,情况似乎并非如此。 My app servers and SQL server are in the same availability zone, and I have both ipv4 and ipv6 enabled on the sql server. 我的应用服务器和SQL服务器位于同一可用区,我在sql server上启用了ipv4和ipv6。

I don't want to statically assign IP Addresses to cluster members that are themselves ephemeral, so I'm looking for guidance on how I can properly enable SQL access to my docker-based app hosted inside GKE? 我不想静态地将IP地址分配给本身就是短暂的集群成员,所以我正在寻找有关如何正确启用对访问GKE中托管的基于docker的应用程序的SQL访问的指导? As a stopgap, I've added the ephemeral IPs of the container cluster nodes and that has enabled me to use CloudSQL but I'd really like to have a more seamless way of handling this if my nodes somehow get a new ip address. 作为权宜之计,我已经添加了容器集群节点的临时IP,这使我能够使用CloudSQL,但如果我的节点以某种方式获得新的IP地址,我真的希望有一种更无缝的方式来处理它。

2 个解决方案

解决方案1
 3  2015-09-30 17:19:40

The current recommendations (SSL or HAProxy) are discussed in [1]. 目前的建议(SSL或HAProxy)在[1]中讨论。 We are working on a client proxy that will use service accounts to authenticate to Cloud SQL. 我们正在开发一个客户端代理,它将使用服务帐户对Cloud SQL进行身份验证。

[1] Is it possible to connect to Google Cloud SQL from a Google Managed VM? [1] 是否可以从Google托管虚拟机连接到Google Cloud SQL?

解决方案2
 1  2015-09-30 16:51:52

Sadly, this is currently the only way to do this. 可悲的是,这是目前唯一的方法。 A better option would be to write a controller that dynamically examined the managed instance group created by GKE and automatically updated the IP addresses in the Cloud SQL API. 更好的选择是编写一个控制器,动态检查由GKE创建的托管实例组,并自动更新Cloud SQL API中的IP地址。 But I agree the integration should be more seamless. 但我同意整合应该更加无缝。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Cloud SQL(PostgreSQL)中授权Google App Engine? - How to authorize Google App Engine in Cloud SQL (PostgreSQL)? 如何设置Google Cloud Platform App Engine实例的运行状况通知? - How do I setup health notifications for Google Cloud Platform App Engine Instances? 如何通过Google App Engine中的应用程序将文件写入Google Cloud Storage? - How do I write a file through my app in the Google App Engine to the Google Cloud Storage? 无法授权我的Google应用访问我的Cloud SQL实例 - Cannot authorize my google app to access my Cloud SQL instance 如何在Google App Engine中为Cloud SQL实例设置root密码? [“Instance busy”错误消息] - How do I set a root password for a Cloud SQL instance in Google App Engine? [“Instance busy” error message] 如何将旧的 Django Google App Engine 应用程序升级到第二代云 SQL 实例? - How do I upgrade an old Django Google App Engine application to a Second Generation Cloud SQL Instance? 如何从Google Compute Engine实例池连接到同一项目中的Cloud SQL DB? - How to connect from a pool of Google Compute Engine instances to Cloud SQL DB in the same project? 如何使这个 Flask 应用程序适用于 Google Cloud Engine? - How do I make this flask app suitable for Google Cloud Engine? 如何在 SSL 上将 Google App Engine API (ASP.NET Core 3.1) 连接到 Google Cloud SQL (Postgres)? - How do I connect a Google App Engine API (ASP.NET Core 3.1) to Google Cloud SQL (Postgres) on SSL? 如何防止 Google Cloud Engine 运行多个并发实例? - How to prevent Google Cloud Engine to run multiple concurrent instances?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM