[英]How do I authorize my ephemeral Google Container Engine instances in Cloud SQL?
I am currently test-driving Google Container Engine (GKE) and Kubernetes as a possible replacement to AWS/ElasticBeanstalk deployment. 我目前正在试用Google Container Engine(GKE)和Kubernetes作为AWS / ElasticBeanstalk部署的可能替代品。 It was my understanding that just by the virtue of my dynamic servers being in the same project as the cloud sql instance, that they'd naturally be included in the firewall rules of that project. 我的理解是,由于我的动态服务器与云sql实例在同一个项目中,它们自然会被包含在该项目的防火墙规则中。 However, this appears not to be the case. 但是,情况似乎并非如此。 My app servers and SQL server are in the same availability zone, and I have both ipv4 and ipv6 enabled on the sql server. 我的应用服务器和SQL服务器位于同一可用区,我在sql server上启用了ipv4和ipv6。
I don't want to statically assign IP Addresses to cluster members that are themselves ephemeral, so I'm looking for guidance on how I can properly enable SQL access to my docker-based app hosted inside GKE? 我不想静态地将IP地址分配给本身就是短暂的集群成员,所以我正在寻找有关如何正确启用对访问GKE中托管的基于docker的应用程序的SQL访问的指导? As a stopgap, I've added the ephemeral IPs of the container cluster nodes and that has enabled me to use CloudSQL but I'd really like to have a more seamless way of handling this if my nodes somehow get a new ip address. 作为权宜之计,我已经添加了容器集群节点的临时IP,这使我能够使用CloudSQL,但如果我的节点以某种方式获得新的IP地址,我真的希望有一种更无缝的方式来处理它。
The current recommendations (SSL or HAProxy) are discussed in [1]. 目前的建议(SSL或HAProxy)在[1]中讨论。 We are working on a client proxy that will use service accounts to authenticate to Cloud SQL. 我们正在开发一个客户端代理,它将使用服务帐户对Cloud SQL进行身份验证。
[1] Is it possible to connect to Google Cloud SQL from a Google Managed VM? [1] 是否可以从Google托管虚拟机连接到Google Cloud SQL?
Sadly, this is currently the only way to do this. 可悲的是,这是目前唯一的方法。 A better option would be to write a controller that dynamically examined the managed instance group created by GKE and automatically updated the IP addresses in the Cloud SQL API. 更好的选择是编写一个控制器,动态检查由GKE创建的托管实例组,并自动更新Cloud SQL API中的IP地址。 But I agree the integration should be more seamless. 但我同意整合应该更加无缝。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.