通过GCE或GKE使用私有IP连接到Cloud SQL
[英]Connecting to Cloud SQL with Private IP from GCE or GKE
问题描述
I'm trying to connect to a Postgres database (CloudSQL) from a pod deployed in a GoogleCompute cluster, with a private IP, but I get only connection timeout errors. 
我正在尝试使用私有IP通过部署在GoogleCompute集群中的Pod连接到Postgres数据库(CloudSQL),但仅收到连接超时错误。
I setup the GCP cluster with the following: 我使用以下命令设置了GCP集群:
gcloud beta container clusters create "gcp-cluster" --zone "europe-west1-b" --no-enable-basic-auth --cluster-version "1.13.6-gke.13" --machine-type "n1-standard-1" --image-type "COS" --disk-type "pd-ssd" --disk-size "20" --metadata disable-legacy-endpoints=true --scopes "https://www.googleapis.com/auth/devstorage.read_only","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/monitoring","https://www.googleapis.com/auth/servicecontrol","https://www.googleapis.com/auth/service.management.readonly","https://www.googleapis.com/auth/trace.append","https://www.googleapis.com/auth/sqlservice.admin","https://www.googleapis.com/auth/sqlservice" --num-nodes "2" --enable-stackdriver-kubernetes --enable-ip-alias --network "projects/XXX/global/networks/default" --subnetwork "projects/XXX/regions/europe-west1/subnetworks/default" --default-max-pods-per-node "110" --enable-autoscaling --min-nodes "2" --max-nodes "20" --addons HorizontalPodAutoscaling,HttpLoadBalancing --enable-autoupgrade --enable-autorepair --maintenance-window "19:00"
Then I deployed a wildfly pointing to the postgres database IP address (DB created in the same zone/region), but I get only connection timeout. 然后,我部署了一个指向postgres数据库IP地址(在同一区域/区域中创建的数据库)的Wildfly,但是我只得到了连接超时。 After have enabled a public IP address with source 0.0.0.0/0, I can get a connection. 使用源0.0.0.0/0启用公共IP地址后,我可以建立连接。
Any idea to work with private IP address? 有使用私有IP地址的想法吗?
3 个解决方案
解决方案1
1 2019-08-28 18:04:29
Private IP means accessing Cloud SQL through a Virtual Private Cloud (VPC). 私有IP意味着通过虚拟私有云 (VPC)访问Cloud SQL。 You have to use a resource (in this case, GCE instance) that is also on that VPC to be able to reach it. 您必须使用该VPC上的资源(在本例中为GCE实例)才能访问该资源。 See the environment requirements page of the Private IP docs. 请参阅专用IP文档的环境要求页面。
Note for future readers: It's a really bad idea to whitelist 0.0.0.0/0 on a Public IP address. 敬请以后的读者注意:在公共IP地址上将0.0.0.0/0列入白名单是一个非常糟糕的主意。 This essentially allows the entire internet to attempt to connect to your instance, and should not be left enabled for any extended period of time. 这实质上允许整个Internet尝试连接到您的实例,并且不应在任何长时间内保持启用状态。
解决方案2
0 2019-08-29 06:40:57
Your gke cluster is in europe-west1-b. 您的gke集群位于europe-west1-b。 Assuming that you use the default network, you must enable Private Google Access for europe-west1 subnet. 假设您使用默认网络,则必须为europe-west1子网启用私有Google访问。 Click on the subnet to view details and edit it if required to set Private Google Access to " On ". 单击子网以查看详细信息,并根据需要对其进行编辑,以将“ 私有Google访问 ”设置为“ 开 ”。
解决方案3
0 已采纳 2019-08-29 12:06:57
几个小时后,我通过为VM实例启用CloudSql访问范围来建立连接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.