Spring GCP service not connecting to Cloud SQL database

Question

I have a Spring GCP service which when run locally connects fine to my Google Cloud SQL instance.

However, when I deploy and launch on my Google Cloud Kubernetes cluster, it is failing to connect with Insufficient Permissions errors.

I followed the steps https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine , but still the same connection issue.

My source code is https://github.com/christianblake/spring-boot-gcp

deployment.yml is in the root dir.

Appreciate if somebody has any pointers as I'm obviously missing a point.

Thank you.

Answer 1

Assuming credentials.json is installed correctly, the service account defined in credentials.json needs to have the Cloud SQL Client role. There are several ways to do this is as documented here .

From the cli, you would do something like this:

gcloud projects add-iam-policy-binding $PROJECT_NAME \
--member serviceAccount:$GOOGLE_SERIVICE_ACCOUNT.iam.gserviceaccount.com --role roles/cloudsql.client

Answer 2

@Mangu, I found the following error in the error logs.

Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden

Which led to the following similar question Cloud SQL Proxy and Insufficient Permission

I re-created the cluster, including the sql scopes with the following.

gcloud container clusters create cloudcluster --num-nodes 2  --machine-type n1-standard-1 --zone us-central1-c --scopes https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/sqlservice.admin

And that resolved the issue.

Thank you both for the feedback, and apologies for missing the google error code in the original question.