Whitelist Google Cloud Build IPs to test database connection
Question
I'm looking to give Cloud Build access to a PostgreSQL database during the steps because it's part of an integration testing from the Python application I'm running. Any suggestions on how to handle this authorization without exposing the database to the world?
2 answers
solution1
1 2018-10-22 16:33:43
At this time, you would need to whitelist all of the GCE public IP address ranges -- which effectively exposes your database to the world. (So don't do that!)
However, at Google Next we announced and demoed a coming Alpha release that will enable you to run GCB workloads in a hybrid VPC world with access to protected (on-prem) resources. As part of that Alpha, you could whitelist internal-only addresses to achieve your goal securely.
You can watch for a public announcement in our release notes .
solution2
0 2020-05-24 13:33:19
Now you can use IAP (Identity-Aware Proxy) TCP forwarding feature.
I don't know if this is still helpful or not but I run into a similar situation a while ago and I was able fix it like this.
steps:
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
entrypoint: /bin/sh
args:
- '-c'
- |
gcloud compute start-iap-tunnel sql-vm 5555 \
--local-host-port=localhost:5555 \
--zone=us-west1-a & sleep 5 && python echo_client.py
I also wrote a blog post about this. Check it here hodo.dev
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.