Not able to connect using private IP via cloud sql proxy in Google Cloud Shell -
Question
I try to ran https://github.com/terraform-google-modules/terraform-google-sql-db/tree/v4.5.0/examples/mysql-private
It creates sql instance with both privateIP and publicIP. Thats good. But when i try to connect to mysql it says this,
command from gcloud:
./cloud_sql_proxy -credential_file=mysql-service-account.json -instances=sample:example-mysql-private-fd7795e5=tcp:3306 -ip_address_types=PRIVATE &
mysql -u default -p -h 127.0.0.1 --port=3306 default
Issue - why does it connects to port 3307? how to resolve this.
couldn't connect to "sample:example-mysql-private-fd7795e5": dial tcp 10.127.0.4:3307: connect: connection timed out.
Does the private VPC network has to have any changes for connecting this?
But without Private IP, it does connect and works because its going via PublicIP but why private IP still failed to connect?
Command that works:
./cloud_sql_proxy -credential_file=mysql-service-account.json -instances=sample:example-mysql-private-fd7795e5=tcp:3306 &
mysql -u default -p -h 127.0.0.1 --port=3306 default
This is my VPC config from main.tf:
# ------------------------------------------------------------------------------
# CREATE A RANDOM SUFFIX AND PREPARE RESOURCE NAMES
# ------------------------------------------------------------------------------
resource "random_id" "name" {
byte_length = 2
}
locals {
# If name_override is specified, use that - otherwise use the name_prefix with a random string
instance_name = var.name_override == null ? format("%s-%s", var.name_prefix, random_id.name.hex) : var.name_override
private_network_name = "private-network-${random_id.name.hex}"
private_ip_name = "private-ip-${random_id.name.hex}"
}
# ------------------------------------------------------------------------------
# CREATE COMPUTE NETWORKS
# ------------------------------------------------------------------------------
# Simple network, auto-creates subnetworks
resource "google_compute_network" "private_network" {
provider = google-beta
name = local.private_network_name
}
# Reserve global internal address range for the peering
resource "google_compute_global_address" "private_ip_address" {
provider = google-beta
name = local.private_ip_name
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = google_compute_network.private_network.self_link
}
# Establish VPC network peering connection using the reserved address range
resource "google_service_networking_connection" "private_vpc_connection" {
provider = google-beta
network = google_compute_network.private_network.self_link
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
}
Please help.
1 answers
solution1
0 2021-03-03 19:34:53
Cloud Shell isn't in your VPC. So you can't access to your database through the private IP. You need to create a VM in your VPC (a Bastion VM) to use the private IP and to open a tunnel to this VM. I wrote an article on this
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.