How to connect from GKE to Cloud SQL using Python and Private IP

Question

I want to connect to my MySQL database from my GKE pods using python using a private IP

I've done all the configurations, the connection is working inside a test pod through bash using

mysql -u root -p --host X.X.X.X --port 3306

But it doesn't work inside my Python app... maybe i'm missing something

Here is my current code

# initialize Connector object
connector = Connector(ip_type=IPTypes.PRIVATE)

# function to return the database connection object
def getconn():
    conn = connector.connect(
        INSTANCE_CONNECTION_NAME,
        "pymysql",
        user=DB_USER,
        password=DB_PASS,
        db=DB_NAME
    )
    return conn

# create connection pool with 'creator' argument to our connection object function
pool = sqlalchemy.create_engine(
    "mysql+pymysql://",
    creator=getconn,
)

I'm still getting these errors

aiohttp.client_exceptions.ClientResponseError: 403, message="Forbidden: Authenticated IAM principal does not seeem authorized to make API request. Verify 'Cloud SQL Admin API' is enabled within your GCP project and 'Cloud SQL Client' role has been granted to IAM principal.", url=URL('https://sqladmin.googleapis.com/sql/v1beta4/projects/manifest-altar-223913/instances/rapminerz-apps/connectSettings')

Answer 1

Check the below workaround:

1. Verify the Verify the Workload Identity

2. If not OK, please follow workload-identity troubleshooting to see what's wrong.

If the setup is OK, please just follow the error message "Verify 'Cloud SQL Admin API' is enabled within your GCP project and 'Cloud SQL Client' role has been granted to IAM principal."

1. You can search 'Cloud SQL Admin API' in the cloud console, make sure to Enable it.

2. For the Google Service Account, please grant the 'Cloud SQL Client' role to it.

Please go through the Cloud SQL Python Connector for more details.