How to access cloud sql using internal IP address (RFC 1918 space) from a compute engine?

Question

My understanding is Google Cloud SQL (MySQL/ Postgres) instance uses Compute Engine behind the scene. Two compute engine in the same single VPC can communicate via internal IP address. On the similar line if a compute engine provisioned in Zone1 and if Cloud SQL instance is provisioned in the same Zone1 then doesn't this mean Compute Engine and Cloud SQL are in the same VPC (because no new VPC is created when a Cloud SQL is provisioned) and why external compute engine cannot access cloud sql via internal IP? What I see from the documentation is Cloud SQL is always accessed via external IP address. Is there any egress cost when using static IP address?

Thanks Mahesh

Answer 1

In reality, both Compute Engine and Cloud SQL are on different subnets. Cloud SQL will get the IP from the "Private Service connection" allocated IP range and GCE will get private IP from the VPC subnet. To connect, you need to make a connection between both the subnets.

To connect Cloud SQL from Compute Engine - You need to create a "Private Service connection" in your VPC settings. i.e, Allocate IP Range RFC 1918 (Google-managed IP or yourself) for SQL + Create a "connection" between your GCE subnet and the allocated IP range.

See more info: https://cloud.google.com/sql/docs/postgres/configure-private-services-access#allocating_an_ip_address_range.

Answer 2

The Cloud SQL and the GCE instances that you create in your projects are not in the same VPC network because Cloud SQL is a managed serviced, so the Cloud SQL instances lives in a different project.

There is this [beta feature] (https://cloud.google.com/sql/docs/postgres/private-ip) that allow you to connect to Cloud SQL instance via private IP but you have to use private services access. Private services access is implemented as a VPC peering connection between your VPC network and Google services VPC network where your Cloud SQL instance resides. IP traffic using private services access is never exposed to the public Internet. This [document] (https://cloud.google.com/sql/docs/postgres/private-ip) provides detailed information about using private IP to connect to your Cloud SQL instances.

Before configuring a Cloud SQL instance to use private IP, you need some steps to be taken.This documentprovides step by step instructions for configuring an instance to use private IP.

As per the egress charges, as described in here there’s no charge when egress is to the same zone or to different Google Cloud Platform service within the same region, in this case Cloud SQL.