Reputation: 535
Not able to connect using private IP via cloud sql proxy in Google Cloud Shell -
I try to ran https://github.com/terraform-google-modules/terraform-google-sql-db/tree/v4.5.0/examples/mysql-private
It creates sql instance with both privateIP and publicIP. Thats good. But when i try to connect to mysql it says this,
command from gcloud:
./cloud_sql_proxy -credential_file=mysql-service-account.json -instances=sample:example-mysql-private-fd7795e5=tcp:3306 -ip_address_types=PRIVATE &
mysql -u default -p -h 127.0.0.1 --port=3306 default
Issue - why does it connects to port 3307? how to resolve this.
couldn't connect to "sample:example-mysql-private-fd7795e5": dial tcp 10.127.0.4:3307: connect: connection timed out.
Does the private VPC network has to have any changes for connecting this?
But without Private IP , it does connect and works because its going via PublicIP but why private IP still failed to connect?
Command that works:
./cloud_sql_proxy -credential_file=mysql-service-account.json -instances=sample:example-mysql-private-fd7795e5=tcp:3306 &
mysql -u default -p -h 127.0.0.1 --port=3306 default
This is my VPC config from main.tf:
# ------------------------------------------------------------------------------
# CREATE A RANDOM SUFFIX AND PREPARE RESOURCE NAMES
# ------------------------------------------------------------------------------
resource "random_id" "name" {
byte_length = 2
}
locals {
# If name_override is specified, use that - otherwise use the name_prefix with a random string
instance_name = var.name_override == null ? format("%s-%s", var.name_prefix, random_id.name.hex) : var.name_override
private_network_name = "private-network-${random_id.name.hex}"
private_ip_name = "private-ip-${random_id.name.hex}"
}
# ------------------------------------------------------------------------------
# CREATE COMPUTE NETWORKS
# ------------------------------------------------------------------------------
# Simple network, auto-creates subnetworks
resource "google_compute_network" "private_network" {
provider = google-beta
name = local.private_network_name
}
# Reserve global internal address range for the peering
resource "google_compute_global_address" "private_ip_address" {
provider = google-beta
name = local.private_ip_name
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = google_compute_network.private_network.self_link
}
# Establish VPC network peering connection using the reserved address range
resource "google_service_networking_connection" "private_vpc_connection" {
provider = google-beta
network = google_compute_network.private_network.self_link
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
}
Please help.
Upvotes: 1
Views: 2407
Answers (1)
Reputation: 75715
Cloud Shell isn't in your VPC. So you can't access to your database through the private IP. You need to create a VM in your VPC (a Bastion VM) to use the private IP and to open a tunnel to this VM. I wrote an article on this
Upvotes: 2
Related Questions
- Error while connection cloudsql instance using Cloud SQL Auth proxy
- Can't connect to Google Cloud SQL from Google Compute Engine with Cloud SQL Proxy
- connect local environment to CloudSQL with private IP
- Unable to enable a private IP for my Postgres Cloud SQL instance
- How to connect from my pc to sql instance with private ip in google cloud platform
- Cannot Connect by Cloud SQL Proxy from Cloud Shell By Proxy
- Connecting to Google Cloud SQL instance on private IP from a VM with both private and public IPs fails
- Unable to connect to MySQL via Cloud SQL Proxy
- Google Cloud SQL proxy with Docker throws connection refused
- Unable to connect to cloud SQL from container using cloud_sql_proxy