Cloud Run, is it possible to connect SSL/TLS database server

Question

I use planetscale serverless database server right now

and my main web server is built by Cloud Run

https://planetscale.com/docs/concepts/secure-connections

They are forcing ssl/tls unconditionally. Now, my cloud run uses https. I have also registered a domain. Can I still use the planet scale server?

They tell me to type mysql --ssl-mode=VERIFY_IDENTITY --ssl-ca=/etc/ssl/certs/ca-certificates.crt on Linux.

However, it is impossible to connect via ssh to cloud run. Are the two products incompatible? No workround?

I am very weak with this kind of network infrastructure, I am writing only code and I really need help.

Error: Error in connector: Error querying the database: Error querying the database: Error querying the database: Server error: `ERROR HY000 (1105): unknown error: Code: UNAVAILABLE
server does not allow insecure connections, client must use SSL/TLS

---EDIT

My backend language is Node JS and it does stuff like below

.ENV file

DATABASE_URL='mysql://xxxxxx:*****@aws-eu-west-1.connect.psdb.cloud/dbName?ssl={"rejectUnauthorized":true}'

PRISMA

datasource db {
  provider = "mysql"
  url = env("DATABASE_URL")
  referentialIntegrity = "prisma"
}


await prisma.post.findMany({
            take: 20,
            skip: 0,
            orderBy: { //...do query

And it works completely fine at localhost:8080 only after uploading to Cloud Run, it gets problem

Answer 1

On your .env file you need to modify the db url to append the following:

&sslcert=/etc/ssl/certs/ca-certificates.crt

so it will look like:

DATABASE_URL='mysql://xxxxxx:*****@aws-eu-west-1.connect.psdb.cloud/dbName?ssl={"rejectUnauthorized":true}&sslcert=/etc/ssl/certs/ca-certificates.crt'

But as you're running your code in Cloud Run, in order for this to work, when you build your Docker image, you need to make sure that the certificate is mounted to /etc/ssl/certs or whatever path you want to use.