Thursday, February 9, 2017

Re: [google-cloud-sql-discuss] Can only get proxy service account to work when given Project Owner permissions

"Cloud SQL Client" should be sufficient.
Please post the error you are seeing from the Proxy, otherwise it's hard to say what's going on.

On Thu, Feb 9, 2017 at 5:56 AM Andrew Baker <andrew.tork.baker@gmail.com> wrote:
Hi there,

I was following these instructions (https://cloud.google.com/sql/docs/container-engine-connect) which largely worked, but my MySQL connections kept getting 403'd inside my GKE containers.

So I tried connecting locally using these instructions (https://cloud.google.com/sql/docs/mysql-connect-proxy) and that didn't work either. In the end, the only thing that did work is creating a service account with "Project Owner" permissions. Now I can connect locally and in my Kubernetes cluster.

I tried making service accounts with Cloud SQL Client, Editor, and Admin - none of them were good enough to allow connections from my GKE containers.

I booted both my Cloud SQL instance and my cluster tonight, if that's relevant.

Any ideas? I can keep hacking on my app with the current setup, but I'd prefer not to grant that proxy container such broad permissions.

Thanks.

-Andrew

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/50f0720a-7788-4183-aa17-7ced364844ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CABDU3p2vceqYC%2BhY05ZxfTZiFOThvPcJr2pSnxpH1LbDPW7NzA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)