Tuesday, June 19, 2018

[google-cloud-sql-discuss] Re: How can a private GKE cluster communicate with a Cloud SQL instance within the project.

Dinesh,

Thanks for your response. I tried this and the connectivity from the NAT gateway to the MySQL instance works fine. However, the private GKE container is unable to connect to the mysql instance. To debug the pod config, I tried to see if a public cluster is able to communicate with the CloudSQL instance and it does not work either. So, my understanding is that the pod config is incorrect/incomplete. I am using this sample app https://github.com/GoogleCloudPlatform/kubernetes-engine-samples/blob/master/cloudsql/mysql_wordpress_deployment.yaml and removed the sidecar cloud sql proxy.


Following is my pod config:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: wordpress
  labels:
    app: wordpress
spec:
  template:
    metadata:
      labels:
        app: wordpress
    spec:
      containers:
        - name: web
          image: wordpress
          ports:
            - containerPort: 80
          env:
            - name: WORDPRESS_DB_HOST
              value: <ip_of_cloudsql_instance>:3306
            # These secrets are required to start the pod.
            # [START cloudsql_secrets]
            - name: WORDPRESS_DB_USER
              valueFrom:
                secretKeyRef:
                  name: cloudsql-db-credentials
                  key: username
            - name: WORDPRESS_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: cloudsql-db-credentials
                  key: password
            # [END cloudsql_secrets]
      # [START volumes]
      volumes:
        - name: cloudsql-instance-credentials
          secret:
            secretName: cloudsql-instance-credentials
# [END volumes]


On Tuesday, June 12, 2018 at 12:07:06 PM UTC-5, Dinesh (Google Platform Support) wrote:
You can configure external IP address of NAT gateway to the Cloud SQL authorized network list that essentially authorize gateway to communicate with Cloud SQL.  Authorized network setup requires external IP address of MySQL client to be configured in SQL instance Authorization tab. You can find more information about authorized network setup in this article[1].

  

On Monday, June 11, 2018 at 2:58:17 PM UTC-4, Shubhanan Bakre wrote:
Hi Kamran,
Thanks! I got this working. Is cloud proxy the only way? Would this work via authorized network setup?
- Shubhanan

On Thursday, June 7, 2018 at 6:18:55 PM UTC-5, Kamran (Google Cloud Support) wrote:
Hello Shubhanan,

As the Cloud Proxy requires to establish connections to external IP address of the Cloud SQL instance, if you wish to run Cloud Proxy on your GKE node(s), the nodes should be able to talk with the Cloud SQL instance's external IP address. Due to this requirement, you can setup NAT gateway(s) to achieve your design. 

For information on how to configure NAT gateway(s) for your GKE cluster please visit the following articles:




On Wednesday, June 6, 2018 at 12:09:26 PM UTC-4, Shubhanan Bakre wrote:
Hi,

I have tried the steps for connecting from a GKE cluster to CloudSQL that are given here: https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine
However, the same steps do not work for a private GKE cluster with master authorized networks (https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters)

Can someone shed some light on how can this be achieved?
Thanks!
Shubhanan

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/db10a402-0f40-4422-b44a-ef3dd866b546%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)