[google-cloud-sql-discuss] Re: CloudSQL Proxy error: oauth2: cannot fetch token: Post https://oauth2.googleapis.com/token: dial tcp: i/o timeout

Thanks for the heads up, Sean. I'll make sure that feedback gets back to the Cloud SQL doc team.

Would a pointer here have helped?

https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes#service_account

On Thursday, August 23, 2018 at 9:48:14 AM UTC-7, Sean Dowd wrote:

I ended up creating a new cluster that has sql in it's scope list (the other one did not).  Connections worked immediately (with the existing token).  If this is the answer, the documentation should probably point to this somewhere. I would have hoped that the cloudsql proxy would have a more descriptive error message.

I followed the list here (your link[5]):

• Enable the Cloud SQL API
  
• Install the proxy
  
• Create a service account
  
• Start the proxy
  
• Start the mysql session
  

but still could not connect.  Re-creating a cluster is really not a good solution (just re-creating the node pool did not work).  It also seems that the inability to update scope is a shortcoming in GCP/GKE.  Also note, link [6] following the kubernetes track, the documentation does not mention creating the cluster with the sql scope.

On Thursday, August 23, 2018 at 11:24:56 AM UTC-5, Sam (Google Cloud Support) wrote:

Have you tried refreshing the access token? Some OAuth 2.0 flows require using refresh tokens to acquire new access tokens as they have limited lifetimes to enhance security [1]. A refresh token will allow your application access Cloud SQL beyond the access token's lifetime [2].

Based on the error message, you can have a look at these documentations about troubleshooting Cloud SQL connection issues [3][4]. Then by means of ensuring proper configuration I would follow the guide in the fifth and sixth links [5][6]. The last link is an answer on StackOverflow that I found [7]. Hope this helps.

[1] https://cloud.google.com/storage/docs/json_api/v1/how-tos/authorizing#OAuth2Authorizing

[2] https://cloud.google.com/storage/docs/json_api/v1/how-tos/authorizing#OAuth2Authorizing

[3] https://cloud.google.com/sql/docs/mysql/diagnose-issues

[4] https://cloud.google.com/sql/faq#connections

[5] https://cloud.google.com/sql/docs/mysql/connect-admin-proxy

[6] https://cloud.google.com/sql/docs/mysql/sql-proxy

[7] https://stackoverflow.com/questions/5755819/lost-connection-to-mysql-server-at-reading-initial-communication-packet-syste

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/ac243802-0fad-4c09-9b65-f47385a6c3e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.