This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

VM cannot connect to Cloud SQL

Posted on 11-22-2024 07:37 AM
MHFound
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'm trying to clean up my production infrastructure a bit but i am having possibly the worst time. Services i'm using:

- Cloud SQL
- Compute engine VMs to run my apps containers.

There's some other stuff but doesn't matter for now. I am trying to run two services split across 4 vms (2 each). Currently I am running the services as follows:

Subnet 1:
VM 1: running service 1 & 2
VM 2: running service 1 & 2

What I want to do is:

Subnet 1
VM 1: running service 1
VM 2: running service 1Subnet 2
VM 1: Running service 2
VM 2: Running service 2

However when I try to run service 2 in my new VMs the DB connection keeps timing out. I've spent the last 5-6 hours trying to debug this and it's absolutely crucial to my small business.

What I've done so far:

- Ensure firewall has a rule to allow traffic to db port 5432. 

- Pooled connections are allowed in the app.

- Connection test in cloud sql is passing.

Can someone please advise. I don't know what to do and a lot is on the line rightnow.

0 3 169
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
FrancoGP
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Hi @MHFound ,

Welcome to Google Cloud Community!

I assume you already checked, but its not in your list. Does the service account for the new vm have authority/access to Cloud SQL API?

If you are using a custom service account, check that it has the proper permissions for it, if you are using the default CE service account set the access for Cloud SQL or all API's (not recommended) in the Security and access part of the edit module of you VM

FrancoGP_0-1732482169597.png

 

 

Posted on --/--/---- --:-- AM
MHFound
Bronze 1
Bronze 1
In response to FrancoGP
Reply posted on --/--/---- --:-- AM

Thanks for the reply! Yes the service account I am using does have access to all the APIs. 

0 Likes

Posted on --/--/---- --:-- AM
azzi
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM
I have a customer having the same problem as you are. This is what I
recommended to them

- In CloudSQL check the network, are you using private or public ip?
- If you are using public IP make sure your VM Public Outgoing address is
whitelisted
- If you are using private IP, the RFC 1918 addresses are automatically
whitelisted. But if your container or VM are using Privately used Public IP
you still need to whitelist it in the authorized network settings
- If you still can't connect this is where gets interesting. Go to VPC
Routes and check the routes of your VPC. You need to ensure that the
servicenetworking-googleapis route is correctly imported/exported
- In my customer's case, the servicenetworking-googleapis imported two
different routes. They needed to disable the import route in VPC Peering
and they all set.

Regards
Izza
0 Likes
Top Labels in this Space
Top Solution Authors
View all