This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Use Private Cloud SQL IP with Cloud SQL - MySQL connector

Posted on 03-24-2023 09:38 AM
phertzog
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Hello,

I have a setup with a Cloud SQL MySql server that is connected to a shared VPC. The Sql server has no public IP. In the same project I have a serverless VPC access configured that connects to the same Shared VPC.

I created a Cloud SQL connector using a service account that has the Sql Editor role. The connector fails to initialize. The error message given is "The connection has been closed.".

When I enable a public IP on my Sql Instance (without any other modification) the connector becomes active.

Is the use of private IPs through shared VPC a supported feature of this connector?

Regards

Philippe

Solved Solved
0 9 1,620
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Madhuvandhini
Staff
In response to phertzog
Reply posted on --/--/---- --:-- AM

Currently this is the only feasible solution and we are working on enhancements in roadmap to avoid Socks5 proxy. Documentation below would help for PSC configuration.

https://cloud.google.com/integration-connectors/docs/configure-psc

We are yet to publish  CloudSQL specific documentation.But additional step would be  to setup Socks5 proxy and expose it as service attachment which can be used while creating connection

View solution in original post

Jump to Solution
9 REPLIES 9

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

Connecting to CloudSQL through private IPs are supported. For this you will have to setup a sock5 proxy and expose that through a service attachment, like here: 

srinandans_0-1679685587533.png

We are working on creating detailed steps for this setup. I will update here once those steps are published.

 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
phertzog
Silver 1
Silver 1
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Hello,

 

Sorry was a little busy over the last weeks and din't find to respond to your reply.

Is what you proposed the only solution? It seems a little complicated to achieve the expected goal.

Regards

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Madhuvandhini
Staff
In response to phertzog
Reply posted on --/--/---- --:-- AM

Currently this is the only feasible solution and we are working on enhancements in roadmap to avoid Socks5 proxy. Documentation below would help for PSC configuration.

https://cloud.google.com/integration-connectors/docs/configure-psc

We are yet to publish  CloudSQL specific documentation.But additional step would be  to setup Socks5 proxy and expose it as service attachment which can be used while creating connection

Jump to Solution

Posted on --/--/---- --:-- AM
Norteña
Bronze 1
Bronze 1
In response to Madhuvandhini
Reply posted on --/--/---- --:-- AM

¿Ya hay información publicada para cloudsql?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Norteña
Bronze 1
Bronze 1
In response to Madhuvandhini
Reply posted on --/--/---- --:-- AM


@Madhuvandhini How can I communicate between the cloud sql of a project and a cloud run in another project, is this valid solution that you mention?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
NaveenV1
Staff
In response to Norteña
Reply posted on --/--/---- --:-- AM

For connecting from Cloud Run, follow https://cloud.google.com/sql/docs/mysql/connect-instance-cloud-run

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Norteña
Bronze 1
Bronze 1
In response to NaveenV1
Reply posted on --/--/---- --:-- AM

@NaveenV1 It is a communication between two different gcp projects, the cloud run is in project A and the cloud sql is in project B. What it tells me does not cover what I indicate

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
petrucce
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello, 

the Socks5 proxy still the only solution to connect from a connector to a CloudSQL instance?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Sukruth
Staff
In response to petrucce
Reply posted on --/--/---- --:-- AM

CloudSQL now supports Private Service Connect for private connectivity. With that you don't need the Socks5 proxy.
For connectivity through cloudSQL PSC, you can obtain the service attachment using the instructions in this document :  https://cloud.google.com/sql/docs/mysql/configure-private-service-connect#get-service-attachment

Using the service attachment, you can then create an endpoint attachment in Integration Connectors https://cloud.google.com/integration-connectors/docs/network-connectivity-private#ep-ip and use the endpoint attachment as a destination for your connection.

Make sure to allowlist the connectors project in cloudSQL by adding it in the "allowed-psc-projects" list of your cloudSQL instance. You can obtain the connector's project using instructions in this section: https://cloud.google.com/integration-connectors/docs/network-connectivity-private#allowlist-the-inte...



If you are not using or unable to use PSC in cloudSQL and still have a private IP from cloud SQL, then yes, Socks5 proxy would be the way to go. 

Jump to Solution
0 Likes
Top Labels in this Space