I have a .net core app installed as a docker on google cloud run, this app that needs to be connected to cloud sql (mysql).
When using the private ip address it, it's not working.
When using public IP, it's working, but It's not a good solution for production.
this is my connection string:
"ConnectionString": "server=10.4.16.6;database=mydb;user=root;pwd=mypwd"
When I create the app, Im able to select the database i need to connect to:
But this is not helping to connect.
The relevant docs are explaining how to do it for python and java explictly.
If you do not want to use public IP then you would need to rely on service account to connect to Cloud SQL. However, .net MySQL driver has no understanding of GCP IAM and Service accounts. So you will need to use a proxy called Cloud SQL Proxy. Cloud SQL Proxy understands IAM and Service accounts.
The flow will basically look like this:
Your app -> Regular MySQL Port -> Cloud SQL Proxy(Installed in the
app's network or locally) -> CloudSQL
You will need to do the following:
Create a service account
Assign the role of Cloud SQL Client to the created service account
Download the service account key in the json format
Set env variable GOOGLE_APPLICATION_CREDENTIALS=C:\Downloaded.json
Download Cloud SQL Proxy
Run it `cloud_sql_proxy -instances=projectname:regioname:instanceid=tcp:3306
At this point you MySQL proxy ready to accept connections at 3306, modify the connection string to take localhost or wherever you installed the Cloud SQL Proxy.
Learn more at About the Cloud SQL Proxy
You can create the Cloud Run app from the console (and select the Cloud SQL Connection) or from the gcloud command line and specify
--add-cloudsql-instances <INSTANCE-NAME> --set-env-vars INSTANCE-CONNECTION-NAME="INSTANCE_CONNECTION_NAME"
These settings automatically enable and configures the Cloud SQL proxy. You can connect to the proxy, from your asp.net Core app, using the unix domain socket using the format: /cloudsql/INSTANCE_CONNECTION_NAME.
I used the following connection string in my appsettings.json and it worked for me:
"Server=/cloudsql/INSTANCE_CONNECTION_NAME;Database=DB_NAME;Uid=USER_NAME;Pwd=PASSWORD;Protocol=unix"
NB. Make sure you have given the service account that your Cloud Run app is running under Cloud SQL Client role in IAM
Related
I have NodeJS applications which utilise the SQL instance from Google App Engine. I have created a continuous integration (CI) deployment environment with CircleCI and Google App Engine. The deployment works nice. Now, I want to execute my unit tests on CircleCi. But the problem is how do I connect Google Cloud SQL instance on CircleCI?
On the local system, I use Google Cloud SQL proxy OR SSL connection to establish a connection with MySQL. How do I connect to Google Cloud SQL instance from circle-ci using NodeJs MySQL package?
I have an azure hosted MySQL data base and am now trying to use the MySQL connector in a logic app. Unfortunately the connector requires an on premise gateway as one of the mandatory requirements. I have read that I should disable SSL which is already the case. Any idea how I can make a connection to this DB?
MySql connector in logic app at this point allows you to connect to the on premises mysql database through an on premises datagateway. You cannot directly connect to the mysql database hosted on azure. The workaround for this is that you write an azure function which connects with the mysql databases and call the azure function in your logic app. The azure function can be a http triggered
I made instance in Google Cloud > Storage > SQL > MYSQL. Now I have to import database in it so I am trying to connect to MYSQL
using adminer, but it gives following error
SQLSTATE[HY000] [2002] Operation timed out
I also tried via HeidiSQL > MariaDB or MYSQL (SSL Tunnel) but here also it does not connect and gives error
https://prnt.sc/o58in0
I am mentioning
Host: Public Ip of SQL instance
Username: root
Any suggestions, what could be the fix?
Your error typically means that a firewall blocked your connection attempt.
For Cloud SQL, this typically means that you have not enabled instance-level access.
Since your error is 10060, which is a Windows WinSock error message, I am assuming that you are running on Windows. The steps are similar for Linux.
There are two methods to enable access to Cloud SQL:
Cloud SQL Proxy
This is the recommended method and is secure. Download and install the Cloud SQL Proxy to your the computer that you want to connect from. If you have set up the Cloud SDK (gcloud), Cloud SQL Proxy will use your Cloud SDK credentials. If not, then you will need to create and download a service account with (usually) the Cloud SQL Client role.
You will need the "instance connection name" from Cloud SQL Instance details page.
Download Cloud SQL Proxy (link) to your computer. Remember the full path to the program. Save the program as "cloud_sql_proxy.exe"
Start the Cloud SQL Proxy
[full_path_to_program]\cloud_sql_proxy -instances=[INSTANCE_CONNECTION_NAME]=tcp:3306
OR
[full_path_to_program]\cloud_sql_proxy -instances=<INSTANCE_CONNECTION_NAME>=tcp:3306 -credential_file=[PATH_TO_KEY_FILE]
Connect using mysql.exe: `mysql -u USERNAME -p --host 127.0.0.1
Public IP Method
The second method is not secure unless you also enable SSL, which I will not cover in this answer. I do not recommend this method except for knowledgeable persons.
Figure out what your public IP address is. Go to any website such as "MXToolbox" https://mxtoolbox.com/whatismyip/
Go to the Google Cloud Console
Go to the Cloud SQL Instances Details page
Select the Connections tab
Click Add network
In the Network field, enter your Public IP address using CIDR notice: eg 145.11.22.33/32
Enter a name such as "My Home IP"
Click Done
Click Save
Note: Most home Internet services change your Public IP address periodically. This means that you will need to update your Public IP address in Cloud SQL if you are using the second method.
I have a flask server which I want to deploy on Google Cloud Platform. The code uses MySQLdb library to connect with local MySQL instance in the following manner:
#app.route('/show_table', methods=['POST'])
def login():
db = MySQLdb.connect("localhost", "root", "", "db_name")
cursor = db.cursor()
query = "select * from table_name;"
cursor.execute(query)
res = cursor.fetchall()
return res, 200
But instead of local MySQL instance, I want to connect this code to Cloud SQL so that it reads data from the cloud. What changes should I make to this code? I have currently created a project in Google Cloud Platform and a Cloud SQL instance inside this project. I have also created the required tables inside this instance by following
this tutorial.
You shouldn't have to change your code too much, it just depends on how you're going to connect to the database. The Google documentation has step by step information on how to connect to Cloud SQL from an external application.
Since you're not using Java or GO, there's two options:
Use the Cloud SQL proxy
Whitelist the public IP address of your server on the Cloud SQL instance page
All the steps are in the documentation, but it basically says that if you use the proxy, you'll need to enable the Cloud SQL Admin API, install the proxy client on your local machine and authenticate it. There's a few authentication options but the recommended way is creating a credentials file from a service account using the console and passing the file as a parameter when you first start the proxy. Once you've got the proxy running the documentation has examples on how to connect using either TCP or UNIX sockets. With TCP you'll be using the proxy as localhost so you won't have to change your code. Using UNIX sockets you'll use the instance connection name which you'll find in your instance details on the GCP console. MySQLdb supports both.
With the second option you need to allow access to your Cloud SQL instance from a specific IP address range. Go to the connections tab in your Cloud SQL instance details page and add the IP address (using CIDR notation) you want to use to connect to your database. Once it's whitelisted then you can use the Public IP of your Cloud SQL instance, which you'll find in instance details, in place of localhost to connect to your database.
Typical issues for teams that are migrating from AWS to GCP. How to properly connect to Cloud SQL from Compute engine.
In short that what you should know about Cloud SQL service at GCP.
As I see SQL Cloud more API rather clean MySQL socket tend to work with App Engine rather as plain DB.
List of options that you have to validate and use Cloud SQL without involving developers:
Connection using mysql-client or SQL protocol from external machine or even from Compute Engine requires to add your IP to whitelist. Keep in mind that Compute Engine you will be forced to use static IP due security limitations.In production you should use IP address with SSL
To validate connection from Compute Engine you should use Cloud Shell and gcloud utility
gcloud sql connect [INSTANCE_ID] --user=root
Other option that works only with Second Generation of instances and can be (should be) used in production is SQL Proxy that should be installed on client Compute engine and run as service. You need:
Enable SQL Cloud API
Create and use Service Account with MySQL Client permissions for your instance
Install and run SQL Proxy
Connect to localhost to use proxy as bridge to your SQL Cloud Instance
As result there open questions about "best practices" for production use:
How to automate it in the way that new instances in autoscaling group would be able to connect to Cloud SQL after start? My approach: create template that will start SQL Proxy as service. Is there another way?
How to connect to multiple Cloud SQL instances form the same Compute Engine?