Connect to GCP Cloud SQL from Compute Engine (not from App Engine) - mysql

Typical issues for teams that are migrating from AWS to GCP. How to properly connect to Cloud SQL from Compute engine.
In short that what you should know about Cloud SQL service at GCP.
As I see SQL Cloud more API rather clean MySQL socket tend to work with App Engine rather as plain DB.
List of options that you have to validate and use Cloud SQL without involving developers:
Connection using mysql-client or SQL protocol from external machine or even from Compute Engine requires to add your IP to whitelist. Keep in mind that Compute Engine you will be forced to use static IP due security limitations.In production you should use IP address with SSL
To validate connection from Compute Engine you should use Cloud Shell and gcloud utility
gcloud sql connect [INSTANCE_ID] --user=root
Other option that works only with Second Generation of instances and can be (should be) used in production is SQL Proxy that should be installed on client Compute engine and run as service. You need:
Enable SQL Cloud API
Create and use Service Account with MySQL Client permissions for your instance
Install and run SQL Proxy
Connect to localhost to use proxy as bridge to your SQL Cloud Instance
As result there open questions about "best practices" for production use:
How to automate it in the way that new instances in autoscaling group would be able to connect to Cloud SQL after start? My approach: create template that will start SQL Proxy as service. Is there another way?
How to connect to multiple Cloud SQL instances form the same Compute Engine?

Related

How to Authorise circle-ci with Google Cloud SQL instance

I have NodeJS applications which utilise the SQL instance from Google App Engine. I have created a continuous integration (CI) deployment environment with CircleCI and Google App Engine. The deployment works nice. Now, I want to execute my unit tests on CircleCi. But the problem is how do I connect Google Cloud SQL instance on CircleCI?
On the local system, I use Google Cloud SQL proxy OR SSL connection to establish a connection with MySQL. How do I connect to Google Cloud SQL instance from circle-ci using NodeJs MySQL package?

Connecting from google cloud run to google cloud (mysql) using .net core

I have a .net core app installed as a docker on google cloud run, this app that needs to be connected to cloud sql (mysql).
When using the private ip address it, it's not working.
When using public IP, it's working, but It's not a good solution for production.
this is my connection string:
"ConnectionString": "server=10.4.16.6;database=mydb;user=root;pwd=mypwd"
When I create the app, Im able to select the database i need to connect to:
But this is not helping to connect.
The relevant docs are explaining how to do it for python and java explictly.
If you do not want to use public IP then you would need to rely on service account to connect to Cloud SQL. However, .net MySQL driver has no understanding of GCP IAM and Service accounts. So you will need to use a proxy called Cloud SQL Proxy. Cloud SQL Proxy understands IAM and Service accounts.
The flow will basically look like this:
Your app -> Regular MySQL Port -> Cloud SQL Proxy(Installed in the
app's network or locally) -> CloudSQL
You will need to do the following:
Create a service account
Assign the role of Cloud SQL Client to the created service account
Download the service account key in the json format
Set env variable GOOGLE_APPLICATION_CREDENTIALS=C:\Downloaded.json
Download Cloud SQL Proxy
Run it `cloud_sql_proxy -instances=projectname:regioname:instanceid=tcp:3306
At this point you MySQL proxy ready to accept connections at 3306, modify the connection string to take localhost or wherever you installed the Cloud SQL Proxy.
Learn more at About the Cloud SQL Proxy
You can create the Cloud Run app from the console (and select the Cloud SQL Connection) or from the gcloud command line and specify
--add-cloudsql-instances <INSTANCE-NAME> --set-env-vars INSTANCE-CONNECTION-NAME="INSTANCE_CONNECTION_NAME"
These settings automatically enable and configures the Cloud SQL proxy. You can connect to the proxy, from your asp.net Core app, using the unix domain socket using the format: /cloudsql/INSTANCE_CONNECTION_NAME.
I used the following connection string in my appsettings.json and it worked for me:
"Server=/cloudsql/INSTANCE_CONNECTION_NAME;Database=DB_NAME;Uid=USER_NAME;Pwd=PASSWORD;Protocol=unix"
NB. Make sure you have given the service account that your Cloud Run app is running under Cloud SQL Client role in IAM

How do I connect to Google Cloud SQL from Google Compute Engine in production?

I have a web application running on Google Compute Engine. I am currently running MySQL on a regular instance, and I want to migrate to Cloud SQL for scalability and reliability.
The GCE docs describe how to connect by Internet IP address or the Cloud SQL Proxy to run the MySQL client to configure a database. They do not describe how to connect to Cloud SQL for a "production" environment that needs to reliably handle a large volume of queries. The Cloud SQL Proxy seems like an elegant solution, because I prefer not to assign external IP addresses to the web servers (they are behind a load balancer), or send database traffic over the Internet.
Which method(s) are considered "production-ready" for connecting a web server to a Cloud SQL instance?
Is Cloud SQL Proxy suitable for a production application?
Is traffic encrypted between the Cloud SQL Proxy and Cloud SQL?
1) Either direct connection by IP or via Cloud SQL Proxy.
2) Yes, the Cloud SQL Proxy is production ready.
3) Yes, the connection between the Cloud SQL Proxy and the Cloud SQL instance happens over SSL.

How to connect from Flexible Environment to Second Generation Cloud SQL instance?

I have deployed my web server which requires a MySQL database for storage. I've created a Second Generation MySQL instance with one failover replica but I am not sure how I can connect to those.
I am not sure how to configure these instances and what I have to consider here e.g. region/zone. Flexible Environment appears to be unavailable in Europe unfortunately - at the moment at least - so I guess I'll have to place the SQL instances in the US too.
Will those instances have to be in the same local network or can they communicate over regions? Will I even be able to control this or will all this be decided by Google Cloud?
Could anybody who has done this before give me a few details about what to do here?
For best performance, you should place your App Engine instances in the same region.
For information on how to connect from your application to the Cloud SQL MySQL instance see the following documentation: https://cloud.google.com/sql/docs/dev-access#gaev2-csqlv2
The short summary is that you have to modify your app.yaml file to list the Cloud SQL instances you will be connecting to. Once that's done, a local socket will appear inside the App Engine VM that will allow you to connect to your Cloud SQL instance.

Connect to new Google Cloud SQL (MySQL) 2nd Generation via VPN

The new Google Cloud SQL Engine creates its own VM instance to run a MySQL database, with an exposed public IP address. I was hoping that it would be possible to VPN into the Google Compute Cloud, then connect to the MySQL VM instance internally. Is this possible? The computer I am trying to connect from is a physical machine located outside of the cloud.
If it's not possible, what if I connect via VPN and use the public IP address to connect to the MySQL instance? Would it resolve to the internal network quickly and mimic the behavior of a local connection (no delay)? Or would it have the same performance as connected to the external IP address with no VPN in place?
Sorry, there's currently no VPN/private IP support for Cloud SQL. At the moment, you can use instance settings to control which IPs are allowed to connect. By default, the mysql server is locked down from all external connectivity.
Connecting through a VPN should not improve latency and may in fact hurt it depending on how things are setup. I would recommend doing your own test if that's something you wish to verify.
You can also use the Cloud SQL Proxy to connect externally which uses SSL certs to establish an SSL tunnel to MySQL.