Connecting node.js running on Kubernetes to Cloud Sql

Question

I'm trying to connect my node.js backend to a Cloud SQL on the same project, following many tutorials and documentation, but without success.

Here my service and endpoint config:

kind: Service
apiVersion: v1
metadata:
  name: mysql-service
spec:
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 3306
    targetPort: 3306
---
kind: Endpoints
apiVersion: v1
metadata:
  name: mysql-service
subsets:
  - addresses:
    - ip: 10.78.176.3
    ports:
    - port: 3306

I got on my node.js side:

process.DB_HOST 10.78.176.3
process.DB_DATABASE marketplace_test
MySQL Connection pool error
connect ETIMEDOUT

I already tried to connect over the public and the private IP, over the 'mysql-service' name, but nothing worked.

Could it be some relation I'm missing, like a matchLabels? Should I match the service+endpoint+deployment? How? Must I use a proxy for that?

What I'm missing?

Thanks for all help!

are you sure that the ip is public for your cluster? I think that the best approach for you is to exec into one of the deployments and try to curl the ip (direct) and then try the same for the service. share your results — Amityo
– Amityo, Commented May 21, 2019 at 14:18
@Amityo I'm confused now, because a curl -v 10.78.176.3:3306 show that it can connect. It connected. Running from instance ssh.. what can happen? — Tiago Gouvêa
– Tiago Gouvêa, Commented May 21, 2019 at 14:35
Ssh from k8s or your computer? What about curling the service — Amityo
– Amityo, Commented May 21, 2019 at 15:07
@Amityo From the instance on GCP. The curling the internal ip connected. The public IP and the service name don't connect. Then, the instance has access to internal ip and port... why the pod is not connecting? — Tiago Gouvêa
– Tiago Gouvêa, Commented May 21, 2019 at 17:09

kurtisvg · Accepted Answer · 2019-05-22 16:44:15Z

1

If you are connecting via Private IP, you need to make sure you meet the environment requirements on your GKE cluster. This means that it needs to be a VPC-native cluster. If it's not, you'll need to use public IP.

If you are using a Public IP, you need to authenticate your connection. There are 3 main ways to do this:

Via the Cloud SQL proxy - this will use IAM roles to authenticate the connections
Via an SSL/TLS certificate - you can create one on the instance and share with the client
Via IP whitelisting - This is the most convenient, but the least secure.

answered May 22, 2019 at 16:44

kurtisvg

3,5851 gold badge10 silver badges26 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

Connecting node.js running on Kubernetes to Cloud Sql

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related