Search code examples
mysqldockergoogle-cloud-sqlcloud-sql-proxy

Why won't mysql-client connect to the GCP cloud_sql_proxy via a docker-forwarded tcp port?

The Gist

I have an application that wants to connect to a mysql database via a tcp port. I'm building a docker container which stages cloud sql instances for it to connect to (the databases contain test cases imported from elsewhere). I expect to be able to forward the mysql port from inside of the docker container and connect from outside of the container, but I get an error.

What I Have Tried

Database in the container, this works

When I have a database in a local container, I can connect like this:

# run in background, listening on port 13306
❯ docker run -p 13306:3306 -e MYSQL_ROOT_PASSWORD=test -d percona:5.7.26-centos
    9c25...

❯ mysql -h127.0.0.1 -P13306 -uroot -ptest
    mysql> --connection successful

Proxy in the container (connect from without), this doesn't work

But when I have the cloud_sql_proxy in a local container, I get this error:

# run in background, listening on port 13306
❯ docker run -p 13306:3306 \
         -v "${PWD}/gcloud:/root/.config/gcloud" \
         -d portforwardexample \
         cloud_sql_proxy "-instances=myproject:us-west2:myinstance=tcp:3306"
      d56c...

❯ mysql -h127.0.0.1 -P13306
    ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

If I stop the container, I get a different message:

❯ mysql -h127.0.0.1 -P13306
    ERROR 2003 (HY000): Can't connect to MySQL server on '127.0.0.1' (111)

...so I know that some communication is happening.

Proxy in the container (connect from within), this works

I know that the problem is on my end because everything works as expected when I use an interactive session and connect from within the container.

❯ docker run -it --rm -p 13306:3306 \
         -v "${PWD}/gcloud:/root/.config/gcloud" \
         portforwardexample
root@bcf:/# cloud_sql_proxy "-instances=myproject:us-west2:myinstance=tcp:3306" &
2019/12/14 22:44:04 Listening on 127.0.0.1:3306 for myproject:us-west2:myinstance
2019/12/14 22:44:04 Ready for new connections

root@bcf:/# mysql -h127.0.0.1 -P3306
mysql>  --connection successful

Why can't I connect from outside of the container? Is there something that I need to do to tell the container that it's OK to forward the port via docker?

I've omitted details that I don't think are relevant to my issue, but here's a repo that contains a few extra details (like the Dockerfile I'm using): https://github.com/MatrixManAtYrService/cloudsqlproxyproblem

Solution

  • If a program inside a container says Listening on 127.0.0.1 it will probably be unreachable from outside the container, and you need to somehow configure it so it binds or listens to 0.0.0.0 (all interfaces) instead.

    The example in the Cloud SQL Proxy documentation has this option:

    /cloud_sql_proxy -instances=...=tcp:0.0.0.0:3306 ...

    and that 0.0.0.0 is the important one.