Search code examples
google-cloud-platformgcloudgoogle-cloud-sqlvpc

GCE cannot access private SQL

I tried to access from GCE instance to Cloud SQL instance, which is private and having private service connection.

following private services access docs, I setup VPC and FW, and create SQL and GCE in same VPC. https://cloud.google.com/vpc/docs/configure-private-services-access

but in GCE, ping to SQL instance, nor sql connection didn't work.

  1. create VPC

gcloud compute networks create test-custom-vpc --subnet-mode=custom --bgp-routing-mode=global --mtu=1460

  1. create subnet

gcloud compute networks subnets create vpc-sb-1 --network=test-custom-vpc --range=10.100.0.0/16 --region=asia-northeast1

  1. create IP range for private service connection

gcloud compute addresses create vpc-peering-range --global --purpose=VPC_PEERING
--addresses=192.168.0.0 --prefix-length=16 --description=description --network=test-custom-vpc

  1. create VPC peering for SQL

gcloud services vpc-peerings connect --service=servicenetworking.googleapis.com --ranges=vpc-peering-range --network=test-custom-vpc --project=my-project

  1. create mySQL in VPC

gcloud --project=my-project beta sql instances create vpc-sql-1 --network=test-custom-vpc --no-assign-ip

  1. create GCE instance in VPC

gcloud compute instances create vm-in-sb-1 --subnet vpc-sb-1 --zone asia-northeast1-b

  1. create FW rule, so far allow all IP/protocol

gcloud compute firewall-rules create allow-all --network test-custom-vpc --direction ingress --action allow --rules all

Then, I would access VM with ssh and check connection between VM & SQL

gcloud sql instances list NAME DATABASE_VERSION LOCATION TIER PRIMARY_ADDRESS PRIVATE_ADDRESS STATUS vpc-sql-1 MYSQL_5_7 us-central1-b db-n1-standard-1 - 192.168.0.3 RUNNABLE

-> SQL private IP is 192.168.0.3

  1. ssh login

gcloud beta compute ssh --zone "asia-northeast1-b" "vm-in-sb-1" --project "my-project"

  1. check connection

ping 192.168.0.3

no response

psql -h 192.168.0.3 -U postgres

mysql --host=192.168.0.3 --user=root --password

psql: could not connect to server: Connection timed out Is the server running on host "192.168.0.3" and accepting TCP/IP connections on port 5432?

I have no idea what configuration is wrong

Solution

  • I replicated your case, all configuration are working well but please note, using the command below in step #5 will create a Cloud SQL instance for Mysql not for Postgres:

    gcloud --project=my-project beta sql instances create vpc-sql-1 --network=test-custom-vpc --no-assign-ip

    If you want to create a Cloud SQL instance for Postgres use the command below:

    gcloud --project=my-project beta sql instances create vpc-sql-1 --database-version=POSTGRES_12 --cpu=2 --memory=7680MB --network=test-custom-vpc --no-assign-ip

    The problem is you are connecting to Cloud SQL for Mysql using Postgres database client. To proper connect use the following example:

    for Mysql example:

    mysql --host=192.168.0.3 --user=root --password

    for Postgres example:

    psql -h 192.168.0.3 -U postgres