Facing an issue while connecting to my SQL instance from cloud run when a custom domain is mapped. Before the custom domain mapping, the connection was fine, after that it is just throwing Error: connect ETIMEDOUT.
I am using Public IP and seems to me that I should add the IP of the mapped subdomain as allowed networks, the problem is that the mapping is just a CNAME that points to ghs.googlehosted.com. DN where the assigned IPs are dynamic. I can't get from Google their IP range so I can't add a range either.
Based on the docs, Cloud Run uses Cloud SQL Proxy when using sockets, so in theory it should deal with dynamic IPs.
Any help?
You can connect your Cloud SQL database from different ways. Firstly, in the documentation you can see 2 of them:
So, the last solution is to authorized network on Cloud SQL instance, and of course, not 0.0.0.0/0!
To achieve this, you need to get a public IP from Cloud Run when you initiate outgoing connection. You can achieve this with Cloud NAT.
On your Cloud NAT configuration, select your reserved private IP(s) to be sure to reuse always the same. In this configuration, you will also use Cloud NAT, but this time set the egress param to ALL (and not to internal ip range as you can do for private IP access).
Now you have it: a public static IP when Cloud Run initiate outgoing connection. Authorize this IP on Cloud SQL, and enjoy!