0

1 - Have a MySQL instance on Google Cloud SQL, with internal IP 10.22.etc (no external/public IP) 2 - Have a Java Web App deployed to Google App Engine, with internal IP 10.140.etc (no external/public IP)

How can I get 1 & 2 on the same network, or to at least be able to use a JDBC connection from my Java Web App to my MySQL, without using a public IP.

Don't see anywhere in the console(s), eclipse plugin or docs on how to do this. Is Google Cloud really making everyone use public IP's to connect from App Engine standard to Google Cloud SQL? If so, is this because both are fully managed PaaS's?

Patrick Grant
  • 13
  • 4

2 Answers2

0

If you use the app engine flexible environment, it gets hosted on an instance in your private network, giving you access to internal IPs.

I'm assuming you're on the standard environment. Here's a decent link I've found telling you the differences between the two -> https://cloud.google.com/appengine/docs/flexible/java/migrating

to switch you need to ensure you set env to flex on your app.yaml file.

runtime: java
env: flex
shrumm
  • 116
  • 1
  • 9
  • OK, I guess that's why I couldn't see anyway to edit the network config. The link you provided got me to: https://cloud.google.com/appengine/docs/flexible/java/flexible-for-standard-users#similarities_and_key_differences ...Google should make that the first thing you see when reading about App Engine - Huge limitation differences between them. I'm hoping that when I deploy as flex I will see settings that are more like those for a Compute instance – Patrick Grant Sep 28 '19 at 04:37
  • just deployed a test web app to Flexible, still no clue how to put both the app engine web app and the MySQL (running on Cloud SQL) in the same internal network, so that I don't have to use any special JDBC connection and/or certs (putting MySQL in public IP would necessitate a ton of extra cert-related work, and well as code re-write for using special Google JDBC apis) - I also think it's pretty remarkable that Google's docs points users to an example webapp on git hub that makes a connection (based on docs) over a public IP and the useSSL is set to false. – Patrick Grant Sep 28 '19 at 05:13
  • are you deploying both to the same region? if so, they should both receive an IP from your private VPC. This is exactly what I do with my Cloud SQL postgres and it connects just fine. Try logging the IP from your web app? – shrumm Sep 28 '19 at 05:35
  • yup, same region. I think my problem is that I'm look for network config changes in the GUI console (I mostly use AWS and OpenStack), as opposed to doing everything in app.yaml file. I'll give that a shot. – Patrick Grant Sep 28 '19 at 15:23
0

Go to the Cloud SQL MySQL Connecting from App Engine docs and follow what's said on the note (including link).

Then you achieve what you want but through a feature in Beta launch stage, namely Serverless VPC Access.

Note: These instructions require your Cloud SQL instance to use a publicly accessible IP address. If you want to use a private IP address, see Configuring Serverless VPC Access.

fbraga
  • 213
  • 1
  • 8
  • Yeah, I had read the docs and a note at the link reads:" "Note: If you want to use internal IP addresses when connecting from the App Engine flexible environment, you don't need to configure Serverless VPC Access. Just make sure your App Engine flexible environment VMs are located in the same VPC network as the resources you want to connect to or are located in a network connected via VPC Network Peering." What I wanted but there was no way in the console to accomplish this, seemed to only be possible to set the internal network manually via the yaml. – Patrick Grant Sep 30 '19 at 15:12
  • I found App Engine's docs to be misleading, mis-directing and incomplete. Going back to using Compute instead, much easier, cheaper, and possibly much more secure (in terms of app server to cloud db comms). If the app is fortunate enough to get insane traffic and I can't scale myself, I'm sure I'll be back to App Engine. Thanks for the guidance though. – Patrick Grant Sep 30 '19 at 15:14