3

Using the Kubernetes sidecar pattern to connect to Cloud SQL. Followed instructions here: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine

The cloudsql-proxy container is giving the error:

2017/12/22 14:34:02 couldn't connect to "beliefer-4342:us-central1:beliefer-4342-cloud-instance": Post https://www.googleapis.com/sql/v1beta4/projects/beliefer-4342/instances/beliefer-4342-cloud-instance/createEphemeral?alt=json: oauth2: cannot fetch token: 400 Bad Request

Response: {
"error" : "invalid_grant",
"error_description" : "Invalid JWT Signature."
}
sys13
  • 148
  • 9
  • I'm having the exactly same issue. Did you found what was the problem? Thanks for sharing. – elier Nov 06 '18 at 02:46

1 Answers1

1

Do you have NTP configured in your VM in Google Cloud? - The first thing to do is ensure your VM time is synchronized with NTP server. If NTP is working fine, then you can also set a different expiration time for the token - 1000s should work fine for your case.

An invalid JWT signature error can also mean that your signature failed to authenticate your $jwtHeader and $jwtClaim. Are you using the correct private key obtained from API console with correct email address of the service account? Additionally, you need to encode your signature with base-64.

Containers vs virtual machines use different approaches to networking and management, which can complicate connections. For more tools and operations detail you can check out this wiki.

Gaby Weiss
  • 136
  • 4