1

I have a Spring GCP service which when run locally connects fine to my Google Cloud SQL instance.

However, when I deploy and launch on my Google Cloud Kubernetes cluster, it is failing to connect with Insufficient Permissions errors.

I followed the steps https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine , but still the same connection issue.

My source code is https://github.com/christianblake/spring-boot-gcp

deployment.yml is in the root dir.

Appreciate if somebody has any pointers as I'm obviously missing a point.

Thank you.

Christian Blake
  • 11
  • 2
  • When you speak about Insufficient Permissions, what do you mean? Could you post the error stacktrace? Also, check if your service account has the proper permissions – Mangu Oct 05 '18 at 11:33

2 Answers2

0

Assuming credentials.json is installed correctly, the service account defined in credentials.json needs to have the Cloud SQL Client role. There are several ways to do this is as documented here.

From the cli, you would do something like this:

gcloud projects add-iam-policy-binding $PROJECT_NAME \
--member serviceAccount:$GOOGLE_SERIVICE_ACCOUNT.iam.gserviceaccount.com --role roles/cloudsql.client
mantithetical
  • 1,755
  • 2
  • 16
  • 21
0

@Mangu, I found the following error in the error logs. 

Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden

Which led to the following similar question Cloud SQL Proxy and Insufficient Permission

I re-created the cluster, including the sql scopes with the following.

gcloud container clusters create cloudcluster --num-nodes 2  --machine-type n1-standard-1 --zone us-central1-c --scopes https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/sqlservice.admin

And that resolved the issue.

Thank you both for the feedback, and apologies for missing the google error code in the original question.

Christian Blake
  • 11
  • 2