2

I have a Private GKE Cluster with a public master endpoint, which has jobs that needs access Cloud SQL. I have a cloud SQL proxy DaemonSet receiving on 3307, which connects to actual DB on 3306.

My network doesn't have outbound internet, neither any firewalls rules added. I get below error on my cloud SQL proxy. Any help on resolving this or guide on how to establish a connection between private GKE and Cloud SQL ?

couldn't connect to "dbinstance": dial tcp publicip:3307: getsockopt: connection timed out

prabhu34
  • 67
  • 11
  • Have you followed the Google Kubernetes Cloud SQL documentation? https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine – John Hanley Dec 19 '18 at 05:55
  • Yes, the approach followed is using Cloud Proxy Docker Image – prabhu34 Dec 19 '18 at 06:15
  • Please follow [this group post](https://groups.google.com/forum/#!topic/google-cloud-sql-discuss/6lA0r6zRfeI) that recommends setting up [NAT gateway(s)](https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine) to achieve your design. – mehdi sharifi Dec 20 '18 at 20:19

1 Answers1

3

The cloud SQL proxy uses database public IP to connect and as your cluster is private with no internet access from nodes I believe it is impossible to reach it like that. You could try using private IP for your SQL instance:

https://cloud.google.com/sql/docs/mysql/private-ip

or conifguring the NAT gateway for your cluster:

https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine

jkrol2
  • 394
  • 1
  • 6
  • 1
    I was able to achieve this. To access SQL from private cluster, we can either enable Private IP for SQL or use NAT for VPC your cluster belongs to. Thanks @jkrol2 – prabhu34 Jan 02 '19 at 08:47