The Postgres instance does not have a public IP and is using a VPC network. To reach it I am using the cloud sql docker proxy on OSX and a service account with the cloud sql admin role and cloud sql API enabled.
I am able to start the proxy and request a connection to the instance:
$ Listening on 0.0.0.0:5432 for myproject:northamerica-northeast1:myproject-database-someid
$ Ready for new connections
$ New connection for "myproject:northamerica-northeast1:myproject-database-someid"
The request eventually times out as it is refused:
$ couldn't connect to "myproject:northamerica-northeast1:myproject-database-someid": dial tcp 192.168.0.3:3307: connect: connection refused
However in the Postgres database logs I can see that the request was reached and authorized:
{
...,
authorizationInfo: [
0: {
granted: true
permission: "cloudsql.instances.connect"
resource: "instances/myproject-database-someid"
resourceAttributes: {}
}
]
methodName: "cloudsql.instances.connect"
I have tried applying firewall rules (open port 3307) on the VPC network to no avail.
