1

I'm trying to setup a very basic wordpress setup as explained in this document: https://cloud.google.com/kubernetes-engine/docs/tutorials/persistent-disk

And cloud sql proxy is giving me certificate errors:

esonika@cloudshell:~ (esonika)$ k logs wordpress-8d7998ccd-xnfn9 -c cloudsql-proxy

2022/12/30 10:43:38 using credential file for authentication; email=cloudsql-proxy@esonika.iam.gserviceaccount.com

2022/12/30 10:43:38 Listening on 127.0.0.1:3306 for esonika:europe-west9:mysql-wordpress-instance

2022/12/30 10:43:38 Ready for new connections

2022/12/30 10:44:01 New connection for "esonika:europe-west9:mysql-wordpress-instance"

2022/12/30 10:44:02 couldn't connect to "esonika:europe-west9:mysql-wordpress-instance": x509: certificate is valid for 38-968d77ed-a928-4b25-97d3-5451b5f3c670.europe-west9.sql.goog, not esonika:mysql-wordpress-instance

I dont know why a certificate such as "38-968d77ed-a928-4b25-97d3-5451b5f3c670.europe-west9.sql.goog" is created and where.

Tried resetting ssl configurations and it didn't work.

ouflak
  • 2,458
  • 10
  • 44
  • 49
Esin Akdeniz
  • 11
  • 2

4 Answers4

0

Usually, if you don't explicitly set a SSL connection on your Cloud SQL instance, the communication with the database is in plain text.

EXCEPT when you create a tunnel with Cloud SQL proxy. This time, a secure connection is created, with encrypted data. The encryption is ensure by this automatically and ephemeral certificate created by the proxy.

guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76
0

Here is a doc which might help you in connecting to Cloud SQL from GKE using sidecar pods.

Avinash Kumar
  • 101
  • 1
  • 5
0

Thanks, The document doesn't list anything that I haven't tried. I think there is an internal issue with cloud_sql_proxy, that's why I decided to switch Cloud SQL to a private network only and wordpress pod is directly connecting to Cloud SQL private IP.

Esin Akdeniz
  • 11
  • 2
  • Welcome to StackOverflow! Although you can't create comments until reaching a certain reputation level, it is better to reply to other users in your original question than using 'answers' for any comments. This site is strictly Q/A on its main pages and deviations from that format will cause confusion for future visitors who may be experiencing the same issue. – ouflak Jan 01 '23 at 15:25
0

I was running into the same issue around the time you posted this question. I also reset SSL configuration on the DB like you did. My solution was upgrading from the version 1.11 to 1.33.2. It resolved all of the x509 errors. No clue why it suddenly stopped working.

Jon
  • 1
  • 1