Unable to connect to Private CloudSql postgres DB from CloudRun

Question

I have followed the steps mentioned in the below stackoverflow url and tried to connect my java application which is running on CloudRun to CloudSQL postgres DB. Stackoverflow reference But getting the below error when the db has private IP.

org.postgresql.util.PSQLException: Connection to google:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.

But when its made public things are working as expected and CloudRun instance is stable. I am using shared VPC this is where my CloudSQL instance is running and have created a VPC connector and configured CloudRun to use the VPC connector and shared network.When i make the DB public it works so the connection string used is right but why does it fail when Private IP was enabled ? What am I missing is there some issues with networking side ?

Without knowing your code to connect it will be hard someone can help — Puteri, May 10 '23 at 23:49
https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/blob/main/docs/jdbc-postgres.mdv have used this as reference for the java application i cannot share the whole repository but application.yml i could share — sidharth vijayakumar, May 11 '23 at 03:46
Are you specifying the Connector to use Private IP? You can do so by setting `ipTypes` to PRIVATE `config.addDataSourceProperty("ipTypes", "PRIVATE");` — Jack Wotherspoon, May 12 '23 at 14:07
No i am using connection string and the issue is it's using private vpc and connectivity test is failing for some reason. It says host project firewall where the shared vpc exist is blocking the traffic — sidharth vijayakumar, May 14 '23 at 11:02
@sidharthvijayakumar you need to specify Private IP as I mentioned in previous comment. You may also need to adjust firewall setting on your VPC network to allow TCP connections to proper ports. — Jack Wotherspoon, Jun 06 '23 at 13:37
Yes it was fixed it was that we should add firewall in Project that hosts shared VPC — sidharth vijayakumar, Jun 07 '23 at 07:15

kmonsoor · Answer 1 · 2023-06-02T15:26:23.590

1

It can be from a number of issues, very difficult to say without looking deep into the project configs and the logs.

As that's not possible here, please have a look into the "Private IP" section of this GCP doc.

Other than that also make sure that you followed this step-by-step guide, especially preparing your Cloud SQL instance to accept connection via a private IP. Then, also prepare Cloud Run to use private IP as well as connecting from Java application properly.

For example, the issue can be with the VPC access connector IP that is not RFC-1918 compliant.

edited Jun 02 '23 at 15:26

answered Jun 02 '23 at 15:15

kmonsoor

7,600
7
41
55

thanks the issue was that Host project should have a allow firewall. When we added this is the project where shared vpc was present then it worked – sidharth vijayakumar Jun 07 '23 at 07:17

score 0 · Accepted Answer · answered Jun 12 '23 at 09:03

The solution to this was to create a Firewall in the host project which has the shared VPC and this firewall must allow the communication from the source Project

Direction: Ingress

Action on match: Allow

Source IP whitelisted ranges : 107.178.230.64/26 , 35.199.224.0/19 , 130.211.0.0/22 and 108.170.220.0/23

Target tags: vpc-connector

Ports: tcp:667,tcp:5432

Reference : Gcp document

Unable to connect to Private CloudSql postgres DB from CloudRun

2 Answers2