0

I am unable to connect to a Cloud SQL instance when running an image on Cloud Run. Is this feature working yet?

I have successfully connected to the same SQL instance with Compute Engine.

Tried to connect to the Cloud SQL instance using a simple shell command: 

mysql --host=$MYSQL_IP --user=$MYSQL_ROOT --password=$MYSQL_PASS -e "SHOW DATABASES"

Result is logged as such:

ERROR 2003 (HY000): Can't connect to MySQL server on '.*..' (110)

Asad Ali Choudhry
  • 4,985
  • 4
  • 31
  • 36
James Greenaway
  • 39
  • 5
  • 1
    See: https://cloud.google.com/run/docs/configuring/connect-cloudsql – DazWilkin Jun 13 '19 at 19:26
  • This has been the page that I have been following, but it doesn't work for me. Have you had any luck following these instructions? – James Greenaway Jun 13 '19 at 20:17
  • Where are you running the `mysql` command? – John Hanley Jun 13 '19 at 21:48
  • 1
    If you are running this command inside the Cloud Run container, you cannot connect to a private IP, only if Cloud SQL has a public IP (using your method). Cloud Run is not part of your VPC. Normally you want to connect using a Unix socket `/cloudsql/[CONNECTION_NAME]` for example: `mysql --user=$MYSQL_ROOT --password=$MYSQL_PASS -S /cloudsql/ -e "SHOW DATABASES"` – John Hanley Jun 13 '19 at 21:49
  • If you are running `mysql` outside of Cloud Run, then follow this document: https://cloud.google.com/sql/docs/mysql/connect-admin-proxy and remove the Cloud Run tag. – John Hanley Jun 13 '19 at 21:49
  • I am running the mysql command in a shell script to test the connection, putting the script in a CMD tag in docker, so that it runs when I deploy the image. I have changed the command to: ```mysql --user=$MYSQL_ROOT --password=$MYSQL_PASS -S /cloudsql/strapi-database -e "SHOW DATABASES"``` as you suggested and in the logs it now says ```Cloud SQL instance named strapi-database is not specified in the list map[strapi-243521:us-central1:strapi-database:true].```. I'm not sure I understand the inside / outside of Cloud Run distinction? I am running mysql in Cloud SQL. – James Greenaway Jun 13 '19 at 22:34
  • If you are running your `mysql` command from the container in Cloud Run you need to either use the Public IP address of Cloud SQL (open to the world - not recommended) or use SQL Proxy. If you are running `mysql` from someplace else like your desktop then Cloud Run is not a factor here. – John Hanley Jun 13 '19 at 23:02
  • Post your Dockerfile. If you are staring your container my running `mysql`, then Cloud Run will kill your container as you are not responding on port 8080 with a web server. Note: Only one program can be launched from your Dockerfile. – John Hanley Jun 13 '19 at 23:03
  • Note: I am not sure what you are trying to accomplish running mysql inside your container. You cannot interact with the program. – John Hanley Jun 13 '19 at 23:13
  • James -- I had some time this morning and I am able to deploy a Cloud Run container that talks to a Cloud SQL (PostgreSQL) instance. The documentation is "scant" but it is accurate. Were you successful? – DazWilkin Jun 17 '19 at 18:45
  • 1
    Hi Daz, Yes, in the end I got it working thanks to @JohnHanley. I used the unix socket technique and it set up the cloud sql proxy for me automatically. – James Greenaway Jun 17 '19 at 22:03
  • That's good to hear! – DazWilkin Jun 17 '19 at 22:21

1 Answers1

1

This question was asked several months before Cloud Run reached GA (General Availability).

Cloud Run (fully-managed) now supports connecting to Cloud SQL instances (both MySQL and PostgreSQL) using the public IP address of the database.

gcloud run services update run-mysql \
    --add-cloudsql-instances [INSTANCE_CONNECTION_NAME] \
    --set-env-vars CLOUD_SQL_CONNECTION_NAME=[INSTANCE_CONNECTION_NAME],\
      DB_NAME=[MY_DB],DB_USER=[MY_DB_USER],DB_PASS=[MY_DB_PASS]

...where INSTANCE_CONNECTION_NAME is of the form PROJECT_ID:REGION:INSTANCE_ID (as returned by gcloud sql instances describe <INSTANCE-ID> | grep connectionName or available in the Overview section of the Cloud SQL instance in Cloud Console).

Note that the service account used by Cloud Run to authorize your connections to Cloud SQL must have the correct IAM permissions which is will require some configuration if the DB instance and the Cloud Run services are not part of the same project.

The above takes care of connectivity between Cloud Run and Cloud SQL. Having your application actually talk to the Cloud SQL instance requires connecting from your Cloud Run service using the Unix domain socket located at /cloudsql/INSTANCE_CONNECTION_NAME (these connections are automatically encrypted btw).

Different languages and different database drivers will use different ways to connect to the Cloud SQL instance. This link has more details.

See also How to securely connect to Cloud SQL from Cloud Run?

Alexis MP
  • 750
  • 3
  • 8