1

I am trying to migrate to use private IP:s for all our Cloud SQL instances. I have gotten it working for postgres, and am now trying to get access for our wordpress instances using MySQL.

The problem is I cant get the connection working from the running pods in our GKE cluster.

root@******:/var/www/app# mysql --host=10.**.**.* -u *_se -p
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on '10.*.*.*' (110 "Connection timed out")

I have activated the private IP on the Cloud SQL instance, and added a private service connection to the VPC-network that is the same network that our cluster uses, but still cant connect in the same way as I did with postgres.

Does anyone know anything I could try to get this working?

Andreas
  • 1,421
  • 3
  • 16
  • 32
  • Have you tried with the [instance connection name](https://support.google.com/datastudio/answer/7020436?hl=en#zippy=%2Cin-this-article%2Cget-your-instance-connection-name) instead of the ip? – Batato Jul 02 '21 at 08:58
  • @Batato I am unsure how the pod running could possilby work out what ip the instance name belongs to without any proxy. But I tried it just to be sure: ERROR 2005 (HY000): Unknown MySQL server host 'we*:europe-west1:*' (-2) – Andreas Jul 02 '21 at 11:48
  • Check the Following: 1. Memory. If there was not enough memory on the Cloud SQL instance to create the new connection, it will be denied. 2. Connecting Cloud SQL instance using private IP, the GKE cluster must be VPC-native and peered with the same VPC network as the Cloud SQL instance. – Kirpal R Jul 02 '21 at 12:48
  • 1
    VPC peering is a pain because Cloud SQL exists in the Private Services VPC. The key is you have to have created the GKE cluster as VPC native, and be sure it's in the same VPC as the Cloud SQL instance. If that's not possible, I'd suggest VPC sharing instead, and create a service project that the Cloud SQL instance lives in hosted in the GKE project to get access. – Gabe Weiss Jul 02 '21 at 18:01
  • This page describes your options: https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine – Gabe Weiss Jul 02 '21 at 18:02

1 Answers1

0
  • There are specific network requirements Cloud SQL instances must adhere to when communicating via a private connection. One of which is that your Cloud SQL and GKE instances are located in the same region and VPC network. Check this to configure private IP for MySQL.
  • The GKE cluster must be VPC-native and peered with the same VPC network as the Cloud SQL instance. To connect MySQL from GKE, refer to this Google documentation.

Note: If you are using shared VPC networks, you cannot assign a private IP address in a shared VPC network to an existing Cloud SQL instance. Also, VPC Network Peering uses private services access. However, you do not create the VPC Network Peering explicitly, because the peering is internal to Google Cloud.

  • Some possible causes of mentioned error are as follows:
  1. Network failure especially if MySQL database server is running on a remote host.
  2. No MYSQL server is running on the mentioned host.
  3. Firewall blocking TCP-IP connection or other related reasons.

I would suggest you check the firewall setting and check if your MySQL server is listening on default port 3306. Also try to connect MySQL server on IP for which MySQL server is bound in 'my.cnf’. If it not so, run the following command to bind address if you are using Ubuntu:

               1. Run the command  vim /etc/mysql/my.cnf or vim /etc/mysql/mysqld.conf/mysqld.cnf
               2. Comment bind-address = <Server IP> using the # symbol
               3. Restart your MYSQL server once.
Priya Gaikwad
  • 455
  • 3
  • 8