Connecting to Google Cloud SQL instance on private IP fails from VM with both private and public IP

dreams

What I want to set:

Cloud SQL instance with private IP, Postgresql database
A VM with one public IP and one private IP on the same VPC network as the SQL instance (VM, SQL instance and VPC are all in the same region)
The VM's service account has sufficient Cloud SQL client/viewer permissions
The SQL agent on the VM connects to the SQL instance. I run it with some parameters -ip_address_types=PRIVATEfound in the documentation .

configuration code

Slightly simplified Terraform code to reproduce the state that confuses me is here: https://github.com/hallvors/gcp-network-issue-demo To test this:

Create a new one-off Google Cloud project.
For convenience, you can run bootstrap.sh to enable the correct service (it will ask for the id of the Google project and assume you have a gcloud client logged in and accessible).
Create a service account in the project, just make it the owner for convenience, and save the key file there./local-secrets/google-project-credentials.json
Update terraform.tfvars with project ID and service account's email
terraform workspace new staging
terraform init
terraform apply

Once Terraform is complete, you should have a database and a VM set up in your project.

SSH into the VM and runsudo apt install postgresql-client-common postgresql-client
Find the IP address of the DB instance
Run this command (modify details as needed)psql --host 10.167.0.3 -U gcp-network-issue-demo-staging-db-user gcp-network-issue-demo-staging-database

What's wrong?

Any attempt to actually use the connection (such as from the psql client or db-migrate) will time out
If I remove the VM's public IP address from the settings, the connection works fine. However, I need a publicly accessible VM that other services can connect to.

What am I missing?

dreams

The reason for this problem is that I can't understand that a network interface can have both public and private IPs/networks. So my code sets up a public interface and a private network interface for google_compute_instance:

  # Update VM needs a public IP
  network_interface {
    network = "default"
    access_config {
    }
  }

  network_interface {
    network    = var.network
    subnetwork = var.subnetwork
  }

Now, I still don't fully understand networking, but it doesn't seem like you can (easily?) specify the interface the database connection is trying to use, and it doesn't automatically pick the correct one. The fix in this commit will configure access to both private and public network interfaces:

https://github.com/hallvors/gcp-network-issue-demo/commit/ea14174c1087c89b92310b5b4913e12a4e17130d

Connecting to Google Cloud SQL instance on private IP fails from VM with both private and public IP

dreams What I want to set: Cloud SQL instance with private IP, Postgresql database A VM with one public IP and one private IP on the same VPC network as the SQL instance (VM, SQL instance and VPC are all in the same region) The VM's service account has suffici

Connecting to Google Cloud SQL instance on private IP fails from VM with both private and public IP

Connecting to a Cloud SQL instance from a VM with a public IP and private IP - how do I ensure the correct network interface is selected for the connection?

dreams What I want to set: Cloud SQL instance with private IP, Postgresql database A VM with a public IP and one private IP on the same VPC network as the SQL instance (VM, SQL instance and VPC are all in the same region) The VM's service account has sufficien

Connecting to a Cloud SQL instance from a VM with a public IP and private IP - how do I ensure the correct network interface is selected for the connection?

What is the interface protocol between Compute Engine VM instance and cloud storage bucket (public/private IP)?

and I am using node.js method to create a new compute engine VM - zone.createVM(name, config) this VM will upload files to cloud storage bucket using python method - blob.upload_from_filename(src) my bucket location type is Multi-region . My VM region is us-ce

What is the interface protocol between Compute Engine VM instance and cloud storage bucket (public/private IP)?

Convert CloudSQL instance from public IP to private IP

Zama Ques We cannot cast an CloudSQLinstance Public IPof Private IP. The allocation Private IPis in use .SharedVPCPrivate service Connection For me it fails with the following error $ gcloud --project=<project id> beta sql instances patch test1-instance --n

Convert CloudSQL instance from public IP to private IP

Unable to connect to Cloud SQL from Cloud Run after enabling private IP and turning off public IP

Kramps I have a postgreSQL CLoud SQL instance connected via UNIX socket and getting the instance name from the Cloud Run container according to the documentation. With the public IP, this connection works fine. I wanted to turn off the public IP at the time an

Unable to connect to Cloud SQL from Cloud Run after enabling private IP and turning off public IP

Connect to Cloud SQL from Google Functions using private IP

RmR I have a Google Cloud SQL instance and plan to access it from a Google Function using NodeJS. The code is as described in the documentation // mysql const mysql = require('mysql'); const connectionName = process.env.INSTANCE_CONNECTION_NAME || 'project:reg

Connect to Cloud SQL from Google Functions using private IP

Unable to enable private IP for my Postgres Cloud SQL instance

McGinn When I try to enable private IP on my Cloud SQL instance (PostgreSQL 9.6), I get the following error message: Network association failed due to the following error: set Service Networking service account as servicenetworking.serviceAgent role on consume

Unable to enable private IP for my Postgres Cloud SQL instance

How to share Google Cloud SQL instance between two projects using private IP?

ansonthecaptain82 I have two projects in GCP, both using Node.js to run the App Engine flexible environment. One of the projects has attached a Cloud SQL instance running with a private IP. I want App Engine in another project to also be able to use this Cloud

How to share Google Cloud SQL instance between two projects using private IP?

Private and public IP addresses

Eero Muslia How to determine private and public IP addresses. E.g. I gave bin an IP address of 190.168.1.254 Is this a private IP address or a public IP address. Please explain in the comments below. Mohinmet Here is the private IP address range: 10.0.0.0 – 10

Connecting to Google Cloud SQL instance on private IP fails from VM with both private and public IP

What I want to set:

configuration code

What's wrong?

Related

Connecting to Google Cloud SQL instance on private IP fails from VM with both private and public IP

Connecting to Google Cloud SQL instance on private IP fails from VM with both private and public IP

Connecting to Google Cloud SQL instance on private IP fails from VM with both private and public IP

Connecting to Google Cloud SQL instance on private IP fails from VM with both private and public IP

Connecting to a Cloud SQL instance from a VM with a public IP and private IP - how do I ensure the correct network interface is selected for the connection?

Connecting to a Cloud SQL instance from a VM with a public IP and private IP - how do I ensure the correct network interface is selected for the connection?

Connecting to a Cloud SQL instance from a VM with a public IP and private IP - how do I ensure the correct network interface is selected for the connection?

Connecting to a Cloud SQL instance from a VM with a public IP and private IP - how do I ensure the correct network interface is selected for the connection?

Connecting to a Cloud SQL instance from a VM with a public IP and private IP - how do I ensure the correct network interface is selected for the connection?

What is the interface protocol between Compute Engine VM instance and cloud storage bucket (public/private IP)?

What is the interface protocol between Compute Engine VM instance and cloud storage bucket (public/private IP)?

Convert CloudSQL instance from public IP to private IP

Convert CloudSQL instance from public IP to private IP

Convert CloudSQL instance from public IP to private IP

Convert CloudSQL instance from public IP to private IP

Convert CloudSQL instance from public IP to private IP

Convert CloudSQL instance from public IP to private IP

Unable to connect to Cloud SQL from Cloud Run after enabling private IP and turning off public IP

Unable to connect to Cloud SQL from Cloud Run after enabling private IP and turning off public IP

Unable to connect to Cloud SQL from Cloud Run after enabling private IP and turning off public IP

Unable to connect to Cloud SQL from Cloud Run after enabling private IP and turning off public IP

Connect to Cloud SQL from Google Functions using private IP

Connect to Cloud SQL from Google Functions using private IP

Unable to enable private IP for my Postgres Cloud SQL instance

Unable to enable private IP for my Postgres Cloud SQL instance

Unable to enable private IP for my Postgres Cloud SQL instance

How to share Google Cloud SQL instance between two projects using private IP?

How to share Google Cloud SQL instance between two projects using private IP?

Private and public IP addresses

Ranking