Comments (10)
Here is my version of such a file. Probably a bit from perfect, but it works. If there is a better way or something wrong, please tell me.
apiVersion: apps/v1
kind: Deployment
metadata:
name: sql-proxy-deployment
labels:
app: sql-proxy
spec:
replicas: 2
selector:
matchLabels:
app: sql-proxy
template:
metadata:
labels:
app: sql-proxy
spec:
containers:
- name: sql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.10
command: ["/cloud_sql_proxy",
"-instances=PROJECT_ID:REGION:DATABASE=tcp:0.0.0.0:5432",
"-credential_file=/secrets/cloudsql/credentials.json"]
volumeMounts:
- name: cloudsql-instance-credentials
mountPath: /secrets/cloudsql
readOnly: true
volumes:
- name: cloudsql-instance-credentials
secret:
secretName: cloudsql-instance-credentials
---
kind: Service
apiVersion: v1
metadata:
name: sql-proxy-service
spec:
selector:
app: sql-proxy
ports:
- protocol: TCP
port: 5432
targetPort: 5432
from kubernetes-engine-samples.
Hi, the parameters in this example are for listening on localhost only. As you know containers in a pod share an IP and localhost. The Proxy defaults to this for security reasons, as you're giving it direct access to your database, bypassing any firewalls. To open it up, you would use
--instances=my-proj:region:db=tcp:0.0.0.0:3306
In this case you would be taking on the security burden of keeping access to the proxy locked down.
Also, make sure you don't overload the proxy, as it is now a single point of failure.
In general, you might get better, more details responses to general product questions like this on stackoverflow. Here is a cloud-sql tag. Also, here is some more info on the proxy.
from kubernetes-engine-samples.
Closing as the question is answered. @pkyeck please feel free to open more issues if you need to.
from kubernetes-engine-samples.
Really wanted this to work and put pgbouncer in front of the cloudsql-proxy, but was unable to get it to work as a standalone service with setting the instance suffix to tcp:0.0.0.0:5432. Continually get the following message:
psql: expected authentication request from server, but received
We're using istio as a service mesh, but taking this service outside of the mesh did not work either (although it was a different error message)
from kubernetes-engine-samples.
@jeffmendoza thanks for that info ! That's exactly what I'm doing, I've created a pod with 2 replicas with a service in front for the proxy, so it's no longer a single point of failure.
from kubernetes-engine-samples.
@bluemalkin @pkyeck did either of you guys get this working? If so, would you mind sharing your deployment and service yaml files?
from kubernetes-engine-samples.
Just curious @pkyeck how did you debug this?
Where did you get the output of connect ECONNREFUSED <ip of proxy service>:3306
from?
from kubernetes-engine-samples.
@chrissound can't really remember - but I think it was popping up in the standard logs
from kubernetes-engine-samples.
Hi, the parameters in this example are for listening on localhost only. As you know containers in a pod share an IP and localhost. The Proxy defaults to this for security reasons, as you're giving it direct access to your database, bypassing any firewalls. To open it up, you would use
--instances=my-proj:region:db=tcp:0.0.0.0:3306
In this case you would be taking on the security burden of keeping access to the proxy locked down. Also, make sure you don't overload the proxy, as it is now a single point of failure.In general, you might get better, more details responses to general product questions like this on stackoverflow. Here is a cloud-sql tag. Also, here is some more info on the proxy.
This saved me. Thanks a lot!
from kubernetes-engine-samples.
The newer version of cloud sql proxy has change a bit and you no longer override the command here are the container args
- --auto-iam-authn
- --port=5432
- <cloud sql instance name>
- --address=0.0.0.0```
The important part is --adress=0.0.0.0. That will make cloud sql listen over TCP for any connections with the namespace.
from kubernetes-engine-samples.
Related Issues (20)
- whereami doesn't bind to ipv6 addresses on dualstack clusters HOT 7
- whereami missing requests / limits
- Update bucketName value in deployment manifests for Triton and TFServing tutorial
- sd_dummy_exporter.go has error "Failed to write time series data" HOT 3
- whereami instructions in README are very dated
- Your example manifests for Hubble are formatted incorrectly HOT 3
- add multi-arch whereami image
- use gunicorn as whereami server in flask mode
- JAX Hello World Tutorial - A Multi-Node GKE H100 with GPUDirectTCPx
- gke-scheduled-autoscaler uses deprecated package
- Automatically generate README.md files
- enable OTEL trace logging correlation in whereami
- fix HTTP retries on whereami
- Tutorial uses wrong value
- Remove Terraform duplication in `streaming/`
- question: GKE VPA recommender proto generation HOT 2
- Update the Ruby quickstart sample (currently crashing on deploy)
- Automate Apache license header addition or checking HOT 1
- "whereami" application faield with error `ModuleNotFoundError`
- Action Required: Fix Renovate Configuration HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-engine-samples.