无法从Google容器引擎访问Google Cloud SQL [英] Cannot access google cloud SQL from google container engine
问题描述
我仍然无法从GCE容器访问云SQL实例.当我尝试打开mysql时,出现以下错误:
I'm still having problems accessing the cloud SQL instance from a GCE container. When I try to open up mysql, I get the following error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial
communication packet', system error: 0
不过,该连接在我的本地计算机上工作正常(实例具有公用IP,并且我已将办公室的IP添加到允许的网络"中).因此,可以通过Internet很好地访问该实例.
The connection works fine from my local machine, though (The instance has a public IP and I have added my office's IP to the 'allowed Networks'). So, the instance is accessible through the internet just fine.
我想数据库的访问控制阻止了我从gce网络的访问,但是我无法弄清楚如何配置它.
I guess the db's access control is blocking my access from the gce network, but I'm unable to figure out how to configure this.
我将项目添加到了Cloud SQL控制面板中的授权的App Engine应用程序"中,但这似乎无济于事.
I added my project to "Authorized App Engine Applications" in the Cloud SQL control panel, but that doesn't seem to help.
如果我在允许的网络"中添加"0.0.0.0/0",则一切正常.显然这不是我想要的,所以我需要输入什么呢?
If I add "0.0.0.0/0" to Allowed Networks, all works well. This is obviously not what I want, so what do I need to enter instead?
EDIT2 :我还可以从kubernetes集群中添加所有公共IP(通过gcloud compute instances list获取),然后将其手动添加到cloud sql访问列表中.但是,这似乎不对,是吗?
I could also add all public IPs from my kubernetes cluster (obtained through gcloud compute instances list) and add them to the cloud sql access list manually. But, this doesn't seem to be right, does it?
推荐答案
推荐解决方案是使用具有0.0.0.0/0 CIDR的SSL连接.这是为了将连接限制在正确的密钥上.我还读到他们不会向您保证特定的IP范围,因此CIDR/14有时可能无法正常工作.出于相同的原因,我必须与Cloud SQL建立SSL连接.
The recommended solution is to use SSL connection with that 0.0.0.0/0 CIDR. This is to limit the connection to the correct key. I also read that they won't promise you a specific IP range so the CIDR /14 might not work some times. I had to do the SSL connection with my Cloud SQL for the same reasons.
这篇关于无法从Google容器引擎访问Google Cloud SQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
