有没有办法通过docker容器内的代理访问Google Cloud SQL [英] Is there a way to access google cloud SQL via proxy inside docker container

问题描述

我在托管Django服务器(需要访问Google Cloud SQL访问权限)的Google Compute Engine上运行多个docker计算机(开发，登台).我有多个正在运行的Google Cloud SQL实例，并且每个实例分别由我的Google Compute Engine实例上的各个docker计算机使用.

I have multiple docker machines(dev,staging) running on Google Compute Engine which hosts Django servers(this needs access to Google Cloud SQL access). I have multiple Google Cloud SQL instances running, and each instance is used by respective docker machines on my Google Compute Engine instance.

当前，我正在通过将Compute Engine IP列入白名单来访问Cloud SQL.但是出于明显的原因，我不想使用IP，即我的开发机器不使用静态IP.

Currently i'm accessing the Cloud SQL by whitelisting my Compute Engine IP. But i dont want to use IPs for obvious reasons ie., i dont use a static ip for my dev machines.

但是现在要使用google_cloud_proxy方式来获取访问权限.但是我该怎么做！ GCP提供了多种访问Google Cloud SQL实例的方法.但是它们都不适合我的用例:

But Now want to use google_cloud_proxy way to gain the access. But How do i do that ! GCP gives multiple ways to access google Cloud SQL instances. But none of them fit my usecase:

我有此选项 https://cloud.google.com/sql/docs/mysql/connect-compute-engine ;但这

1. 仅授予我的计算机引擎对SQL实例的访问权限；我必须从Docker访问它.
2. 这不支持我在同一台计算引擎计算机上代理多个SQL实例；我希望尽可能在docker内部进行此代理.

那么，我如何获得Docker内部的CLoud SQL访问权限?如果docker compose是更好的开始方式；为kubernetes实施有多容易(我使用Google容器引擎进行生产)

So, How do I gain access to the CLoud SQL inside Docker ? If docker compose is a better way to start; How easy is it to implement for kubernetes(i use google container engine for production)

推荐答案

我能够通过使用docker-compose弄清楚如何在本地docker环境中使用cloudsql-proxy.您将需要拉下您的Cloud SQL实例凭据并准备好它们.我将它们作为credentials.json保留在我的项目根目录中，并将其添加到项目中的.gitignore中.

I was able to figure out how to use cloudsql-proxy on my local docker environment by using docker-compose. You will need to pull down your Cloud SQL instance credentials and have them ready. I keep them them in my project root as credentials.json and add it to my .gitignore in the project.

我发现的关键部分是在GCP实例ID之后使用=tcp:0.0.0.0:5432，以便可以转发端口.然后，在您的应用程序中，使用cloudsql-proxy而不是localhost作为主机名.确保其余的数据库凭据在您的应用程序密码中有效，以便可以通过cloudsql-proxy容器提供的本地代理进行连接.

The key part I found was using =tcp:0.0.0.0:5432 after the GCP instance ID so that the port can be forwarded. Then, in your application, use cloudsql-proxy instead of localhost as the hostname. Make sure the rest of your db creds are valid in your application secrets so that it can connect through local proxy being supplied by the cloudsql-proxy container.

注意:请记住，我正在编写一个tomcat Java应用程序，而我的docker-compose.yml反映了这一点.

Note: Keep in mind I'm writing a tomcat java application and my docker-compose.yml reflects that.

docker-compose.yml:

docker-compose.yml:

version: '3'
services:
  cloudsql-proxy:
      container_name: cloudsql-proxy
      image: gcr.io/cloudsql-docker/gce-proxy:1.11
      command: /cloud_sql_proxy --dir=/cloudsql -instances=<YOUR INSTANCE ID HERE>=tcp:0.0.0.0:5432 -credential_file=/secrets/cloudsql/credentials.json
      ports:
        - 5432:5432
      volumes:
        - ./credentials.json:/secrets/cloudsql/credentials.json
      restart: always

  tomcatapp-api:
    container_name: tomcatapp-api
    build: .
    volumes:
      - ./build/libs:/usr/local/tomcat/webapps
    ports:
      - 8080:8080
      - 8000:8000
    env_file:
      - ./secrets.env
    restart: always

这篇关于有没有办法通过docker容器内的代理访问Google Cloud SQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！