从Google Cloud上运行的Cloud访问Cloud SQL [英] Accessing Cloud SQL from Cloud Run on Google Cloud

问题描述

我有一个Cloud Run服务，该服务通过 SQLAlchemy 访问Cloud SQL实例.但是，在Cloud Run的日志中，我看到 CloudSQL连接失败.有关其他详细信息，请参见https://cloud.google.com/sql/docs/mysql/connect-run:确保该帐户有权访问< connection_string>" .转到该链接，它说:

I have a Cloud Run service that accesses a Cloud SQL instance through SQLAlchemy. However, in the logs for Cloud Run, I see CloudSQL connection failed. Please see https://cloud.google.com/sql/docs/mysql/connect-run for additional details: ensure that the account has access to "<connection_string>". Going to that link, it says that:

"默认情况下，您的应用将使用Cloud Run(完全托管)服务帐户授权您的连接.服务帐户的格式为PROJECT_NUMBER-compute@developer.gserviceaccount.com."

"By default, your app will authorize your connections using the Cloud Run (fully managed) service account. The service account is in the format PROJECT_NUMBER-compute@developer.gserviceaccount.com."

但是，以下内容( https://cloud.google.com/run/docs/securing/service-identity )说:

However, the following (https://cloud.google.com/run/docs/securing/service-identity) says:

"，默认情况下，Cloud Run修订版使用Compute Engine默认服务帐户(PROJECT_NUMBER-compute@developer.gserviceaccount.com)，该帐户的项目为>编辑器IAM角色.这意味着默认情况下，您的Cloud Run修订版具有对Google Cloud项目中所有资源的读写访问权限."

"By default, Cloud Run revisions are using the Compute Engine default service account (PROJECT_NUMBER-compute@developer.gserviceaccount.com), which has the Project > Editor IAM role. This means that by default, your Cloud Run revisions have read and write access to all resources in your Google Cloud project."

那么这不意味着Cloud Run已经可以访问SQL吗?我已经在Cloud Run部署页面中设置了Cloud SQL连接.您建议我怎么做才能允许从Cloud Run访问Cloud SQL?

So shouldn't that mean that Cloud Run can already access SQL? I've already set up the Cloud SQL Connection in the Cloud Run deployment page. What do you suggest I do to allow access to Cloud SQL from Cloud Run?

我必须启用Cloud SQL API.

I have to enable the Cloud SQL API.

推荐答案

否，默认情况下，Cloud Run无法访问Cloud SQL.您需要遵循以下两条路径之一.

No, Cloud Run cannot access to Cloud SQL by default. You need to follow one of the two paths.

1. 使用本地unix套接字文件连接到SQL:您需要像上面所述配置权限，并使用指示连接数据库的意图的标志进行部署.遵循 https://cloud.google.com/sql/docs/mysql/connect-运行

使用私有IP连接到SQL:这涉及将Cloud SQL实例部署到VPC网络中，并因此获得私有IP地址.然后，您可以使用Cloud Run VPC访问连接器(当前为beta)来使Cloud Run容器能够连接到该VPC网络，该网络直接包含SQL数据库的IP地址(不需要IAM权限).遵循 https://cloud.google.com/vpc/docs/configure-serverless-vpc-access

Connect to SQL with a private IP: This involves deploying Cloud SQL instance into a VPC Network and therefore having it get a private IP address. Then you use Cloud Run VPC Access Connector (currently beta) to allow Cloud Run container to be able to connect to that VPC network, which includes SQL database's IP address directly (no IAM permissions needed). Follow https://cloud.google.com/vpc/docs/configure-serverless-vpc-access

这篇关于从Google Cloud上运行的Cloud访问Cloud SQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！