有没有办法通过docker容器内的代理访问谷歌云SQL [英] Is there a way to access google cloud SQL via proxy inside docker container

问题描述

我在托管 Django 服务器的 Google Compute Engine 上运行了多台 docker 机器(dev、staging)(这需要访问 Google Cloud SQL 访问权限).我有多个 Google Cloud SQL 实例正在运行，每个实例都由我的 Google Compute Engine 实例上的相应 docker 机器使用.

I have multiple docker machines(dev,staging) running on Google Compute Engine which hosts Django servers(this needs access to Google Cloud SQL access). I have multiple Google Cloud SQL instances running, and each instance is used by respective docker machines on my Google Compute Engine instance.

目前我正在通过将我的 Compute Engine IP 列入白名单来访问 Cloud SQL.但出于明显的原因，我不想使用 IP，即，我的开发机器不使用静态 IP.

Currently i'm accessing the Cloud SQL by whitelisting my Compute Engine IP. But i dont want to use IPs for obvious reasons ie., i dont use a static ip for my dev machines.

但是现在想使用google_cloud_proxy的方式来获取访问权限.但是我该怎么做！GCP 提供了多种访问 google Cloud SQL 实例的方法.但它们都不适合我的用例:

But Now want to use google_cloud_proxy way to gain the access. But How do i do that ! GCP gives multiple ways to access google Cloud SQL instances. But none of them fit my usecase:

我有这个选项 https://cloud.google.com/sql/docs/mysql/connect-compute-engine;但是这个

I have this option https://cloud.google.com/sql/docs/mysql/connect-compute-engine; but this

1. 只允许我的计算机引擎访问 SQL 实例；我必须从我的 Docker 访问它.
2. 这不支持我在同一台计算引擎机器上代理多个 SQL 实例；如果可能的话，我希望在 docker 内部做这个代理.

那么，如何访问 Docker 中的 CLoud SQL?如果 docker compose 是一个更好的开始方式；为 kubernetes 实现有多容易(我使用谷歌容器引擎进行生产)

So, How do I gain access to the CLoud SQL inside Docker ? If docker compose is a better way to start; How easy is it to implement for kubernetes(i use google container engine for production)

推荐答案

通过使用 docker-compose，我能够弄清楚如何在本地 docker 环境中使用 cloudsql-proxy.您需要提取 Cloud SQL 实例凭据并准备好它们.我将它们作为 credentials.json 保留在我的项目根目录中，并将其添加到我的 .gitignore 项目中.

I was able to figure out how to use cloudsql-proxy on my local docker environment by using docker-compose. You will need to pull down your Cloud SQL instance credentials and have them ready. I keep them them in my project root as credentials.json and add it to my .gitignore in the project.

我发现的关键部分是在 GCP 实例 ID 后使用 =tcp:0.0.0.0:5432 以便可以转发端口.然后，在您的应用程序中，使用 cloudsql-proxy 而不是 localhost 作为主机名.确保其余的数据库凭证在您的应用程序机密中有效，以便它可以通过由 cloudsql-proxy 容器提供的本地代理进行连接.

The key part I found was using =tcp:0.0.0.0:5432 after the GCP instance ID so that the port can be forwarded. Then, in your application, use cloudsql-proxy instead of localhost as the hostname. Make sure the rest of your db creds are valid in your application secrets so that it can connect through local proxy being supplied by the cloudsql-proxy container.

注意:请记住，我正在编写一个 tomcat java 应用程序，我的 docker-compose.yml 反映了这一点.

Note: Keep in mind I'm writing a tomcat java application and my docker-compose.yml reflects that.

docker-compose.yml:

docker-compose.yml:

version: '3'
services:
  cloudsql-proxy:
      container_name: cloudsql-proxy
      image: gcr.io/cloudsql-docker/gce-proxy:1.11
      command: /cloud_sql_proxy --dir=/cloudsql -instances=<YOUR INSTANCE ID HERE>=tcp:0.0.0.0:5432 -credential_file=/secrets/cloudsql/credentials.json
      ports:
        - 5432:5432
      volumes:
        - ./credentials.json:/secrets/cloudsql/credentials.json
      restart: always

  tomcatapp-api:
    container_name: tomcatapp-api
    build: .
    volumes:
      - ./build/libs:/usr/local/tomcat/webapps
    ports:
      - 8080:8080
      - 8000:8000
    env_file:
      - ./secrets.env
    restart: always

这篇关于有没有办法通过docker容器内的代理访问谷歌云SQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！