I have a Spring GCP service which when run locally connects fine to my Google Cloud SQL instance.
However, when I deploy and launch on my Google Cloud Kubernetes cluster, it is failing to connect with Insufficient Permissions errors.
I followed the steps https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine , but still the same connection issue.
My source code is https://github.com/christianblake/spring-boot-gcp
deployment.yml is in the root dir.
Appreciate if somebody has any pointers as I'm obviously missing a point.
Thank you.
@Mangu, I found the following error in the error logs.
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
Which led to the following similar question Cloud SQL Proxy and Insufficient Permission
I re-created the cluster, including the sql scopes with the following.
gcloud container clusters create cloudcluster --num-nodes 2 --machine-type n1-standard-1 --zone us-central1-c --scopes https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/sqlservice.admin
And that resolved the issue.
Thank you both for the feedback, and apologies for missing the google error code in the original question.
Assuming credentials.json
is installed correctly, the service account defined in credentials.json
needs to have the Cloud SQL Client
role. There are several ways to do this is as documented here.
From the cli, you would do something like this:
gcloud projects add-iam-policy-binding $PROJECT_NAME \
--member serviceAccount:$GOOGLE_SERIVICE_ACCOUNT.iam.gserviceaccount.com --role roles/cloudsql.client