Spring GCP service not connecting to Cloud SQL database

10/5/2018

I have a Spring GCP service which when run locally connects fine to my Google Cloud SQL instance.

However, when I deploy and launch on my Google Cloud Kubernetes cluster, it is failing to connect with Insufficient Permissions errors.

I followed the steps https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine , but still the same connection issue.

My source code is https://github.com/christianblake/spring-boot-gcp

deployment.yml is in the root dir.

Appreciate if somebody has any pointers as I'm obviously missing a point.

Thank you.

-- Christian Blake
google-cloud-platform
google-cloud-sql
kubernetes
spring-cloud-gcp

2 Answers

10/6/2018

@Mangu, I found the following error in the error logs.

Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden

Which led to the following similar question Cloud SQL Proxy and Insufficient Permission

I re-created the cluster, including the sql scopes with the following.

gcloud container clusters create cloudcluster --num-nodes 2  --machine-type n1-standard-1 --zone us-central1-c --scopes https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/sqlservice.admin

And that resolved the issue.

Thank you both for the feedback, and apologies for missing the google error code in the original question.

-- Christian Blake
Source: StackOverflow

10/5/2018

Assuming credentials.json is installed correctly, the service account defined in credentials.json needs to have the Cloud SQL Client role. There are several ways to do this is as documented here.

From the cli, you would do something like this:

gcloud projects add-iam-policy-binding $PROJECT_NAME \
--member serviceAccount:$GOOGLE_SERIVICE_ACCOUNT.iam.gserviceaccount.com --role roles/cloudsql.client
-- mantithetical
Source: StackOverflow