My question is about configure Google Cloud Composer to reach Google Cloud SQL using the same network configuration in the same Google Cloud project.
Cloud SQL configured with Private IP associated to a Default Network. Cloud SQL config
Cloud Composer configured Network ID = Default Cloud Composer config
Executing a DAG which uses a PostgresOperator configured with the Private IP and default port (5432) to connect, we always get the same connection error:
ERROR - could not connect to server: Connection timed ou Is the server running on host "private_ip" and acceptin TCP/IP connections on port 5432
We expect the connection should be established because we have configured the same network and we are using Private IP to reach the Cloud SQL server from Composer.
Cloud SQL Proxy is a great way to go, and a similar question, if not the same, has been answered with details on getting that set up.
To address the Internal IP question, see the Google docs:
You can use the Cloud SQL Proxy to connect to an instance that is also configured to use private IP. The proxy can connect using either the private IP address or a public IP address. If you use the Cloud SQL Proxy to connect to an instance that has both public and private IP addresses assigned, the proxy uses the public IP address by default.
according to Introducing private networking connection for Cloud SQL these are still two separate network segments (see the visual scheme there). therefore VPC network peering is required, in order to get a route-able private IP. see the code lab, which has also this scenario covered.
The request from Composer comes from the pod's IP address which is non-routable outside the VPC. Therefore it has to be masqueraded to the IP of the interface of the node which is in 10.0.0.0/8 (when using the default network).
If you configured your CloudSQL instance to use an auto-generated IP range when setting the Private IP connection, it is likely the IP is also in 10.0.0.0/8, but it is not inside the same VPC.
If it the connection is to 10.0.0.0/8 and is not in the VPC, it can't be routed. As a workaround you can create a custom address range, for example 192.168.X.X:
gcloud beta compute addresses create [RESERVED_RANGE_NAME] \
--global \
--purpose=VPC_PEERING \
--addresses=192.168.0.0 \
--prefix-length=16 \
--description=[DESCRIPTION] \
--network=[VPC_NETWORK] \
And configure your Cloud SQL instance's private IP to be within that range.