K
Q

GKE pods not connecting to Cloudsql

4/4/2019

My app can't seem to connect to the proxy thus my Cloudsql Database.

Below are my setup:

my-simple-app.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    name: web
  name: web
spec:
  replicas: 2
  selector:
    matchLabels:
      name: web
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
  minReadySeconds: 5
  template:
    metadata:
      labels:
        name: web
    spec:
      nodeSelector:
        cloud.google.com/gke-nodepool: default-pool
      containers:
      - image: joelaw/nameko-hello:0.2
        name: web
        env:
          - name: DB_HOST
            value: 127.0.0.1
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: cloudsql-db-credentials
                key: password
          - name: DB_USER
            valueFrom:
              secretKeyRef:
                name: cloudsql-db-credentials
                key: username
        ports:
        - containerPort: 3000
          name: http-server
      - image: gcr.io/cloudsql-docker/gce-proxy:1.09
        name: cloudsql-proxy
        command: ["/cloud_sql_proxy", "--dir=/cloudsql",
                  "-instances=spheric-veric-task:asia-southeast1:authdb:5432",
                  "-credential_file=/secrets/cloudsql/credentials.json"]
        volumeMounts:
          - name: cloudsql-instance-credentials
            mountPath: /secrets/cloudsql
            readOnly: true
          - name: ssl-certs
            mountPath: /etc/ssl/certs
          - name: cloudsql
            mountPath: /cloudsql
      volumes:
        - name: cloudsql-instance-credentials
          secret:
            secretName: cloudsql-instance-credentials
        - name: ssl-certs
          hostPath:
            path: /etc/ssl/certs
        - name: cloudsql
          emptyDir:

I had setup the secrets correctly I suppose.

Below are some data that I collected from the instance:

The pod live happily:

web-69c7777c68-s2jt6   2/2       Running   0          9m
web-69c7777c68-zbwtv   2/2       Running   0          9m

When I run: kubectl logs web-69c7777c68-zbwtv -c cloudsql-proxy

It recorded this:

2019/04/04 03:25:35 using credential file for authentication; email=auth-db-user@spheric-verve-228610.iam.gserviceaccount.com
2019/04/04 03:25:35 Listening on /cloudsql/spheric-veric-task:asia-southeast1:authdb:5432/.s.PGSQL.5432 for spheric-veric-task:asia-southeast1:authdb:5432
2019/04/04 03:25:35 Ready for new connections

Since the app is not configured to connect to the db, what I did is to ssh into the pod with:

kubectl exec -it web-69c7777c68-mrdpn -- /bin/bash
# Followed by installing postgresql driver:
apt-get install postgresql
# Trying to connect to cloudsql:
psql -h 127.0.0.1 -p 5432 -U

When I run psql in the container:

psql: could not connect to server: Connection refused
        Is the server running on host "127.0.0.1" and accepting
        TCP/IP connections on port 5432?

Can anyone of you kindly advise what should I do to connect to the DB?

-- Joe. L
cloud-sql-proxy
google-cloud-platform
google-cloud-sql
google-kubernetes-engine
kubernetes

Similar Questions

Istio missing metrics
Is Kubernetes ephemeral storage elastic?
Kubernetes - Error from server (Forbidden): ... is forbidden:
helm patch default service account
Is CNI still needed when service mesh is used in kubernetes?
Knative - kubernetes yaml to mount data from google cloud storage

1 Answer

4/4/2019

You are specifying the instance connection string wrong, and so the proxy is listening on a unix socket in the /cloudsql/ directory instead of to a TCP port.

To tell the proxy to listen on a TCP port, use the following:

-instances=<INSTANCE_CONNECTION_NAME>=tcp:5432

Otherwise, the following format creates a unix socket (defaulting to the /cloudsql directory):

-instances=<INSTANCE_CONNECTION_NAME>
-- kurtisvg
Source: StackOverflow