I am trying to connect a VPC with GKE to a Cloud SQL database.
I have specified a VPC with the following details:
IP ranges gateway
10.240.0.0/24 10.240.0.1 I see that all my GKE services are in 10.39.xxx.xx
NAME CLUSTER_IP
service/kubernetes 10.39.240.1 ....
service/api 10.39.xxx.xx
service/web 10.39.xxx.xxI don't actually understand the connection with the VPC here. I want to have the GKE cluster able to communicate with a Cloud SQL database without exposing it over the public internet.
I have a Cloud SQL db on public IP, say, 36.241.123.123 with a private IP equal to 10.7.224.3.
In SQL - Connections I check the private IP box and given the choice between default and dev-vpc which is the name of my VPC, I select dev-vpc.
According to https://cloud.google.com/sql/docs/mysql/configure-private-ip I should be done now, but I am unable to connect to the Cloud SQL from my GKE cluster.
I do see the following message when selecting the private IP.
Private IP connectivity requires additional APIs and permissions. You may need to contact your organisation's administrator for help enabling or using this feature. Currently, Private IP cannot be disabled once it has been enabled.
I also have a VPC peering connection
Peering connection details imported routes 10.7.224.0/24 [ the Cloud SQL internal IP is in this ] exported routes 10.240.0.0/24 [ the VPC subrange ]
What am I missing?
If you created your cluster before Cloud SQL had support for private IP, you need to recreate your cluster, I'm not sure why but most of the changes involving networking in GCP you have to recreate your cluster.
The GKE cluster needs to be on the same VPC in order to have access to other services on that Private IP. This means you have to create a VPC-native cluster.