Is it possible to connect to Google Cloud SQL from a Google Managed VM? With regular Google App Engine applications, I can connect by authorizing my project in the Cloud SQL console and using unix_socket='/cloudsql/' + _INSTANCE_NAME. However, the /cloudsql/ socket doesn't seem to be available on Managed VMs. Do I have to whitelist the IP of my Managed VM application? If so, how do I find the IP address to whitelist?
The /cloudsql/ sockets are only available in regular App Engine. Managed VMs are regular VMs so connection to Cloud SQL needs to use the external IP of that Cloud SQL instances. The external IP needs to be whitelisted. The external IP is showed in the Developers Console and can also be retrieved via gcloud CLI tool.
Two options to avoid having to whitelist the IP of the GCE VMs are:
- Switch to use only SSL connections for IP connectivity and whitelist 0.0.0.0/0.
- Funnel all the traffic to Cloud SQL via a VM that runs a TCP proxy (HAProxy) for example.
We are aware that none of these are very satisfying solutions. :-(
If you're willing to try out Cloud SQL Second Generation (currently in Beta), there's built-in support for connecting from Managed VMs that is similar to App Engine: https://cloud.google.com/sql/docs/sql-proxy#gae
Everything is described here depends on language: https://cloud.google.com/sql/docs/dev-access more details with pythons are here:
subject: Step 2: Grant your App Engine application access to the Google Cloud SQL instance https://cloud.google.com/appengine/docs/python/cloud-sql/
Concerning the first solution provided by @Razvan Musaloiu-E
Switch to use only SSL connections for IP connectivity and whitelist 0.0.0.0/0.
Are there any security concerns if I do this ? Besides from having a "root"/"root" login/pasword on my Cloud SQL database of course...
来源:https://stackoverflow.com/questions/27573161/is-it-possible-to-connect-to-google-cloud-sql-from-a-google-managed-vm