问题
I am trying to connect to a GCP Postgres Cloud SQL instance from a GCP Google App Engine flexible environment in a separate GCP project. I am using Python.
The instructions indicate that this requires adding the default App Engine service account as an IAM member in the Postgres Cloud SQL project.
The docs go on to state:
Once deployed, your application uses the Cloud SQL Proxy that is built in to the App Engine flexible environment to communicate with your Cloud SQL instance.
However, I've had no luck successfully connecting to Cloud SQL from GAE. I've tried several varieties of host addresses (e.g. localhost, <external-ip-address>, /cloudsql/<INSTANCE_CONNECTION_NAME>etc.) but nothing seems to work.
Several questions come to mind:
Do I need to manually provide a service account key to the GAE instance?
What is the actual host location of the Cloud SQL instance for connection parameters or DSN strings? The docs refer to
/cloudsql/<INSTANCE_CONNECTION_NAME>though I've had no luck with this.Do I need to create a shared network to link the projects?
回答1:
I just replicated your use case scenario and I successfully connected a Cloud SQL database from a project with a Cloud App Engine from another project.
The steps to reproduce this are the followings:
Created a Cloud SQL Postgresql Database with public Ip.
Created the tables for my application
Enable the Cloud SQL API in the second project where I want to host the App Engine side.
Deployed an App Engine application in a second project using this Google Cloud Repo
Give permission to the service account of the project with the App Engine in the project with the Cloud SQL following this Using Cloud SQL for PostgreSQL guide
During my reproduction foud the possible issue that you have encountered. Probably you didn't enable the API of the second project (the one hosting just the App Engine).
To verify this you just need to ssh into the machine hosting the app engine, then run docker ps -a to get the id of the docker container hosting the cloud-sql-proxy. Then using that id run docker logs -f ID_OF_THE_CONTAINER and you will see if you have an error in your Cloud SQL proxy. If you have the API disabled just enable it and deploy again.
来源:https://stackoverflow.com/questions/44619711/connecting-to-gcp-cloud-sql-from-app-engine-in-separate-project