无法通过 Google Cloud Shell 中的云 sql 代理使用私有 IP 进行连接 -

编程问答 2022-05-23

问题描述

我试着跑 https://github.com/terraform-google-modules/terraform-google-sql-db/tree/v4.5.0/examples/mysql-private

它使用私有IP和公共IP创建sql实例。那挺好的。 但是当我尝试连接到 MysqL 时,它说这个,

来自 gcloud 的命令:

./cloud_sql_proxy -credential_file=MysqL-service-account.json -instances=sample:example-MysqL-private-fd7795e5=tcp:3306 -ip_address_types=PRIVATE &

MysqL -u default -p -h 127.0.0.1 --port=3306 default

问题 - 为什么它连接到端口 3307?如何解决这个问题。

Couldn't connect to "sample:example-MysqL-private-fd7795e5": dial tcp 10.127.0.4:3307: connect: connection timed out.

私有 VPC 网络是否必须进行任何更改才能连接此网络?

但是如果没有 Private IP ,它确实可以连接并且可以工作,因为它通过 PublicIP 但为什么私有 IP 仍然无法连接?

有效的命令:

./cloud_sql_proxy -credential_file=MysqL-service-account.json -instances=sample:example-MysqL-private-fd7795e5=tcp:3306 &

MysqL -u default -p -h 127.0.0.1 --port=3306 default

这是我在 main.tf 中的 VPC 配置:

# ------------------------------------------------------------------------------
# CREATE A RANDOM SUFFIX AND PREPARE RESOURCE NAMES
# ------------------------------------------------------------------------------

resource "random_id" "name" {
  byte_length = 2
}

locals {
  # If name_override is specified,use that - otherwise use the name_prefix with a random string
  instance_name        = var.name_override == null ? format("%s-%s",var.name_prefix,random_id.name.hex) : var.name_override
  private_network_name = "private-network-${random_id.name.hex}"
  private_ip_name      = "private-ip-${random_id.name.hex}"
}

# ------------------------------------------------------------------------------
# CREATE COmpuTE NETWORKS
# ------------------------------------------------------------------------------

# Simple network,auto-creates subnetworks
resource "google_compute_network" "private_network" {
  provider = google-beta
  name     = local.private_network_name
}

# Reserve global internal address range for the peering
resource "google_compute_global_address" "private_ip_address" {
  provider      = google-beta
  name          = local.private_ip_name
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  prefix_length = 16
  network       = google_compute_network.private_network.self_link
}

# Establish VPC network peering connection using the reserved address range
resource "google_service_networking_connection" "private_vpc_connection" {
  provider                = google-beta
  network                 = google_compute_network.private_network.self_link
  service                 = "servicenetworking.googleapis.com"
  reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
}

请帮忙。

解决方法

Cloud Shell 不在您的 VPC 中。因此您无法通过私有 IP 访问您的数据库。您需要在您的 VPC(堡垒虚拟机)中创建一个虚拟机,以使用私有 IP 并打开通往该虚拟机的隧道。我写了an article on this