Unable to connect to Private CloudSql postgres DB from CloudRun.

huangapple go评论64阅读模式
英文:

Unable to connect to Private CloudSql postgres DB from CloudRun

问题

我已经按照下面stackoverflow链接中提到的步骤尝试连接正在CloudRun上运行的Java应用程序到CloudSQL postgres数据库。Stackoverflow reference 但是当数据库使用私有IP时,出现以下错误。

org.postgresql.util.PSQLException: Connection to google:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.

但当它被公开时,一切都按预期工作,CloudRun实例也很稳定。我正在使用共享VPC,这是我CloudSQL实例运行的地方,并且已经创建了一个VPC连接器并配置了CloudRun以使用VPC连接器和共享网络。当我将数据库设为公开时,它可以正常工作,所以使用的连接字符串是正确的,但是为什么在启用私有IP时会失败?我漏掉了什么,网络方面有问题吗?

英文:

I have followed the steps mentioned in the below stackoverflow url and tried to connect my java application which is running on CloudRun to CloudSQL postgres DB. Stackoverflow reference
But getting the below error when the db has private IP.

org.postgresql.util.PSQLException: Connection to google:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.

But when its made public things are working as expected and CloudRun instance is stable. I am using shared VPC this is where my CloudSQL instance is running and have created a VPC connector and configured CloudRun to use the VPC connector and shared network.When i make the DB public it works so the connection string used is right but why does it fail when Private IP was enabled ? What am I missing is there some issues with networking side ?

答案1

得分: 1

以下是您要翻译的内容:

"它可能是由许多问题引起的,如果不深入查看项目配置和日志,很难确定。

由于这里无法进行深入检查,请查看此GCP文档中的“私有IP”部分。

除此之外,请确保您按照此逐步指南操作,特别是准备您的Cloud SQL实例以接受通过私有IP的连接。然后,还要准备Cloud Run以使用私有IP,并从Java应用程序中正确连接

例如,问题可能出在VPC访问连接器的IP不符合RFC-1918标准。

英文:

It can be from a number of issues, very difficult to say without looking deep into the project configs and the logs.

As that's not possible here, please have a look into the "Private IP" section of this GCP doc.

Other than that also make sure that you followed this step-by-step guide, especially preparing your Cloud SQL instance to accept connection via a private IP. Then, also prepare Cloud Run to use private IP as well as connecting from Java application properly.

For example, the issue can be with the VPC access connector IP that is not RFC-1918 compliant.

答案2

得分: 0

解决方法是在托管项目中创建一个防火墙,该项目具有共享的VPC,该防火墙必须允许来自源项目的通信。

方向:入站

匹配时的操作:允许

源IP白名单范围:107.178.230.64/26,35.199.224.0/19,130.211.0.0/22和108.170.220.0/23

目标标签:vpc-connector

端口:tcp:667,tcp:5432

参考:Gcp文档

英文:

The solution to this was to create a Firewall in the host project which has the shared VPC and this firewall must allow the communication from the source Project

Direction: Ingress

Action on match: Allow

Source IP whitelisted ranges : 107.178.230.64/26 , 35.199.224.0/19 , 130.211.0.0/22 and 108.170.220.0/23

Target tags: vpc-connector

Ports: tcp:667,tcp:5432

Reference : Gcp document

huangapple
  • 本文由 发表于 2023年5月11日 03:05:08
  • 转载请务必保留本文链接:https://go.coder-hub.com/76221810.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定