--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/50f0720a-7788-4183-aa17-7ced364844ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
$ ./cloud_sql_proxy -instances=[redacted]=tcp:3306 -credential_file=cloud-sql-client.json2017/02/10 17:37:57 using credential file for authentication; email=cloud-sql-client@[project id].iam.gserviceaccount.com2017/02/10 17:37:57 Listening on 127.0.0.1:3306 for [project id]:us-east1:prod12017/02/10 17:37:57 Ready for new connections2017/02/10 17:38:02 New connection for "[project id]:us-east1:prod1"2017/02/10 17:38:07 couldn't connect to "[project id]:us-east1:prod1": ensure that the account has access to "[project id]:us-east1:prod1" (and make sure there's no typo in that name). Error during get instance [project id]:us-east1:prod1: googleapi: Error 403: The client is not authorized to make this request., notAuthorized
$ ./cloud_sql_proxy -instances=[project id]:us-east1:prod1=tcp:3306 -credential_file=service-admin.json2017/02/10 17:38:33 using credential file for authentication; email=service-admin@[project id].iam.gserviceaccount.com2017/02/10 17:38:33 Listening on 127.0.0.1:3306 for [project id]:us-east1:prod12017/02/10 17:38:33 Ready for new connections2017/02/10 17:38:35 New connection for "[project id]:us-east1:prod1"2017/02/10 17:38:47 Client closed local connection on 127.0.0.1:3306
"Cloud SQL Client" should be sufficient.Please post the error you are seeing from the Proxy, otherwise it's hard to say what's going on.
On Thu, Feb 9, 2017 at 5:56 AM Andrew Baker <andrew.t...@gmail.com> wrote:
Hi there,--I was following these instructions (https://cloud.google.com/sql/docs/container-engine-connect) which largely worked, but my MySQL connections kept getting 403'd inside my GKE containers.So I tried connecting locally using these instructions (https://cloud.google.com/sql/docs/mysql-connect-proxy) and that didn't work either. In the end, the only thing that did work is creating a service account with "Project Owner" permissions. Now I can connect locally and in my Kubernetes cluster.I tried making service accounts with Cloud SQL Client, Editor, and Admin - none of them were good enough to allow connections from my GKE containers.I booted both my Cloud SQL instance and my cluster tonight, if that's relevant.Any ideas? I can keep hacking on my app with the current setup, but I'd prefer not to grant that proxy container such broad permissions.Thanks.-Andrew
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsub...@googlegroups.com.