Connect to Cloud SQL Private Postgres instance from outside

[Louis-P. Lamoureux]

Hi !

I am trying to connect to Cloud SQL Private Postgres instance from outside GCP.

The Postgres instance does not have a public IP and is using a VPC network. To reach it I am using the cloud sql docker proxy on OSX and a service account with the cloud sql admin role and cloud sql API enabled.

I am able to start the proxy and request a connection to the instance:

$ Listening on 0.0.0.0:5432 for myproject:northamerica-northeast1:myproject-database-someid
$ Ready for new connections
$ New connection for "myproject:northamerica-northeast1:myproject-database-someid"
 

The request eventually times out as it is refused:

$ couldn't connect to "myproject:northamerica-northeast1:myproject-database-someid": dial tcp 192.168.0.3:3307: connect: connection refused

However in the Postgres database logs I can see that the request was reached and authorized:

{ ...,
authorizationInfo:
[ 0:
{
granted: true
permission: "cloudsql.instances.connect"
resource: "instances/myproject-database-someid"
resourceAttributes: {}
} ]
methodName: "cloudsql.instances.connect"

I have tried applying firewall rules (open port 3307) on the VPC network to no avail.

[Antoine Chagnon Larose]

I have been fighting with the same issue on my setup (connecting locally to my remote private IP cloud sql). Had you found a solution to this @Louis ?

[Manpreet Sidhu (Google Cloud Support)]

Thanks for reaching out!

It seems as though there may be a connection issue, which requires more in depth analysis of your project.

Can you please elaborate on any documentation that you may be following? To be able to connect to an instance configured on a Private IP outside of GCP, you need to be able to access the VPC, which you are doing with the Proxy. Can you please try connecting as described in the documentation for Private IPs?

Ideally, Google Groups are best suited for product discussions as well as service status updates and release notes. These types of questions are best suited for Stack Overflow, or if reproducible, on our Public Issue Tracker. More details can be found on our Community Support page.

Regards,

Manpreet

Google Cloud Platform Support, Montreal

[Louis-P. Lamoureux]

Hello Manpreet, 

Thanks for your response. I understand that the question is quite specific (I did post on SO as well to no avail). However as the psql request is reaching the cloud sql instance and seems to be authorized (as per the instance logs) but not responding back I believe that others might benefit from your response in future cases (as well as the other person in this thread).

To answer your question, I followed the instructions here: https://cloud.google.com/sql/docs/postgres/connect-docker

As a note, I am also using the sql side car proxy in my Kubernetes cluster to reach the same Postgres instance via VPC and a Service account and that works just fine. 

I include an anonymized snapshot of the Postgres instance logs. 

Thanks in advance,

Louis

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/e29fe972-b864-485a-84d4-71128b226a90%40googlegroups.com.

[Elliott (Google Cloud Platform Support)]

Hello Louis,

I’m glad that Manpreet’s advice helped you. If you need to report an issue with Google products, you may use the link here to create a Google Issue Tracker.