How do I connect from Cloud Run to Cloud SQL, and external traffic via a static egress IP?

264 views

Skip to first unread message

Remmelt Pit

unread,

Sep 8, 2021, 4:40:09 AM9/8/21

to Google Cloud Developers

We're using Google Cloud Run with a java app to store data in Cloud Sql Postgres. We need to connect to external services using a static IP.

We are connecting to the database using the example code provided in [the documentation](https://cloud.google.com/sql/docs/postgres/connect-run), with the following connection string: jdbc:postgresql:///<DB_NAME>?unixSocketPath=</PATH/TO/UNIX/SOCKET>&cloudSqlInstance=<CLOUD_SQL_CONNECTION_NAME>&

// socketFactory=com.google.cloud.sql.postgres.SocketFactory&user=<DB_USER>&password=<DB_PASS>. In the Cloud Run service we pointed the Cloud SQL connections to the database. This works well.

To add a static egress IP to the Cloud Run service, we followed the guide to Static outbound IP address, https://cloud.google.com/run/docs/configuring/static-outbound-ip.

We're running a test service that shows the external IP, and again, this shows the static external IP.

The problem is that now the connection to the database does not work anymore.

To fix this, we removed the unixSocketPath from the database connection string, resulting in jdbc:postgresql:///<DB_NAME>?cloudSqlInstance=<CLOUD_SQL_CONNECTION_NAME>&

// socketFactory=com.google.cloud.sql.postgres.SocketFactory&user=<DB_USER>&password=<DB_PASS>.

Now the following problem pops up, once in a while:

Failed to create ephemeral certificate for the Cloud SQL instance.

We believe this is due to Cloud Run throttling our service to near 0 when not in use, as alluded to in this reply, https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/issues/502#issuecomment-846081718 in the socket factory github issues. This problem did not happen when connecting over the unix socket.

Stumped, we tried to minimise code and dependencies, resulting in the following test project: https://gist.github.com/goulashify/b05593dceae717e425b097f3fe840883

What are we missing? Is there a way to connect to the outside world using a static ip, and have a reliable connection to Cloud Sql?

Reply all

Reply to author

Forward

0 new messages