Connecting to Postgres SQL instance (private ip) with psql client

0
votes

I have a problem to connect on my CloudSQL Postgres instance with a psql client. I followed the documentation https://cloud.google.com/sql/docs/postgres/connect-admin-proxy.

I have enable the Cloud SQL Admin API & installed the cloud_sql_proxy :

wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
chmod +x cloud_sql_proxy

I use my credential SDK Cloud who have all the rights and i have set the good project :

gcloud config set project gta-staging-280808

Next, i have launch the following comandes :

To test with TCP sockets :

./cloud_sql_proxy -instances=gta-staging-280808:europe-west1:${INSTANCE_ID}=tcp:5432
psql "host=127.0.0.1 sslmode=disable dbname=${DB_NAME} user=${USER}"

To test with Unix sockets :

./cloud_sql_proxy -dir=/cloudsql &
psql "sslmode=disable host=/cloudsql/gta-staging-280808:europe-west1:${INSTANCE_ID} user={USER}"

Result:

2020/08/27 15:36:39 New connection for "gta-staging-280808:europe-west1:${INSTANCE_ID}"

2020/08/27 15:40:59 couldn't connect to "gta-staging-280808:europe-west1:${INSTANCE_ID}": dial tcp XX.XX.XX.XX:3307: connect: connection timed out

There is no SSH. The VPC is the default.

Why it's doesn't work? Do you have any idea?

1
google-cloud-platformgoogle-cloud-sqlpsql
Can you add to your question how are you trying to use the psql(are you using the external IP, what port are you using)Neo Anderson
If your Cloud SQL instance only has a private IP address and you are connecting from outside your VPC (using the Internet) then you must use the Google Cloud SQL Proxy or use forwarding with another instance in your VPC. If you are connecting from your VPC, edit your question with details on how you are connecting and from where.John Hanley

1 Answers

0
votes

This error could be caused due to many reasons, in the end it says that the client cannot reach the instance. Still, in this case, I suspect you are trying to connect to the Cloud SQL instance using the SQL proxy from the Cloud Shell.

Assuming that you are using the Cloud Shell, the steps that you made would work if the instance had a public IP. Even if you are authenticated with an account that should have access to the instance, the proxy must be run from a resource with access to the same VPC network as the SQL instance, which is not the case of the Cloud Shell.

On the same note, you could access the SQL instance from GCE if you had an instance using the same network. Check out this guide, to attempt a connection from within a GCE instance, which is essentially the same but allocating an IP address range. If you want to connect from the Cloud Shell, you will need to use a public IP in which case the guide you provided will work.

I have reproduced both connections from the Cloud Shell and from GCE in order to verify this answer.