GCP Connecting to SQL for a Cloud Run Anthos nodejs service

1
votes

Trying connect SQL instance to Cloud Run Service, using Fully Managed cloud run works fine but when I try to connect service via Anthos (which is required as we need to use websockets on services) I just get ENOENT (No Entry), update IAM for GKE with correct permissions, recreated cluster with all services enabled/

Here's the deploy command I am doing

    gcloud run deploy \
    --project ${GOOGLE_PROJECT_ID} \
    --platform gke \
    --cluster dev \
    --cluster-location ${GOOGLE_COMPUTE_ZONE} \
    --image gcr.io/${GOOGLE_PROJECT_ID}/${PROJECT_NAME} \
    --set-cloudsql-instances "${GOOGLE_PROJECT_ID}:europe-west1:dev" \
    --set-env-vars "$(tr '\n' ',' < "${ENV_KEY_PRODUCTION}")" \
    --set-env-vars "SERVICE=${1}" \
    --set-env-vars "DB_HOST=/cloudsql/${GOOGLE_PROJECT_ID}:europe-west1:dev" \
    "${1}"

If I use the private IP from SQL and remove --set-cloudsql-instances and set DB_HOST as private IP it works.

But adding --set-cloudsql-instances should make a sidecar for service in GKE cluster and allow it to connect to SQL?

1
google-cloud-platformgoogle-kubernetes-enginegoogle-cloud-rungoogle-anthos

1 Answers

3
votes

The documentation isn't clear... the parameter '--set-cloudsql-instances' is only available for Cloud Run Managed version. The first sentence of the section is important. And the limitation is not clear in the doc

Only applicable if connecting to Cloud Run (fully managed). Specify --platform=managed to use:

--[no-]allow-unauthenticated Whether to enable allowing unauthenticated access to the service. This may take a few moments to take effect. Use --allow-unauthenticated to enable and --no-allow-unauthenticated to disable.

--clear-vpc-connector Remove the VPC connector for this Service.

--revision-suffix=REVISION_SUFFIX Specify the suffix of the revision name. Revision names always start with the service name automatically. For example, specifying [--revision-suffix=v1] for a service named 'helloworld', would lead to a revision named 'helloworld-v1'.

--vpc-connector=VPC_CONNECTOR Set a VPC connector for this Service. These flags modify the Cloud SQL instances this Service connects to. You can specify a name of a Cloud SQL instance if it's in the same project and region as your Cloud Run service; otherwise specify :: for the instance. At most one of these may be specified:

--add-cloudsql-instances=[CLOUDSQL-INSTANCES,…] Append the given values to the current Cloud SQL instances.

--clear-cloudsql-instances Empty the current Cloud SQL instances.

--remove-cloudsql-instances=[CLOUDSQL-INSTANCES,…] Remove the given values from the current Cloud SQL instances.

--set-cloudsql-instances=[CLOUDSQL-INSTANCES,…] Completely replace the current Cloud SQL instances with the given values.