I am testing the following configuration.
- Cloud SQL (tetsql-1) in Region X Zone A
- A Compute Engine VM (TestVM-1) in the same Region X Zone A. OS is Centos 7
- Compute Engine VM is running cloud SQL proxy on non default port (9090)
With the above configuration I am able to logon to testsql-1 from TestVM-1 with below command:
`mysql -h 127.0.0.1 --port 9090 -u testuser -D testDB -p`
However I am not able use the internal IP of TestVM-1 in the above command. It gives an error.
Another observation is I am able to do telnet 127.0.0.1 9090
but when I try telnet <VM -Internal-IP> 9090
returns a connection refused error.
Does anyone know if this is expected behaviour? If this is expected, why is it so?
4
Answers
You’re able to connect from your VM to Cloud SQL because you’re using the proxy. If you would like to connect to your Cloud SQL then you have whitelist the IP address of your VM in Cloud SQL’s connections tab, please refer to this documentation.
This is expected behavior. Private IPs are only accessible from a Virtual Private Cloud (VPC). In order for a resource (such as a GCE instance) to connect, it must also be on that VPC.
See this page for instructions on how to add a GCE instance to a VPC, and see this page for more on the environment requirements for Private IP.
The reason that you can connect to
127.0.0.1
but you cannot connect using the VM’s private IP address is that the Proxy is NOT listening on the private IP address.The Cloud SQL Proxy listens on the loopback adapter’s internal address which is
127.0.0.1
. This address only exists inside the computer.The cloud proxy uses 127.0.0.1 by default, where it accepts connections.
To configure another IP Address, you have to set it in the instances parameter:
Something like this:
This configuration allows connecting to this cloud proxy from others hosts as well.