Can't access Google Cloud SQL with private IP from peered VPC network

本秂侑毒 提交于 2020-08-10 04:46:41

问题


These are the steps:

  • In "Project A" I have a "network A" with postgresql private IP in it.
  • Can access postgresql from VM existing in same "network A" through private IP.
  • Create a new "network B" in same "Project A"
  • Create a "VPC network peer" between "network A" and "network B"
  • Fully open firewall
  • Can't reach postgresql from "network B", though can ping VM existing on "network A"

Why i can't reach postgresql? Is it because SQL Private IP is in Beta mode, or i'm missing smth here?


回答1:


Cloud SQL Private IP access is setup through peering so network A is peered with network Z, which contains your Cloud SQL instance. When you peer A with B, B does not have access to network Z.




回答2:


Yes, a proxy is the way to go as mentioned in earlier response, because peering is not transitive.

It will be straightforward to access an SQL proxy in network "A" from peered network "B" VM.

As for access from Kubernetes cluster in network "B", there is one possible pitfall. By default, Kubernetes will not SNAT traffic destined to 10.0.0.0/8 and will try to keep it local. So you will need to change iptables rules on host instances to reach outside.

A permanent solution is to set up DaemonSet, but you can test this theory by manual changes on host first. For example:

iptables -A POSTROUTING -d 10.11.0.0/24 \
   -m addrtype ! --dst-type LOCAL -j MASQUERADE -t nat

Here is a link to an excellent, simple guide https://blog.mrtrustor.net/post/iptables-kubernetes/.



来源:https://stackoverflow.com/questions/52756065/cant-access-google-cloud-sql-with-private-ip-from-peered-vpc-network

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!