0
因此,出於某種原因,我無法通過cloud_sql_proxy連接到SQL實例。無法使用cloud_sql_proxy從容器連接到雲SQL
我試着做一個telnet 127.0.0.1 3306上wordpress容器(通過kubectl exec ...):
bash-4.3# telnet 127.0.0.1 3306
Connection closed by foreign host
即使我kubectl exec..到cloudsql-proxy容器我得到上述同樣的行爲。
但是,這樣做本地工作正常。
我怎麼能診斷這個問題,以及可能的原因是什麼?
這裏是我的容器配置(部署中):
containers:
- image: eu.gcr.io/abcxyz/wordpress:initial
name: wordpress
imagePullPolicy: "Always"
env:
- name: WORDPRESS_HOST
value: localhost
- name: WORDPRESS_DB_USERNAME
valueFrom:
secretKeyRef:
name: cloudsql-db-credentials
key: username
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
- image: eu.gcr.io/abcxyz/nginx:initial
name: nginx
imagePullPolicy: "Always"
ports:
- containerPort: 80
name: nginx
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
- image: gcr.io/cloudsql-docker/gce-proxy:1.09
name: cloudsql-proxy
command: ["/cloud_sql_proxy", "--dir=/cloudsql",
"-instances=abcxyz:europe-west1:wordpressdb=tcp:3306",
"-credential_file=/secrets/cloudsql/credentials.json"]
volumeMounts:
- name: cloudsql-instance-credentials
mountPath: /secrets/cloudsql
readOnly: true
- name: ssl-certs
mountPath: /etc/ssl/certs
- name: cloudsql
mountPath: /cloudsql
如果從cloudsql-proxy我看到下面的獲取日誌:
2017/08/11 12:55:03 New connection for "abcxyz:europe-west1:wordpressdb"
2017/08/11 12:55:03 couldn't connect to "abcxyz:europe-west1:wordpressdb": ensure that the account has access to "abcxyz:europe-west1:wordpressdb" (and make sure there's no typo in that name). Error during createEphemeral for abcxyz:europe-west1:wordpressdb: googleapi: Error 403: The client is not authorized to make this request., notAuthorized
的服務帳戶有問題的確有Cloud SQL Admin權限。