来自Go中Kubernetes的云SQL连接-错误403:权限不足
我需要使用Go从Kubernetes吊舱连接到Google Cloud SQL 我一直虔诚地遵循以下指南: 这是我的Kubernetes部署yaml文件:来自Go中Kubernetes的云SQL连接-错误403:权限不足,go,kubernetes,google-cloud-platform,google-cloud-sql,Go,Kubernetes,Google Cloud Platform,Google Cloud Sql,我需要使用Go从Kubernetes吊舱连接到Google Cloud SQL 我一直虔诚地遵循以下指南: 这是我的Kubernetes部署yaml文件: --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-service labels: app: my-service spec: strategy: type: RollingUpdate rollingUpdate:
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-service
labels:
app: my-service
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 10%
maxSurge: 10%
replicas: 1
template:
metadata:
labels:
app: my-service
spec:
imagePullSecrets:
- name: regsecret
containers:
- name: my-service
image: my-image
imagePullPolicy: IfNotPresent
env:
- name: DB_INSTANCE
value: "my-project-id:europe-west1:uk"
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cloudsql-db-credentials
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cloudsql-db-credentials
key: password
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.11
command: ["/cloud_sql_proxy",
"-instances=my-project-id:europe-west1:uk=tcp:3306",
"-credential_file=/secrets/cloudsql/credentials.json"]
volumeMounts:
- name: cloudsql-instance-credentials
mountPath: /secrets/cloudsql
readOnly: true
volumes:
- name: cloudsql-instance-credentials
secret:
secretName: cloudsql-instance-credentials
下面是我尝试使用Go进行连接的情况:
import (
"github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/dialers/mysql"
"github.com/spf13/viper"
"log"
)
func Connect() {
cfg := mysql.Cfg(
viper.GetString("DB_INSTANCE"),
viper.GetString("DB_USERNAME"),
viper.GetString("DB_PASSWORD"))
cfg.DBName = "my-db-name"
db, err := mysql.DialCfg(cfg)
if err != nil {
log.Fatalf("Failed to create the Cloud SQL client: %v", err)
}
}
不幸的是,运行此代码会导致:
2018/08/08 15:19:45 Failed to create the Cloud SQL client: ensure that the Cloud SQL API is enabled for your project (https://console.cloud.google.com/flows/enableapi?apiid=sqladmin). Error during createEphemeral for my-project-id:europe-west1:uk: googleapi: Error 403: Insufficient Permission, insufficientPermissions
我可以确认数据库显然存在于云SQL中,云SQL API确实已启用,并且我用于生成凭据的服务帐户(如上面的链接所述)确实附加了云SQL客户端角色(我也尝试过云SQL管理员,甚至是项目负责人,但都没有成功)
我错过了什么
编辑:
通过将我的Go代码更新为:
dsn := fmt.Sprintf("%s:%s@tcp(%s)/%s",
viper.GetString("DB_USERNAME"),
viper.GetString("DB_PASSWORD"),
"127.0.0.1:3306",
"my-db-name")
db, err := sql.Open("mysql", dsn)
if err != nil {
log.Fatalf("Failed to create the Cloud SQL client: %v", err)
}
感谢@DazWilkin提供的提示。我知道您已经解决了您的问题,但希望为阅读此帖子的其他人提供另一种选择 有两种方法可以连接到实例: 1:通过TCP连接:您已经有了该解决方案,并向您显示了详细信息。由于云SQL代理容器与您的应用程序容器运行在同一个pod上,因此您的主机应指向
localhost
。
2:Unix套接字:
您还应该能够通过以下代码()进行连接:
您可能必须通过从deployment.yaml文件中删除
=tcp:3306
部分。您正在将代理作为侧车运行,但您的Golang客户端正试图直接连接到数据库实例……您的Golang希望通过localhost
而不是DB\u实例的代理进行连接。
import (
"database/sql"
_ "github.com/go-sql-driver/mysql"
)
dsn := fmt.Sprintf("%s:%s@unix(/cloudsql/%s)/%s",
dbUser,
dbPassword,
INSTANCE_CONNECTION_NAME,
dbName)
db, err := sql.Open("mysql", dsn)