0

我尝试运行https://github.com/terraform-google-modules/terraform-google-sql-db/tree/v4.5.0/examples/mysql-private

它使用 privateIP 和 publicIP 创建 sql 实例。那挺好的。但是当我尝试连接到 mysql 时,它会这样说,

来自 gcloud 的命令:

./cloud_sql_proxy -credential_file=mysql-service-account.json -instances=sample:example-mysql-private-fd7795e5=tcp:3306 -ip_address_types=PRIVATE &

mysql -u default -p -h 127.0.0.1 --port=3306 default

问题- 为什么它连接到端口 3307?如何解决这个问题。

couldn't connect to "sample:example-mysql-private-fd7795e5": dial tcp 10.127.0.4:3307: connect: connection timed out.

私有 VPC 网络是否必须进行任何更改才能连接它?

但是没有 Private IP ,它确实可以连接并且可以工作,因为它通过 PublicIP 进行,但是为什么私有 IP 仍然无法连接?

有效的命令:

./cloud_sql_proxy -credential_file=mysql-service-account.json -instances=sample:example-mysql-private-fd7795e5=tcp:3306 &

mysql -u default -p -h 127.0.0.1 --port=3306 default

这是我来自 main.tf 的 VPC 配置:

# ------------------------------------------------------------------------------
# CREATE A RANDOM SUFFIX AND PREPARE RESOURCE NAMES
# ------------------------------------------------------------------------------

resource "random_id" "name" {
  byte_length = 2
}

locals {
  # If name_override is specified, use that - otherwise use the name_prefix with a random string
  instance_name        = var.name_override == null ? format("%s-%s", var.name_prefix, random_id.name.hex) : var.name_override
  private_network_name = "private-network-${random_id.name.hex}"
  private_ip_name      = "private-ip-${random_id.name.hex}"
}

# ------------------------------------------------------------------------------
# CREATE COMPUTE NETWORKS
# ------------------------------------------------------------------------------

# Simple network, auto-creates subnetworks
resource "google_compute_network" "private_network" {
  provider = google-beta
  name     = local.private_network_name
}

# Reserve global internal address range for the peering
resource "google_compute_global_address" "private_ip_address" {
  provider      = google-beta
  name          = local.private_ip_name
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  prefix_length = 16
  network       = google_compute_network.private_network.self_link
}

# Establish VPC network peering connection using the reserved address range
resource "google_service_networking_connection" "private_vpc_connection" {
  provider                = google-beta
  network                 = google_compute_network.private_network.self_link
  service                 = "servicenetworking.googleapis.com"
  reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
}

请帮忙。

4

1 回答 1

1

Cloud Shell 不在您的 VPC 中。所以你不能通过私有IP访问你的数据库。您需要在您的 VPC(堡垒 VM)中创建一个 VM 以使用私有 IP 并打开通往该 VM 的隧道。我为此写了一篇文章

于 2021-03-03T19:34:53.327 回答