dockergoogle-cloud-platformgoogle-cloud-sqlmetabasecloud-sql-proxy

Sqlproxy in GCE Virtual Machine can't connect to CloudSQL postgres database


I am trying to get Metbase runnning on a Google VM using a CloudSQL postgres instance as as database.

In the startup script I have the following code to start a sqlproxy:

sudo docker service create --name sqlproxy --network host \
    gcr.io/cloudsql-docker/gce-proxy:1.31.2 /cloud_sql_proxy -instances={CONNECTION_NAME}=tcp:5432

Afterwards I run the following code to start the Metabase service:

sudo docker service create --name metabase --secret {SECRET} \
    -e MB_DB_TYPE=postgres -e MB_DB_DBNAME={DATABASE_NAME} -e MB_DB_PORT=5432 \
    -e MB_DB_HOST=localhost -e MB_DB_USER=admin -e MB_DB_PASS_FILE={FILE} \
    --network host {DOCKERFILE}

After doing so, the docker service logs for the metabase state that it is waiting for the database connection to be initialised. The logs of the sqlproxy service afterwards (while it starts correctly) that the proxy from the VM is unable to connect to the CloudSQL postgress instance and the connection times out.

The VM and the CloudSQL instance are both in the same VPC, I have set up a private service connection for the CloudSQL instance in the network and added the VM to a subnet. They both have different internal IP-ranges, however, when I want to create a subnet with the same IP range as the private service connection, it won't allow me.

I am quite new to networking and am unsure to proceed from here. Is there someone who has an idea of what goes wrong or what direction I need to look in?

UPDATE:

The following logs from the proxy show the following:

sqlproxy.1.urxsvm3mxnro@{VM}    | 2023/08/07 11:27:12 current FDs rlimit set to 1048576, wanted limit is 8500. Nothing to do here.
sqlproxy.1.urxsvm3mxnro@{VM}   | 2023/08/07 11:27:12 Listening on 127.0.0.1:5432 for {INSTANCE}
sqlproxy.1.urxsvm3mxnro@{VM}  | 2023/08/07 11:27:12 Ready for new connections
sqlproxy.1.urxsvm3mxnro@{VM}   | 2023/08/07 11:27:12 Generated RSA key in 108.361863ms

However, after running the following psql command: psql "sslmode=disable dbname=metabase-mvp user=admin hostaddr={INSTANCE_IP}" it runs into a time-out asking if the service is running and listening on port 5432.

I created a connection test in CloudSQL that tests the connection from the internal IP from the VM to the CloudSQL instance, this works.

Is there anything that might be blocking the proxy connection? I enabled the CloudSQL Admin API, granted the necessary rights to the SA and added a firewall rule for outbound activity to the Private Connection IP range & Subnet IP range for ports 3307 & 5432. I am a bit clueless.. This is what the logs show after running psql:

psql: error: could not connect to server: Connection timed out
        Is the server running on host "{CLOUDSQL INSTANCE IP}" and accepting
        TCP/IP connections on port 5432?

Solution

  • Found the culprit. The VPC Network peering didn't export the route from the VM's public IP to the CloudSQL instance Private IP. Exporting this route solved the issue and made the connection possible.