database-connectiongoogle-compute-enginegoogle-cloud-runssh-tunnelvpc

How to establish SSH tunnel from python script on Google Cloud Run to server with PostgreSQL database?


I've done some research and based on it, my first question is:

It is not possible to establish an SSH tunnel from python script in Google Cloud Run to the server where the database is located natively, right?

If it is so, then, what workarounds would you suggest? I found a deprecated solution which is of course no longer intended to be used. The author wrote a new official guideline on how to approach this problem, but I do not understand in which way it solves it. In the end, we get a static IP address and we just need to whitelist it in our database?

So, please, suggest any other workarounds or comment on something that I missed or do not understand about the mentioned ones. Thank you!


Solution

  • Sharing this as a community wiki for the benefit of others

    As discussed by @John Hanley

    Two steps are required. 1) You will need to configure OpenSSH on the Compute Engine instance to tunnel traffic to PostgreSQL. You do not need a static IP address for Cloud Run, so neither link is relevant. 2) You will need to embed an SSH client in your code to use the SSH tunnel. Once you have configured something and have a problem, post a question with details. Note: you might be able to configure a Cloud Run sidecar to handle the SSH client side, but I have not tried that. Suggestion: unless you understand what this means you have a lot of work to do. Why not use standard methods?