I'm new about GCP network.
I recently use Direct VPC egress. If I disable Direct VPC egress and use followed format DATABASE_URL
postgresql://user:password@localhost/db_name?host=/cloudsql/project_id:region:db_id
, it works, but if I enable VPC egress, it emit an error.
couldn't listen at "/tmp/cloudsql-proxy-tmp/connection_name ~ bind: invalid argument
I guess VPC subnet of VPC direct egress doesn't allow something egress ports or Internet Connection using IP, though I thought VPC network can use google private access. I know cloud SQL network separated from project VPC network thus, we must use VPC peering, but I want to use public IP only with cloud SQL proxy if we can. When we use subnetwork with Direct VPC egress, must we use private IP address of cloud SQL?
Update(2024/02/03):
I found that cloud sql proxy restricts 108 chars path with unix socket. And my DB socket path has more characters than it in the environment. You can access to cloud sql with public IP only when using PRIVATE_RANGES_ONLY traffic configuration and conform unix socket's restrictions.
From SQL Config:
From Cloud Run Config:
From Cloud Run Access Log:
You can also access using private IP as following followed by description.
Deprecated:
Further research, I conclude cloud run's default cloud-sql-proxy connection can't configure private-ip option of https://github.com/GoogleCloudPlatform/cloud-sql-proxy now.
This means the socket with proxy doesn't connect to private IP and should imply proxy using private google access to access identity aware proxy in VPC even if private_range_ip_only traffic config used.That is why unix socket connection is refused.If we want to use unix socket connection in VPC, only the way I thought is to run cloud sql proxy with private-ip option specified in sidecar as guillaume blaquiere's comment.
Current confident way to work around is private ip access as @John Hanley describes.
The article @gang-chen introduce is very helpful.