How do I connect to Google Cloud SQL using SSH - google-app-engine

How do I connect to Google Cloud Platform, specifically Cloud SQL, using SSH? I’m using Tera Term and can’t seem to get in. Maybe I’m just using the wrong host, port, password or configuration settings. I’ve tried several combinations.
I can connect to my Google Cloud SQL instance using MySQL workbench, so I’m pretty sure I’ve configured the Cloud SQL Access Controls correctly.

Cloud SQL provides a managed MySQL endpoint and not a virtual machine in which you can SSH into.

Related

Is it possible to connect to a database stored in Google Cloud VM instance from a Google App Engine instance without using a VPC connector?

I have a project running on APP Engine that must connect to a database located on a Google Cloud VM instance. The project works normally when I run it from my local machine but after deployment it can't connect to the database. After some research I found out that we can use a VPC connector, but this is not a free service. As far as I could understand, the VPC connector allows me to use the internal ip instead of an external ip. For me, there would be no problem using an external ip, but I don't know if that's possible (I'm using a standard GAE environment). Is there any other way to make the connection works without using the VPC connector?

Can pgadmin and pgmodeler connect to Google Cloud Spanner?

I want to start cloud spanner emulator in docker, and then use pgadmin to connect to emulator, but when creating server, I am not sure how to fill in the username and maintenance, has anyone tried it? Because I think cloud spanner is also using pgsql, so I should be able to connect to emulator with pgadmin.
Cloud Spanner itself does not support the PostgreSQL wire protocol, which means that you cannot connect directly to Cloud Spanner using psql or any other PostgreSQL tool. There is however an open source adapter that will allow you to use psql with Cloud Spanner. The adapter can be found here: https://github.com/cloudspannerecosystem/pgadapter
I don't think that pgAdmin will work with the adapter, as pgAdmin will also automatically execute a number of queries on the system tables of PostgreSQL to determine which tables etc. are in the database. Those queries will probably fail.
An alternative to using pgAdmin could be to use DBeaver: https://dbeaver.io/.
DBeaver has built-in support for Google Cloud Spanner.
When creating a connection to Cloud Spanner in DBeaver, make sure to select the Google Cloud Spanner JDBC Driver and not the Google Cloud Spanner Community (Topicus) Driver. The latter is deprecated and does not support the newest features of Cloud Spanner.
The following screenshot shows the connection dialog for Google Cloud Spanner in DBeaver Community Edition 7.3.0.

Separate SQL server speed too slow in Google Cloud

I was moving all website to google cloud and encounter a performance problem.
I set up a VM instance on Compute Engine and a Cloud SQL server.
And connect the Joomla website from VM to Cloud SQL server using provided IP address. (Seems public IP)
The performance is really slow compared to the website using local database inside the VM itself.
So, my question is, is there a way to find local IP to connect to Cloud SQL since our web server is also on the Google Cloud infra itself.
Or, the only way is to stick with the database inside VM?
Update
I set up the Cloud proxy using this guide.
Can connect to mysql prompt with the proxy now.
But still cannot find a way to let joomla use this cloud proxy to connect to the database.
The fastest, easiest, and most secure way to connect to your Cloud SQL instance from your Compute instance is by using the Cloud SQL Proxy. There are multiple reasons for this, but here are the main ones:
Secure connections: The proxy automatically encrypts traffic to and from the database using TLS 1.2 with a 128-bit AES cipher; SSL certificates are used to verify client and server identities.
Easier connection management: The proxy handles authentication with Google Cloud SQL, removing the need to provide static IP addresses.
There's also the fact that you only need a static and small number of instances (1 in your case) connecting to the database, so you don't really need to overcomplicate your setup, you can just drop this binary into your instance, run it as a daemon, and instantly have a fast lane to your Cloud SQL instance (I use "fast lane" here because the traffic will go through Google Cloud's internal network).
Setting up the Cloud SQL Proxy comes down to enabling the Cloud SQL API, giving the service account of your intance access to the Cloud SQL API, making sure the binary has execution permissions (chmod +x), and giving it the connection string to the Cloud SQL instance. You seem to be having issues using the Proxy, so if you need more troubleshooting ideas, you can find them in the documentation. The tutorial you've followed should have detailed instructions on how to do these steps.
After all of that and after making sure the Proxy is running, connecting Joomla to the database should be similar to how you do it via the MySQL client. You should point your Joomla installation to localhost (or 127.0.0.1), give it a set of credentials to access the database itself (you can create database users via the Console), give your Joomla database's name, and that should be it!
Don't forget that the Proxy needs to be running in TCP mode! That should be as simple as adding =tcp:LOCAL_PORT_TO_LISTEN_ON to the connection string parameter you're passing to the Proxy. Here's an example of how to run the Proxy:
./cloud_sql_proxy -instances=<INSTANCE_CONNECTION_NAME>=tcp:3306
Virtual Private Cloud (VPC) helps to increase the performance.
Private Google access enables virtual machine (VM) instances on a subnetwork to reach Google APIs and Services using an internal IP address rather than an external IP address. You can use Private Google access to allow VMs without Internet access to reach Google services.
Here you get more details: https://cloud.google.com/vpc/docs/private-google-access

"TLS requested but server does not support TLS" error with Google Cloud SQL (2nd generation) from Google App Engine?

I'm running into an issue in re-using my connection string (resolved here ... Cannot connect to Google Cloud SQL using SSL + Golang from Google App Engine ...) from connecting to a Google Cloud SQL generation one instance while trying to connect to a generation two instance. I'm receiving this error: TLS requested but server does not support TLS
I can't figure out how to get around this, and the documentation is pretty scarce.
I caught the fact that Instance connection name follows a different structure on generation two, but that doesn't seem like the issue. Has anyone solved this? I'm connecting from Golang.
MySQL level SSL is not currently supported between App Engine Standard Environment and Cloud SQL Second Generation instances.
Communication between App Engine Standard Environment and Cloud SQL is already encrypted so using MySQL level SSL does not add a lot of value, though I can understand that doing application level SSL can add some peace of mind since what happens between Cloud SQL and App Engine is opaque.
I'll try to see if this is something we can change.

How do I authorize my ephemeral Google Container Engine instances in Cloud SQL?

I am currently test-driving Google Container Engine (GKE) and Kubernetes as a possible replacement to AWS/ElasticBeanstalk deployment. It was my understanding that just by the virtue of my dynamic servers being in the same project as the cloud sql instance, that they'd naturally be included in the firewall rules of that project. However, this appears not to be the case. My app servers and SQL server are in the same availability zone, and I have both ipv4 and ipv6 enabled on the sql server.
I don't want to statically assign IP Addresses to cluster members that are themselves ephemeral, so I'm looking for guidance on how I can properly enable SQL access to my docker-based app hosted inside GKE? As a stopgap, I've added the ephemeral IPs of the container cluster nodes and that has enabled me to use CloudSQL but I'd really like to have a more seamless way of handling this if my nodes somehow get a new ip address.
The current recommendations (SSL or HAProxy) are discussed in [1]. We are working on a client proxy that will use service accounts to authenticate to Cloud SQL.
[1] Is it possible to connect to Google Cloud SQL from a Google Managed VM?
Sadly, this is currently the only way to do this. A better option would be to write a controller that dynamically examined the managed instance group created by GKE and automatically updated the IP addresses in the Cloud SQL API. But I agree the integration should be more seamless.

Resources