Cannot access google cloud SQL from google container engine

Question

I'm still having problems accessing the cloud SQL instance from a GCE container. When I try to open up mysql, I get the following error:

ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial 
                    communication packet', system error: 0

The connection works fine from my local machine, though (The instance has a public IP and I have added my office's IP to the 'allowed Networks'). So, the instance is accessible through the internet just fine.

I guess the db's access control is blocking my access from the gce network, but I'm unable to figure out how to configure this.

I added my project to "Authorized App Engine Applications" in the Cloud SQL control panel, but that doesn't seem to help.

EDIT: If I add "0.0.0.0/0" to Allowed Networks, all works well. This is obviously not what I want, so what do I need to enter instead?

EDIT2: I could also add all public IPs from my kubernetes cluster (obtained through gcloud compute instances list) and add them to the cloud sql access list manually. But, this doesn't seem to be right, does it?

Answer 1

The recommended solution is to use SSL connection with that 0.0.0.0/0 CIDR. This is to limit the connection to the correct key. I also read that they won't promise you a specific IP range so the CIDR /14 might not work some times. I had to do the SSL connection with my Cloud SQL for the same reasons.

Answer 2

If you add the /14 CIDR block for your Container Engine cluster as the source address range does that work?

To find the CIDR block for your cluster, click on the cluster name in the Google Cloud Console and find the row labeled "Container address range".

Answer 3

You should use the public IP addresses of the GCE instances to correctly allow traffic to your Cloud SQL instance (as you mentioned in EDIT2).

You can find more information in Cloud SQL documentation: https://cloud.google.com/sql/docs/gce-access