Connect from GKE to Cloud SQL through private IP

Question

I am trying to connect from a pod in GKE to Google Cloud SQL.

Last weekend I make it work, but when I deleted the pod and recreated it was not working and I am not sure why.

Description

I have a nodejs application that it is dockerized. It uses the library sequelize and connects to postgres database.

Sequelize is reading the variables from the environment and in kubenetes I pass them through a secret

apiVersion: v1
kind: Secret
metadata:
  name: myapi-secret
  namespace: development
type: Opaque
data:
  MYAPI_DATABASE_CLIENT: XXX
  MYAPI_DATABASE_PORT : XXX
  MYAPI_DATABASE_HOST: XXX
  MYAPI_DATABASE_NAME : XXX
  MYAPI_DATABASE_USERNAME: XXX
  MYAPI_DATABASE_PASSWORD: XXX

And my pod definition

apiVersion: v1
kind: Pod
metadata:
  name: myapi
  namespace: development
  labels:
    env: dev
    app: myapi
spec:
  containers:
    - name: myapi
      image: gcr.io/companydev/myapi
      envFrom:
        - secretRef:
          name: myapi-secret
      
      ports:
        - containerPort: 3001
          name: myapi

When I deploy the pod I get a connection error to the database

Error: listen EACCES: permission denied tcp://podprivateip:3000
    at Server.setupListenHandle [as _listen2] (net.js:1300:21)
    at listenInCluster (net.js:1365:12)
    at Server.listen (net.js:1462:5)
    at Function.listen (/usr/src/app/node_modules/express/lib/application.js:618:24)
    at Object.<anonymous> (/usr/src/app/src/app.js:46:5)
    at Module._compile (internal/modules/cjs/loader.js:1076:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1097:10)
    at Module.load (internal/modules/cjs/loader.js:941:32)
    at Function.Module._load (internal/modules/cjs/loader.js:782:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
Emitted 'error' event on Server instance at:
    at emitErrorNT (net.js:1344:8)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  code: 'EACCES',
  errno: -13,
  syscall: 'listen',
  address: 'tcp://podprivateip:3000',
  port: -1
}

I couldn't realize what I am missing

---

Thanks to @kurtisvg I was able to realize that I was not passing the host and port through env variables to express. However I still have a connection error

UnhandledPromiseRejectionWarning: SequelizeConnectionError: connect ETIMEDOUT postgresinternalip:5432

It is strange because the postgres (cloud sql) and the cluster (gke) are in the same gcp network, but it is like the pod can't see the database.

If I run a docker-compose in my local this connection is working.

Answer 1

You're connecting over private IP, but the port you've specified appears to be 3000. Typically Cloud SQL listens on the default port for the database engine:

• MySQL - 3306
• Postgres - 5432
• SQL Server - 1433