Google Cloud SQL authorize Auto Scale Instance Groups

google google-compute-engine google-cloud-platform google-cloud-sql

I have an instance group set up with Auto Scaling and Load Balancing. I'm also using Google Cloud SQL for the MySQL server.

Whenever instance group scales up and adds another instance, the instance gets a new IP address. The problem is that this instance no longer has access to the Google SQL instance (since the SQL instance requires authorized networks to be pre-configured). What can I do about this?

I'm currently accepting most IPs to my SQL server by adding the following IPs to the Authorized IPs in the SQL manager: 100.0.0.0/6 104.0.0.0/5 112.0.0.0/4


As already mentioned by @justbeez, I believe the best way to go is using second generation instances and Cloud SQL Proxy. In case this is not possible, first generation instances can be setup to only allow SSL connections and whitelisting any origin as explained here.

A more complex approach would be to create an instance template so that a startup-script runs at boot time and authorizes the instance IP address via gcloud. The IP could be removed in the same way at shutdown time.

The IP address of the GCE VM can be obtained from the metadata server

curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip" -H "Metadata-Flavor: Google"

If you're using a Second Generation Cloud SQL instance, you may want to consider using the Cloud SQL Proxy connection method: https://cloud.google.com/sql/docs/mysql-connect-proxy

In short, you install Cloud SQL proxy locally in your instances and it authenticates via a service account. You then connect to it similarly to how you would connect using a UNIX or TCP socket.

This requires a little setup, but doesn't require any IP whitelisting. Once you have it configured, you would just add that version to whatever auto-scaling template you're using.

Note: If you happen to be using Docker containers, they have a version of Cloud SQL Proxy wrapped in a Docker image that you can add to your pods as a service: https://cloud.google.com/sql/docs/mysql-connect-docker

(The only other option I can think of is to use the API to edit the whitelist in response to the autoscaling events.)

Related

Different email acount on different MX priority
How to correctly launch a python application in the Mac OS X dock?
YouTube URL algorithm?
Difference between ListView and DataGrid in WPF?
For loop instead of while loop
Proper way to send username and password from client to server
pdb.set_trace() causing frozen nosetests, does not drop into debugger
Model.reset_column_information does not reload columns in rails migration
C# Thread won't sleep?
JetBrains IDE Support Extension - How to disable Chrome Warnings?
Is it possible to set a release date on the google play store?
How to install a bower package using a private git server (SSH)?