Could anyone connect Cloud SQL with cloud sql proxy pod-CodePudding

I'm trying to setup a very basic wordpress setup as explained in this document: https://cloud.google.com/kubernetes-engine/docs/tutorials/persistent-disk

And cloud sql proxy is giving me certificate errors:

esonika@cloudshell:~ (esonika)$ k logs wordpress-8d7998ccd-xnfn9 -c cloudsql-proxy

2022/12/30 10:43:38 using credential file for authentication; [email protected]

2022/12/30 10:43:38 Listening on 127.0.0.1:3306 for esonika:europe-west9:mysql-wordpress-instance

2022/12/30 10:43:38 Ready for new connections

2022/12/30 10:44:01 New connection for "esonika:europe-west9:mysql-wordpress-instance"

2022/12/30 10:44:02 couldn't connect to "esonika:europe-west9:mysql-wordpress-instance": x509: certificate is valid for 38-968d77ed-a928-4b25-97d3-5451b5f3c670.europe-west9.sql.goog, not esonika:mysql-wordpress-instance

I dont know why a certificate such as "38-968d77ed-a928-4b25-97d3-5451b5f3c670.europe-west9.sql.goog" is created and where.

Thanks

tried resetting ssl configurations and it didn't work

CodePudding user response：

Usually, if you don't explicitly set a SSL connection on your Cloud SQL instance, the communication with the database is in plain text.

EXCEPT when you create a tunnel with Cloud SQL proxy. This time, a secure connection is created, with encrypted data. The encryption is ensure by this automatically and ephemeral certificate created by the proxy.

CodePudding user response：

Thanks for your answer, I tried with both SSL enabled and not-enabled on Cloud SQL side, I think in both cases cloud_sql_proxy is trying to make a secure connection because the error message is same.

What is the correct way to access to Cloud SQL via cloud sql proxy POD in this case?

CodePudding user response：

Here is a doc which might help you in connecting to Cloud SQL from GKE using sidecar pods.

CodePudding user response：

Thanks, The document doesn't list anything that I haven't tried. I think there is an internal issue with cloud_sql_proxy, that's why I decided to switch Cloud SQL to a private network only and wordpress pod is directly connecting to Cloud SQL private IP.