IssueTracker

I have forwarded this request to the engineering team. We will update this issue with any progress updates and a resolution.

It will give faster access but also allow for encrypted connections since it will be on the private network.

This would also allow us to whitelist an internal network range which is important for allowing access from an instance-group where we don't know what the IPs will be until the instances are generated. Right now we have to manually authorize each IP when a new instance comes online in our instance group.

Also, with the external IP it looks like we incur data charges for going through an external IP: https://cloud.google.com/compute/pricing#network

Any update on this? AWS allows you to add RDS instances to VPCs. This seems like quite a major feature gap.

This is a big feature we wish we weren't losing in our migration from RDS as well.

Yeah we also want this feature, AWS would allow us to do this

Please update status when it come live i am also waiting for it.Thanks

May I know which region are you guys hosting CloudSQL with? I've tried Taiwan, Mumbai and Tokyo, and the latency is really bad for Singapore.

Same as above, is there an ETA for this?

"Right now we have to manually authorize each IP when a new instance comes online in our instance group. ".
This is the wrong way, you need to use this : https://cloud.google.com/sql/docs/postgres/sql-proxy
We are using it with autoscaling Kubernetes cluster without setting ACL as it's impossible and it's working fine like this.

Any update on this Google? It's the #3 issue on the Cloud SQL issue tracker.

It's pretty great to see private IP addresses in beta on CloudSQL instance. Unfortunately, it doesn't seem that connecting a shared network works at this time. We also did not find a way to select a subnet within that shared network.

This is a pretty key feature that we need with our migration to Google Cloud so that our applications not yet hosted on GCP can connect to our CloudSQL instances over VPN. Any update as to when we'll see the subnet selection support occur?

I can't seem to connect to my kubernetes cluster using the private IP generated from SQL.

I tried pinging, telnet, and mysql clients and it just doesn't connect at all. Not sure what I'm doing wrong because I'm following all the documentation on this.

I really would like to avoid the sql-proxy containers because the latency on those were very high.

Has anyone had any success with hitting sql with private IP's?

According to Slack chat "VPC-native (alias IP)" must be enabled on GKE in order to access Postgresql via IP address from GKE pods. Sadly this option cannot be turned only for existing clusters.

Thanks! Worked!

https://medium.com/@johnjjung/how-to-setup-a-kubernetes-cluster-that-can-connect-to-sql-on-gcp-using-private-ips-c0cd41ea3a4e

Using the alpha OR beta gcloud, connecting a shared network still does not work.
I get the following error:
"ERROR: (gcloud.beta.sql.instances.create) INTERNAL_ERROR"

Is there any workaround to turn it on for existing clusters? I heard that creating a route might work?

Tried today to connect a new K8s Cluster via private IP address - but there's no answer from the CloudSQL Instance (ping gets lost)
Also tried with a simple ComputeEngine, but also no anser from the CloudSQL Instance.

However, using VPC Peering manually (two VPCs in the same project for test reason), it works fine. So i'd assume, I'm not doing it wrong and neither is VPC Peering in general broken. But there might be some Routing/Firewall/CloudSQL-Instance missconfiguration within the setup process?

Afaik you cannot cross VPC boundaries from a Kubernetes Cluster until you deploy it with IP aliases enabled (That require creating a new cluster from scratch)

As this feature request was originally written, it appears complete, can we mark this as resolved now?