开发者社区> 问答> 正文

使用带有GKE的cloudsql-proxy时无法获取令牌错误

k8s小能手 2019-01-11 13:46:33 479

我正在使用GKE启用istio附加组件。使用websocket时,Myapp以某种方式提供503错误。我开始认为可能websocket正在工作,但数据库连接不正常,导致503,因为cloudsql-proxy日志会出错:

$ kubectl logs myapp-54d6696fb4-bmp5m cloudsql-proxy
2019/01/04 21:56:47 using credential file for authentication; email=proxy-user@myproject.iam.gserviceaccount.com
2019/01/04 21:56:47 Listening on 127.0.0.1:5432 for myproject:europe-west4:mydatabase
2019/01/04 21:56:47 Ready for new connections
2019/01/04 21:56:51 New connection for "myproject:europe-west4:mydatabase"
2019/01/04 21:56:51 couldn't connect to "myproject:europe-west4:mydatabase": Post https://www.googleapis.com/sql/v1beta4/projects/myproject/instances/mydatabase/createEphemeral?alt=json: oauth2: cannot fetch token: Post https://oauth2.googleapis.com/token: read tcp 10.44.11.21:60728->108.177.126.95:443: read: connection reset by peer
2019/01/04 22:14:56 New connection for "myproject:europe-west4:mydatabase"
2019/01/04 22:14:56 couldn't connect to "myproject:europe-west4:mydatabase": Post https://www.googleapis.com/sql/v1beta4/projects/myproject/instances/mydatabase/createEphemeral?alt=json: oauth2: cannot fetch token: Post https://oauth2.googleapis.com/token: read tcp 10.44.11.21:36734->108.177.127.95:443: read: connection reset by peer
看起来所需的身份验证详细信息应该在我创建的代理服务帐户的凭据中,因此提供给:

{
"type": "service_account",
"project_id": "myproject",
"private_key_id": "myprivekeyid",
"private_key": "-----BEGIN PRIVATE KEY-----MYPRIVATEKEY-----END PRIVATE KEY-----n",
"client_email": "proxy-user@myproject.iam.gserviceaccount.com",
"client_id": "myclientid",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/proxy-user%40myproject.iam.gserviceaccount.com"
}
我的问题:如何摆脱错误/从GKE获得正确的谷歌sql配置?

分享到
取消 提交回答
全部回答(1)
  • k8s小能手
    2019-07-17 23:25:17

    由于MySQL和PostgreSQL基于TCP / IP协议(或特定情况下的unix套接字)而且Postgres没有使用HTTP,因此问题来自服务的端口名称。

    首先,尝试更改端口名称,您可以将其更改为“db”作为示例。另一个解决方法是使用 连接到CloudSQL Mysql的jdbc Socket Factory,略有不同:

    在cloud-sql-instance服务条目中没有“Adresses字段”/ CIDR块
    解决方案:允许连接到CloudSQL实例的服务条目的DNS

    0 0
+ 订阅

分享数据库前沿,解构实战干货,推动数据库技术变革

推荐文章
相似问题
推荐课程