-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSQL_PROXY_ADDRESS requires an IP address but doesn't explicitly state so #2213
Comments
@ar-qun can you tell me a bit more about your use case? I'd expect |
@enocom I am running Cloud SQL Proxy in GKE as a separate K8s Deployment and I want the pods to be accessible only from the current namespace. There is a low chance that someone will expose the service to the outside but using a domain name would for sure keep the traffic internal. It also might be a bit confusing like it was to me. |
Are you running the Proxy behind a connection pooler? Normally, we recommend running the Proxy as a sidecar (and only listen on localhost) or possibly put it behind a connection pooler (with the proxy also listening only on localhost). There might still be a use-case here, but the root issue might be how you're using the Proxy. |
Not, yet. Currently, Cloud SQL Proxy as single container in a deployment just to try things out. After my trials I will either put Cloud SQL Proxy behind pgbouncer, as is explained in the examples, or switch to the Cloud SQL Language Connectors. My understanding the issue with running SQL that way is that it is not secure right? |
Yes. Typically we expect traffic to and from the Proxy to be bound to localhost (or a pod), where the workload is contained onto a single VM. |
Thanks, enocom. I will follow the the example with PgBouncer then[1]. [2] https://github.com/GoogleCloudPlatform/cloud-sql-proxy/tree/main/examples/k8s-service |
Description
When setting
CSQL_PROXY_ADDRESS
tocloud-sql-proxy
I get the error below.Potential Solution
Given that the word
address
is used for both domain names and IPs either it would be great to have disambiguation. I can also make a feature request.Additional Details
No response
The text was updated successfully, but these errors were encountered: