It seems that to create users and databases/tables on Google Cloud SQL requires you to
download a MySQL client
get an instance IP so that you can use the client to connect to the cloud instance
But it shows that to get an IP requires you to pay extra. Is there any way around it?
Can I request an IP for setting up and then remove it later to avoid the charges?
You can add and remove the IP address at any time, and only pay for the charges accrued during the time it was active.
However, unless you are accessing it via a GAE application (which does not need to use the IP) it won't be much use without an IP.
Currently connecting via IPv6 is free:
https://cloud.google.com/sql/docs/mysql-client#connect-ipv6
If you can, we recommend that you connect to your instance over IPv6.
Each instance has an IPv6 address that is free to use. To connect over
IPv4, you must explicitly assign an IPv4 addresss to your instance,
which incurs a charge per hour idle.
You are only charged for external IP addresses for instances that are charged 'per use', and then only when they are idle.
The question is outdated.
As of August 2020 public IPv4 for Cloud SQL is free unless this IP is idle.
More about idling IP in Cloud SQL in this question
Related
I am looking for GCP networking best practice, where I can allow connection of auto-scaled instances to Postgresql server installed on separate instance.
So far I tried whitelisting load-balancer IP within firewall and postgresql config file, but failed.
Any help or pointer is highly appreciated.
The load-balancer doesn't process information by itself, it just redirects Frontend addresse(s) and manage the requests with Instance Groups.
That instance group should manage the HTTP requests and connect with the database instance.
The load-balancer is used to dynamically distribute (or even create additional instances) to handle the requests over the same Frontend address.
--
So first you should make it work with a regular instance, configure it and save the instance template. Then you can proceed with creating an instance group that can be managed by a load-balancer.
EDIT - Extended the answer from my comment
"I don't think your problem is related to Google cloud platform now. If you have a known IP address for the PostgreSQL server (connect using an internal network IP address so it doesn't change), then make sure your auto-balanced instances are in the same internal network, use db's internal IP and connect to it."
I'm learning Cloud SQL and configured IP connectivity for a Cloud SQL instance, using this article: Connecting mysql Client Using IP Addresses
However i'm a bit confused, even though no external network IP address listed in Authorize Networks Cloud SQL instance > AUTHORIZATION > Authorized networks (see screenshot)... I'm still able to connect to SQL instance and browse databases etc. I'm using both $mysql as well as $gcloud sql connect commands in local console / terminal (MacOS
fyi, if that helps, I had earlier whitelisted my IP but then deleted it from Authorized networks (could it be the deletion takes some time to reflect the change? I waited 30 min.!
Thanks for any clarificatin
I'm not sure how to phrase this question or even if it's relevant here.
I'm researching a solution to move our in-house MongoDB installation to a cloud-based db as a service solution in Mongo lab.
The company has stated here http://docs.mlab.com/security/#network that if I deploy the DB in my region (I use google cloud)
When you connect to your mLab database from within the same datacenter/region, you communicate over your cloud hosting provider’s internal network.
How is that statement possible?
When I create a DB at Mongo lab I get an external URL to connect to
ds021984.mlab.com -> 104.154.103.88 instead of an internal host name 10.x.x.x
So how can that address be external thus effecting my latency deeply?
Am I missing something ? How is that statement possible?
The only time you can use the internal IP to address a VM in GCP is if that VM is in the same network resource (and hence, the same GCP account). GCP is smart enough to know if the external IP being addressed is a GCP address, and will route the traffic such that it does not leave the region. This is pretty evident when you ping an external IP from another VM in the region, you'll typically get sub-millisecond response times.
My internet connection has a dynamic IP adress which keeps changing every time the modem is restarted, so I have a hard time configuring the Authorized Networks in Access Control.
This is explained at https://cloud.google.com/sql/docs/access-control#dynamicIP .
Your options are, and I quote:
Use a proxy service so that your application appears to come from only one IP address. Add this address to the authorized networks that can connect to the instance.
Use a CIDR range that covers all of the IP addresses from which your service might connect.
Use the CIDR range 0.0.0.0/0, which allows all external IP addresses to connect.
The third and last option, despite its attractive simplicity has implications that may make it undesirable -- read the docs I'm pointing to.
I have just created a Google Cloud SQL instance. When I was looking on the access control of my instance, I found that if I want to access my database, I should authorize my IP address to get the right to access the database, but the problem is that my application will be deployed anywhere where the clients need, and even if I know where they will run the application and also I authorized their IP address, it (the IP) will be changed at least one time every 24 hours because it is not static IP, and then I have to re-authorize the IP again and again!
Is there any way to make the instance accessible from any IP?
Thanks
You can whitelist any subnet. You just need to enter it using CIDR notation: http://en.wikipedia.org/wiki/Cidr
In particular, you can whitelist 0.0.0.0/0 which includes all possible IP Address.
Please note that this is not recommended for security reasons. You want your access to be as restricted as possible.
This is an older post, but I noticed it on the sidebar so I figured I would add my 2c.
If you're able to use Cloud SQL Second Gen (currently in Beta) there is a new feature which allows access to the database without having to whitelist any firewalls: https://cloud.google.com/sql/docs/sql-proxy
Today, I was looking for a way to set-up an MS-SQL server for development purpose and found the similiar problem (how to allow my laptop to access).
This guide, helps.
In short, you need to allow firewall to enable EXTERNAL access to your VM instance at port 1433.