Geek Answers Handbook

Change Google Container Cluster Permissions

I was able to successfully create a Google Container cluster in the developer console and deployed my application to it. It all starts fine, however, I found that I can’t connect to Cloud SQL, I get:

"Error: Handshake inactivity timeout"

After a little digging, I had no problems connecting to the database from App Engine or my local machine, so I thought it was a bit strange. Then I noticed cluster permissions ...

When I select my cluster, I see the following:

  Permissions User info Disabled Compute Read Write Storage Read Only Task queue Disabled BigQuery Disabled Cloud SQL Disabled Cloud Datastore Disabled Cloud Logging Write Only Cloud Platform Disabled

I really hoped to use both Cloud Storage and Cloud SQL in my container nodes. I allowed access to each of these APIs in my project settings, and my Cloud SQL instance accepts connections from any IP (I already performed Node in a managed virtual machine on App Engine earlier), so I believe that Google explicitly disables these APIs.

So my question is in two parts:

  • Is there a way to change these permissions?
  • Is there a good reason why these APIs are disabled? (I guess that should be)

Any help is much appreciated!

+5
source share
3 answers

Permissions are determined by the service accounts connected to your node virtual machines when creating the cluster (service accounts cannot be changed after the virtual machine is created, so this is the only time you can choose permissions).

If you use a cloud console, click the "Advanced" link on the cluster creation page and you will see a list of permissions that you can add to the nodes in your cluster (all are inactive by default). Switch whatever you want, and you should see the appropriate permissions after creating the cluster.

If you use the command line to create your cluster, pass the --scopes command to gcloud container clusters create to set up the appropriate service account areas on your node virtual machines.

+9
source

Using Node pools, you can sort the areas to add to the working cluster by creating a new Node pool with the required areas (and then deleting the old one):

 gcloud container node-pools create np1 --cluster $CLUSTER --scopes $SCOPES gcloud container node-pools delete default-pool --cluster $CLUSTER
+11
source

For cloudsql is possible to connect from containers defining a proxy server, as described here https://cloud.google.com/sql/docs/postgres/connect-container-engine

0
source

More articles:


All Articles