Comments (7)
Was there any more info about this? I've seen it again lately, a few times. Under GKE Version 1.14.9-gke.23. Support hasn't been able to see anything conclusive and suggested creating a new cluster.
from cloud-sql-proxy.
Interesting. I'm thinking that error happens when the proxy was attempting to receive an oauth token for your service account, although that's a strange failure mode. Is it possible that you are preventing outgoing HTTP requests in your Kubernetes configuration?
@dlorenc : have you ever seen this?
from cloud-sql-proxy.
I haven't seen this, but did notice another error that I didn't see before. I just sent a PR to add that.
@beldur, can you try again with the ssl-certs volume like I added in #10?
Other than that, I'd try to make sure you have outbound internet access and your DNS configuration is correct. If you SSH to a node, can you ping accounts.google.com?
from cloud-sql-proxy.
From a Cluster Node:
user@gke-main-xfx19x6x-node-3fmc:~$ ping accounts.google.com
PING accounts.google.com (74.125.206.84) 56(84) bytes of data.
64 bytes from wk-in-f84.1e100.net (74.125.206.84): icmp_req=1 ttl=55 time=0.609 ms
From a Container (nginx vanilla container) running on a node
/ # ping accounts.google.com
PING accounts.google.com (74.125.206.84): 56 data bytes
64 bytes from 74.125.206.84: seq=0 ttl=54 time=0.664 ms
from cloud-sql-proxy.
I added the ssl certs volume and replaced my RC with --force=true --cascade
. My RC looks something like this:
...
containers:
- name: sql-proxy
image: b.gcr.io/cloudsql-docker/gce-proxy
command:
- /cloud_sql_proxy
- -dir=/cloudsql
- -instances=xxx:xxx
- -credential_file=/sql-creds/creds.json
volumeMounts:
- mountPath: /cloudsql
name: sql-proxy
- mountPath: /sql-creds/
name: sql-creds
- mountPath: /etc/ssl/certs
name: ssl-certs
...
volumes:
- name: sql-proxy
emptyDir: {}
- name: sql-creds
secret:
secretName: xxx
- name: ssl-certs
hostPath:
path: /etc/ssl/certs
I still get the same timeout error.
from cloud-sql-proxy.
My guess is similar to @dlorenc, in that it seems that something is blocking outgoing connections to that address from within the container. Do you happen to set any sort of network flags on that container?
Can you SSH and try to do a wget https://accounts.google.com
(from within the node and from a container that has similar settings as the proxy)? Maybe it's just blocking port 443.
from cloud-sql-proxy.
I completely recreated my cluster with the new GKE Version 1.2
Now I don't get the timeout error anymore.
from cloud-sql-proxy.
Related Issues (20)
- Do not require strict order in env variables for connections HOT 2
- Add support for a lazy refresh
- pgbouncer + proxy with transaction pooling is slow HOT 23
- Is there any way to connect to MS SQL using domain credentials? HOT 7
- v2/tests: TestSQLServerAuthentication failed HOT 4
- Telemetry doesn't work with non-ADC
- v2/internal/proxy: TestCheckConnections failed HOT 2
- Connecting to cloud-sql using private-ip sometimes fails with a TLS handshake timeout HOT 7
- Availability of a Container Image on Google Artifact Registry HOT 2
- "Cloud SQL IAM service account authentication failed for user ..." intermittent errors when connecting to Postgres HOT 17
- CSQL_PROXY_ADDRESS requires an IP address but doesn't explicitly state so HOT 6
- 30s+ Hang When Using Manual Token Authentication HOT 7
- v2/internal/proxy: TestClientLimitsMaxConnections failed HOT 1
- v2/internal/proxy: TestClientCloseWaitsForActiveConnections failed HOT 1
- v2/internal/proxy: TestClientClosesCleanly failed HOT 1
- v2/internal/proxy: TestClosesWithError failed HOT 2
- v2/internal/proxy: TestClientConnCount failed HOT 2
- v2/internal/proxy: TestRunConnectionCheck failed HOT 2
- Automatic instance discovery isn't supported in v2 Proxy HOT 5
- Brief summary of the proposed feature
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloud-sql-proxy.