I'm trying to access a cloud sql that is in another vpc with cloud run. I peered the vpc but I can't. What should I do so that cloud run sees cloud sql? cloud run is in project A and cloud sql is in the project B. The vpc are peered.
Connect cloud run on cloud sql
I'm trying to access a cloud sql that is in another vpc with cloud run. I peered the vpc but I can't. What should I do so that cloud run sees cloud sql? cloud run is in project A and cloud sql is in the project B. The vpc are peered.
Connect cloud run on cloud sql
Share Improve this question asked Mar 9 at 14:51 Marcelo Silva Marcelo Silva 11 Answer
Reset to default 2This is a transitive VPC issue. Private services access VPC peerings between several networks are not transitive.
VPC A <--peering--> VPC B <--peering--> VPC C
When you create a Cloud SQL instance with a private IP (via private services access), Cloud SQL behind the scenes creates your Cloud SQL instance in a Google-managed VPC (VPC C) and peers it with your VPC (VPC B). Your Cloud Run VPC (VPC A) can not talk to Cloud SQL due to peerings not being transitive.
There is a Connect your instance to multiple VPCs docs page for guidance on how to get around these peering issues.
I would recommend Connecting to your instance with Private Service Connect as it was designed for this exact use-case, allowing connections from multiple VPC networks.
You can easily enable Private Service Connect on your existing instance. There is also a codelab using Terraform.