Question

How to connect from App Platform to Google Cloud SQL?

My backend is running on Digital Ocean App Platform (node js).

I am trying to migrate my database (which the backend uses) from AWS to Google Cloud Platform (Google Cloud SQL).

I am struggling to connect, the connection from DO backend to the GCP database keeps timing out.

GCP has several methods for connecting, I have chosen SSL. Some time ago I was using SSL to connect to a database managed by Digital Ocean. So I think I know how to do it (even though it’s a bit tricky because certificates have to be in environment variables in a very specific format).

I am using Sequelize. The exact error is: [SequelizeConnectionError]: connect ETIMEDOUT 35.237.132.2:5432

This suggests to me that I didn’t even get to the point where certificates could be in a wrong format. I am simply not getting through.

I am out of ideas what to try. Any suggestions how to debug this appreciated.

It is possible that GCP requires both:

  • SSL
  • The backend’s IP address to be added to the list of “Authorized Networks” on GCP

I do not know how to do the latter. When I try to find the IP of the DO instance my App is running on, I get 10.244.16.191.

When I try to add that address to GCP’s whitelist, it says that it is already allowed by default and won’t let me add it.


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I have eventually found a solution. A nodejs application with an impermanent IP can connect to Google Cloud Sql databases using Google’s Nodejs Connector library. This stuff is fairly new so there can be issues involved (I had a Sequelize issue).

If anyone runs into this check this repo: https://github.com/GoogleCloudPlatform/cloud-sql-nodejs-connector

And if you use Sequelize this PR: https://github.com/GoogleCloudPlatform/cloud-sql-nodejs-connector/pull/193#issuecomment-1823252637

Bobby Iliev
Site Moderator
Site Moderator badge
November 21, 2023

Hey @poglavarsvemira,

When you’re dealing with cloud platforms, connectivity issues can be particularly tricky to troubleshoot due to the various layers of networking involved. From what you’ve described, it seems like the connection timeout is happening before SSL negotiation, which implies a network issue rather than a certificate problem.

Firstly, considering that Google Cloud SQL does indeed require both SSL and the addition of the backend’s IP address to the list of authorized networks, let’s address these individually:

  1. Since you have experience with SSL from your previous setup, ensure that all the required SSL files (client certificate, client key, and server CA certificate) are correctly configured in your environment variables. Sequelize should have options to specify these in its configuration.

  2. The IP address you’ve found (10.244.16.191) is an internal IP within DigitalOcean’s network. This won’t be reachable from Google Cloud SQL. DigitalOcean’s App Platform does not provide static external IP addresses for outgoing connections. Therefore, Google Cloud SQL wouldn’t be able to whitelist an IP that’s dynamically assigned to your app.

I could suggest a few things here:

  • Heading over to the Product Ideas board and adding your vote is a good step. DigitalOcean considers user feedback for new features, and this can help prioritize the development of such a feature. Here is a link to the existing idea on the DigitalOcean ideas board:

https://ideas.digitalocean.com/app-platform/p/app-platform-static-ip

  • Using a DigitalOcean Managed Database: If migrating your database to a DigitalOcean Managed Database is an option, it can simplify connectivity as these services are designed to work together.

  • Utilizing a Droplet: Deploying your application on a Droplet will provide you with a static external IP address. You can then add this IP to Google Cloud SQL’s authorized networks.

Let me know if you have any questions!

Best,

Bobby

I mean, I would say this is a major problem for the App Platform. If the IP itself is not stable there should be a page with instructions how to connect to Google Cloud SQL… it is after all a top 3 provider of cloud database services.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel