GCP: Permission denied to execute cloud_sql_proxy within Compute VM

google-cloud-sqlgoogle-compute-engine

I've created my first Compute instance with container-optimized OS and following scopes:

Cloud SQL       Enabled
Compute Engine      Read Write
Service Control     Enabled
Service Management      Read Only
Stackdriver Logging API     Write Only
Stackdriver Monitoring API      Write Only
Stackdriver Trace       Write Only
Storage     Read Only

I need to install Cloud SQL Proxy and I follow this documentation: https://cloud.google.com/sql/docs/postgres/connect-compute-engine#gce-connect-proxy

I can SSH without any problem, but I can't execute a command:

leszek@backend-app ~ $ wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
2018-04-10 19:52:00 (211 MB/s) - 'cloud_sql_proxy' saved [7505002/7505002]
leszek@backend-app ~ $ chmod +x cloud_sql_proxy
leszek@backend-app ~ $ ./cloud_sql_proxy -instances=my-instance=tcp:0.0.0.0:54
32
    -bash: ./cloud_sql_proxy: Permission denied
lgr@backend-app ~ $ sudo ./cloud_sql_proxy -instances=my-instance=tcp:0.0.0.0:5432
sudo: unable to execute ./cloud_sql_proxy: Permission denied

What obvious thing am I missing that I cannot even start the sql_proxy command?

Best Answer

The best option for deploying CloudSQL proxy on Container OS would be using the official CloudSQL container and linking networks.

docker run -d -v /cloudsql:/cloudsql \
  -v <PATH_TO_KEY_FILE>:/config \
  -p 127.0.0.1:5432:5432 \
  gcr.io/cloudsql-docker/gce-proxy:1.11 /cloud_sql_proxy \
  -instances=<INSTANCE_CONNECTION_NAME>=tcp:0.0.0.0:5432 -credential_file=/config

See: https://cloud.google.com/sql/docs/postgres/connect-docker

Related Topic