本页面将介绍如何为 Cloud SQL 实例配置公共 IP 连接。
简介
您可以将 Cloud SQL 实例配置为具有一个公共 IPv4 地址,并通过向该实例添加已获授权的 IP 地址,接受来自特定 IP 地址或地址范围的连接。
您不能将专用网络(例如 10.x.x.x)指定为已获授权的网络。
PostgreSQL 实例的公共 IP 地址:
IPv6:实例不支持 IPv6。
IPv4:实例具有自动分配的静态 IPv4 地址。关闭(停用)实例时,IP 地址将产生少量费用。
有关通过 IP 连接将管理客户端连接到实例的帮助信息,请参阅使用 IP 地址连接 psql 客户端 。
如果您将实例配置为使用其公共 IP 地址接受连接,请同时将其配置为使用 SSL 来保护数据安全。如需了解详情,请参阅为实例配置 SSL 。
如要为实例配置未向公共互联网公开的 IP 地址,请参阅配置专用 IP 连接 。
启用公共 IP 并添加已获授权的地址或地址范围
当您为实例启用公共 IP 时,Cloud SQL 会为该实例配置一个公共静态 IPv4 地址。启用公共 IP 后,您必须设置数据库连接授权。如需了解详情,请参阅授权选项 。
要启用公共 IP 并添加一个已获授权的地址,请执行以下操作:
控制台
在 Google Cloud 控制台中,转到 Cloud SQL 实例 页面。
转到“Cloud SQL 实例”
如需打开实例的概览 页面,请点击实例名称。
从 SQL 导航菜单中选择连接 。
点击网络 标签。
选择公共 IP 复选框。
点击添加网络 。
(可选)在名称 字段中,输入此网络的名称。
在网络 字段中,输入要允许连接的 IP 地址或地址范围。
使用 CIDR 表示法 。
点击完成 。
点击保存 。
gcloud
如果您还没有为实例添加一个 IPv4 地址,请先添加:
gcloud sql instances patch INSTANCE_NAME \
--assign-ip
描述实例以显示所有已获授权的现有地址:
gcloud sql instances describe INSTANCE_NAME
在 authorizedNetwork 下查找 authorizedNetwork 条目,并记下您要保留的所有已获授权的地址。
更新授权网络列表,以加入您想要的所有地址。
gcloud sql instances patch INSTANCE_NAME \
--authorized-networks= IP_ADDR1 ,IP_ADDR2 ...
使用 CIDR 表示法 。
确认所做的更改:
gcloud sql instances describe INSTANCE_NAME
如果您移除某个已获授权的地址,则来自该地址的现有连接并不会 断开。若要断开现有连接,请重启实例。
REST v1
描述实例以显示所有已获授权的现有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type ",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks": [],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
更新实例,以加入您要为实例设置的所有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
network_range_1 :已获授权的 IP 地址或范围
network_range_2 :另一个已获授权的 IP 地址或范围
HTTP 方法和网址:
PATCH https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id
请求 JSON 正文:
{
"settings":
{
"ipConfiguration":
{
"authorizedNetworks":
[{"value": "network_range_1 "}, {"value": "network_range_2 "}]
}
}
}
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
curl -X PATCH \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d @request.json \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id "
PowerShell (Windows)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method PATCH ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -InFile request.json ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id " | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-21T22:43:37.981Z",
"operationType": "UPDATE",
"name": "operation-id ",
"targetId": "instance-id ",
"selfLink": "https://sqladmin.googleapis.com/v1/projects/project-id /operations/operation-id ",
"targetProject": "project-id "
}
使用 CIDR 表示法 。
确认所做的更改:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
ip-address1 :第一个 IP 地址(CIDR 形式)
ip-address-name1 :第一个 IP 地址的名称
ip-address2 :第二个 IP 地址(CIDR 形式)
ip-address-name2 :第二个 IP 地址的名称
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type 4",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks":
[
{
"value": "ip-address1 ",
"name": "ip-address-name1 ",
"kind": "sql#aclEntry"
},
{
"value": "ip-address2 ",
"name": "ip-address-name2 ",
"kind": "sql#aclEntry"
}
],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
如果您移除某个已获授权的地址,则来自该地址的现有连接并不会 断开。若要断开现有连接,请重启实例。
如需启用公共 IP 并添加已获授权的地址或地址范围,请使用 Terraform 资源 。
应用更改
如需在 Google Cloud 项目中应用 Terraform 配置,请完成以下部分中的步骤。
准备 Cloud Shell
启动 Cloud Shell 。
设置要在其中应用 Terraform 配置的默认 Google Cloud 项目。
您只需为每个项目运行一次以下命令,即可在任何目录中运行它。
export GOOGLE_CLOUD_PROJECT=PROJECT_ID
如果您在 Terraform 配置文件中设置显式值,则环境变量会被替换。
准备目录
每个 Terraform 配置文件都必须有自己的目录(也称为“根模块” )。
在 Cloud Shell 中,创建一个目录,并在该目录中创建一个新文件。文件名必须具有 .tf
扩展名,例如 main.tf
。在本教程中,该文件称为 main.tf
。
mkdir DIRECTORY && cd DIRECTORY && touch main.tf
如果您按照教程进行操作,可以在每个部分或步骤中复制示例代码。
将示例代码复制到新创建的 main.tf
中。
(可选)从 GitHub 中复制代码。如果端到端解决方案包含 Terraform 代码段,则建议这样做。
查看和修改要应用到您的环境的示例参数。
保存更改。
初始化 Terraform。您只需为每个目录执行一次此操作。
terraform init
(可选)如需使用最新的 Google 提供程序版本,请添加 -upgrade
选项:
terraform init -upgrade
应用更改
查看配置并验证 Terraform 将创建或更新的资源是否符合您的预期:
terraform plan
根据需要更正配置。
通过运行以下命令并在提示符处输入 yes
来应用 Terraform 配置:
terraform apply
等待 Terraform 显示“应用完成!”消息。
打开您的 Google Cloud 项目 以查看结果。在 Google Cloud 控制台的界面中找到资源,以确保 Terraform 已创建或更新它们。
注意 :Terraform 示例通常假定您的 Google Cloud 项目中启用了所需的 API。
删除更改
如需删除更改,请执行以下操作:
如需停用删除防护,请在 Terraform 配置文件中将 deletion_protection
参数设置为 false
。
deletion_protection = "false"
运行以下命令并在提示符处输入 yes
,以应用更新后的 Terraform 配置:
terraform apply
运行以下命令并在提示符处输入 yes
,以移除之前使用 Terraform 配置应用的资源:
terraform destroy
REST v1beta4
描述实例以显示所有已获授权的现有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type ",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks": [],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
更新实例,以加入您要为实例设置的所有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
network_range_1 :已获授权的 IP 地址或范围
network_range_2 :另一个已获授权的 IP 地址或范围
HTTP 方法和网址:
PATCH https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id
请求 JSON 正文:
{
"settings":
{
"ipConfiguration":
{
"authorizedNetworks":
[{"value": "network_range_1 "}, {"value": "network_range_2 "}]
}
}
}
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
curl -X PATCH \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d @request.json \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id "
PowerShell (Windows)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method PATCH ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -InFile request.json ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id " | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-21T22:43:37.981Z",
"operationType": "UPDATE",
"name": "operation-id ",
"targetId": "instance-id ",
"selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /operations/operation-id ",
"targetProject": "project-id "
}
使用 CIDR 表示法 。
确认所做的更改:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
ip-address1 :第一个 IP 地址(CIDR 形式)
ip-address-name1 :第一个 IP 地址的名称
ip-address2 :第二个 IP 地址(CIDR 形式)
ip-address-name2 :第二个 IP 地址的名称
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type 4",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks":
[
{
"value": "ip-address1 ",
"name": "ip-address-name1 ",
"kind": "sql#aclEntry"
},
{
"value": "ip-address2 ",
"name": "ip-address-name2 ",
"kind": "sql#aclEntry"
}
],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
如果您移除某个已获授权的地址,则来自该地址的现有连接并不会 断开。若要断开现有连接,请重启实例。
移除已获授权的地址或地址范围
要移除某个授权地址,请按如下所述操作:
控制台
在 Google Cloud 控制台中,转到 Cloud SQL 实例 页面。
转到“Cloud SQL 实例”
如需打开实例的概览 页面,请点击实例名称。
从 SQL 导航菜单中选择连接 。
点击要删除的地址对应的删除图标 。
点击保存 以更新实例。
gcloud
描述实例以显示所有现有授权地址:
gcloud sql instances describe INSTANCE_NAME
在 authorizedNetwork 下查找 authorizedNetwork 条目,并记下您要保留的所有已获授权的地址。
更新授权网络列表,以舍弃您想要移除的所有地址。
gcloud sql instances patch INSTANCE_NAME \
--authorized-networks= IP_ADDR1 ,IP_ADDR2 ...
确认所做的更改:
gcloud sql instances describe INSTANCE_NAME
REST v1
描述实例以显示所有已获授权的现有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
ip-address1 :第一个 IP 地址(CIDR 形式)
ip-address-name1 :第一个 IP 地址的名称
ip-address2 :第二个 IP 地址(CIDR 形式)
ip-address-name2 :第二个 IP 地址的名称
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type 4",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks":
[
{
"value": "ip-address1 ",
"name": "ip-address-name1 ",
"kind": "sql#aclEntry"
},
{
"value": "ip-address2 ",
"name": "ip-address-name2 ",
"kind": "sql#aclEntry"
}
],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
更新实例,以加入您要保留的所有地址并舍弃您要移除的所有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
network_range_1 :要移除的已获授权的 IP 地址或网络范围
HTTP 方法和网址:
PATCH https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id
请求 JSON 正文:
{
"settings":
{
"ipConfiguration":
{
"authorizedNetworks":
[{"value": "network_range_1 "}]
}
}
}
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
curl -X PATCH \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d @request.json \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id "
PowerShell (Windows)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method PATCH ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -InFile request.json ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id " | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-21T22:43:37.981Z",
"operationType": "UPDATE",
"name": "operation-id ",
"targetId": "instance-id ",
"selfLink": "https://sqladmin.googleapis.com/v1/projects/project-id /operations/operation-id ",
"targetProject": "project-id "
}
确认所做的更改:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
ip-address :IP 地址(CIDR 形式)
ip-address-name :IP 地址的名称
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type ",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks":
[
{
"value": "ip-address ",
"name": "ip-address-name ",
"kind": "sql#aclEntry"
}
],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
REST v1beta4
描述实例以显示所有已获授权的现有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
ip-address1 :第一个 IP 地址(CIDR 形式)
ip-address-name1 :第一个 IP 地址的名称
ip-address2 :第二个 IP 地址(CIDR 形式)
ip-address-name2 :第二个 IP 地址的名称
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type 4",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks":
[
{
"value": "ip-address1 ",
"name": "ip-address-name1 ",
"kind": "sql#aclEntry"
},
{
"value": "ip-address2 ",
"name": "ip-address-name2 ",
"kind": "sql#aclEntry"
}
],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
更新实例,以加入您要保留的所有地址并舍弃您要移除的所有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
network_range_1 :要移除的已获授权的 IP 地址或网络范围
HTTP 方法和网址:
PATCH https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id
请求 JSON 正文:
{
"settings":
{
"ipConfiguration":
{
"authorizedNetworks":
[{"value": "network_range_1 "}]
}
}
}
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
curl -X PATCH \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d @request.json \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id "
PowerShell (Windows)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method PATCH ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -InFile request.json ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id " | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-21T22:43:37.981Z",
"operationType": "UPDATE",
"name": "operation-id ",
"targetId": "instance-id ",
"selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /operations/operation-id ",
"targetProject": "project-id "
}
确认所做的更改:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
ip-address :IP 地址(CIDR 形式)
ip-address-name :IP 地址的名称
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type ",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks":
[
{
"value": "ip-address ",
"name": "ip-address-name ",
"kind": "sql#aclEntry"
}
],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
如果您移除某个已获授权的地址,则来自该地址的现有连接并不会 断开。若要断开现有连接,请重启实例。
将实例配置为拒绝所有公共 IP 连接
要将实例配置为拒绝所有公共 IP 连接,请执行以下操作:
控制台
在 Google Cloud 控制台中,转到 Cloud SQL 实例 页面。
转到“Cloud SQL 实例”
如需打开实例的概览 页面,请点击实例名称。
从 SQL 导航菜单中选择连接 。
点击所有已获授权的地址对应的删除图标 。
点击保存 以更新实例。
gcloud
清除授权地址列表:
gcloud sql instances patch INSTANCE_NAME \
--clear-authorized-networks
确认所做的更改:
gcloud sql instances describe INSTANCE_NAME
REST v1
描述实例以显示所有已获授权的现有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
ip-address1 :第一个 IP 地址(CIDR 形式)
ip-address-name1 :第一个 IP 地址的名称
ip-address2 :第二个 IP 地址(CIDR 形式)
ip-address-name2 :第二个 IP 地址的名称
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type 4",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks":
[
{
"value": "ip-address1 ",
"name": "ip-address-name1 ",
"kind": "sql#aclEntry"
},
{
"value": "ip-address2 ",
"name": "ip-address-name2 ",
"kind": "sql#aclEntry"
}
],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
更新实例,以清空地址列表:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
HTTP 方法和网址:
PATCH https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id
请求 JSON 正文:
{
"settings":
{
"ipConfiguration":
{
"authorizedNetworks": []
}
}
}
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
curl -X PATCH \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d @request.json \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id "
PowerShell (Windows)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method PATCH ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -InFile request.json ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id " | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-21T22:43:37.981Z",
"operationType": "UPDATE",
"name": "operation-id ",
"targetId": "instance-id ",
"selfLink": "https://sqladmin.googleapis.com/v1/projects/project-id /operations/operation-id ",
"targetProject": "project-id "
}
确认所做的更改:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type ",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks": [],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
REST v1beta4
描述实例以显示所有已获授权的现有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
ip-address1 :第一个 IP 地址(CIDR 形式)
ip-address-name1 :第一个 IP 地址的名称
ip-address2 :第二个 IP 地址(CIDR 形式)
ip-address-name2 :第二个 IP 地址的名称
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type 4",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks":
[
{
"value": "ip-address1 ",
"name": "ip-address-name1 ",
"kind": "sql#aclEntry"
},
{
"value": "ip-address2 ",
"name": "ip-address-name2 ",
"kind": "sql#aclEntry"
}
],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
更新实例,以清空地址列表:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
HTTP 方法和网址:
PATCH https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id
请求 JSON 正文:
{
"settings":
{
"ipConfiguration":
{
"authorizedNetworks": []
}
}
}
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
curl -X PATCH \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d @request.json \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id "
PowerShell (Windows)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method PATCH ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -InFile request.json ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id " | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-21T22:43:37.981Z",
"operationType": "UPDATE",
"name": "operation-id ",
"targetId": "instance-id ",
"selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /operations/operation-id ",
"targetProject": "project-id "
}
确认所做的更改:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type ",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks": [],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
如果您移除某个已获授权的地址,则来自该地址的现有连接并不会 断开。若要断开现有连接,请重启实例。
停用公共 IP
您可以停用公共 IP,但前提是您的实例也配置为使用专用 IP。如需启用专用 IP,请参阅将现有实例配置为使用专用 IP 。
注意 :在为某个实例停用公共 IP 后,该实例的 IPv4 地址会被释放。如果您日后为此实例重新启用公共 IP,则此实例会获得一个不同的 IPv4 地址,并且所有使用这个公共 IP 地址连接到该实例的应用都必须进行修改。 如需停用公共 IP,请按如下所述操作:
控制台
在 Google Cloud 控制台中,转到 Cloud SQL 实例 页面。
转到“Cloud SQL 实例”
如需打开实例的概览 页面,请点击实例名称。
从 SQL 导航菜单中选择连接 。
取消选中公共 IP 复选框。
点击保存 以更新实例。
gcloud
更新实例:
gcloud sql instances patch INSTANCE_NAME \
--no-assign-ip
确认所做的更改:
gcloud sql instances describe INSTANCE_NAME
REST v1
描述实例以显示所有已获授权的现有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
ip-address1 :第一个 IP 地址(CIDR 形式)
ip-address-name1 :第一个 IP 地址的名称
ip-address2 :第二个 IP 地址(CIDR 形式)
ip-address-name2 :第二个 IP 地址的名称
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type 4",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks":
[
{
"value": "ip-address1 ",
"name": "ip-address-name1 ",
"kind": "sql#aclEntry"
},
{
"value": "ip-address2 ",
"name": "ip-address-name2 ",
"kind": "sql#aclEntry"
}
],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
更新实例:
在使用任何请求数据之前,请先进行以下替换:
PROJECT_ID: 项目 ID
INSTANCE_ID: 实例 ID
VPC_NETWORK_NAME: 指定要用于此实例的 Virtual Private Cloud (VPC) 网络的名称。该网络必须已配置专用服务访问通道。
RANGE_NAME: 可选。 如果指定此标志,则系统会设置为其分配 IP 地址范围的范围名称。范围名称必须符合 RFC-1035
并且包含 1-63 个字符。
AUTHORIZED_NETWORKS: 对于公共 IP 连接,请指定可连接到实例的已获授权网络的连接。
对于 ipv4Enabled
参数,如果您为实例使用公共 IP 地址,请将值设置为 true
;如果实例具有专用 IP 地址,请将值设置为 false
。
如果您将 enablePrivatePathForGoogleCloudServices
参数设置为 true
,则允许其他 Google Cloud 服务(例如 BigQuery)访问 Cloud SQL 中的数据,并通过专用 IP 连接对此数据进行查询。如果将此参数设置为 false
,则其他 Google Cloud 服务无法通过专用 IP 连接访问 Cloud SQL 中的数据。
HTTP 方法和网址:
POST https://sqladmin.googleapis.com/v1/projects/PROJECT_ID /instances
请求 JSON 正文:
{
"name": "INSTANCE_ID ",
"region": "region",
"databaseVersion": "database-version",
"settings": {
"tier": "machine-type",
"ipConfiguration": {
"ipv4Enabled": false,
"privateNetwork": "projects/PROJECT_ID /global/networks/VPC_NETWORK_NAME ",
"allocatedIpRange": "RANGE_NAME "
"authorizedNetworks": [AUTHORIZED_NETWORKS ],
"enablePrivatePathForGoogleCloudServices": true
}
}
}
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
curl -X POST \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d @request.json \ "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID /instances"
PowerShell (Windows)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method POST ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -InFile request.json ` -Uri "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID /instances" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID /instances/INSTANCE_ID ",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-21T22:43:37.981Z",
"operationType": "CREATE",
"name": "OPERATION_ID ",
"targetId": "INSTANCE_ID ",
"selfLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID /operations/OPERATION_ID ",
"targetProject": "PROJECT_ID "
}
确认所做的更改:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/v1/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type ",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks": [],
"ipv4Enabled": false
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
REST v1beta4
描述实例以显示所有已获授权的现有地址:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
ip-address1 :第一个 IP 地址(CIDR 形式)
ip-address-name1 :第一个 IP 地址的名称
ip-address2 :第二个 IP 地址(CIDR 形式)
ip-address-name2 :第二个 IP 地址的名称
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type 4",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks":
[
{
"value": "ip-address1 ",
"name": "ip-address-name1 ",
"kind": "sql#aclEntry"
},
{
"value": "ip-address2 ",
"name": "ip-address-name2 ",
"kind": "sql#aclEntry"
}
],
"ipv4Enabled": true
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
更新实例:
在使用任何请求数据之前,请先进行以下替换:
PROJECT_ID: 项目 ID
INSTANCE_ID: 实例 ID
VPC_NETWORK_NAME: 指定要用于此实例的 Virtual Private Cloud (VPC) 网络的名称。该网络必须已配置专用服务访问通道。
RANGE_NAME: 可选。 如果指定此标志,则系统会设置为其分配 IP 地址范围的范围名称。范围名称必须符合 RFC-1035
并且包含 1-63 个字符。
AUTHORIZED_NETWORKS: 对于公共 IP 连接,请指定可连接到实例的已获授权网络的连接。
对于 ipv4Enabled
参数,如果您为实例使用公共 IP 地址,请将值设置为 true
;如果实例具有专用 IP 地址,请将值设置为 false
。
如果您将 enablePrivatePathForGoogleCloudServices
参数设置为 true
,则允许其他 Google Cloud 服务(例如 BigQuery)访问 Cloud SQL 中的数据,并通过专用 IP 连接对此数据进行查询。如果将此参数设置为 false
,则其他 Google Cloud 服务无法通过专用 IP 连接访问 Cloud SQL 中的数据。
HTTP 方法和网址:
POST https://sqladmin.googleapis.com/v1beta4/projects/PROJECT_ID /instances
请求 JSON 正文:
{
"name": "INSTANCE_ID ",
"region": "region",
"databaseVersion": "database-version",
"settings": {
"tier": "machine-type",
"ipConfiguration": {
"ipv4Enabled": false,
"privateNetwork": "projects/PROJECT_ID /global/networks/VPC_NETWORK_NAME ",
"allocatedIpRange": "RANGE_NAME "
"authorizedNetworks": [AUTHORIZED_NETWORKS ],
"enablePrivatePathForGoogleCloudServices": true
}
}
}
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
curl -X POST \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d @request.json \ "https://sqladmin.googleapis.com/v1beta4/projects/PROJECT_ID /instances"
PowerShell (Windows)
将请求正文保存在名为 request.json
的文件中,然后执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method POST ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -InFile request.json ` -Uri "https://sqladmin.googleapis.com/v1beta4/projects/PROJECT_ID /instances" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID /instances/INSTANCE_ID ",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-21T22:43:37.981Z",
"operationType": "CREATE",
"name": "OPERATION_ID ",
"targetId": "INSTANCE_ID ",
"selfLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID /operations/OPERATION_ID ",
"targetProject": "PROJECT_ID "
}
确认所做的更改:
在使用任何请求数据之前,请先进行以下替换:
project-id :项目 ID
instance-id :实例 ID
machine-type :实例机器类型
zone :实例区域
HTTP 方法和网址:
GET https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings
如需发送您的请求,请展开以下选项之一:
curl(Linux、macOS 或 Cloud Shell)
执行以下命令:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings"
PowerShell (Windows)
执行以下命令:
$cred = gcloud auth print-access-token $headers = @{ "Authorization" = "Bearer $cred" } Invoke-WebRequest ` -Method GET ` -Headers $headers ` -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=settings" | Select-Object -Expand Content
您应该收到类似以下内容的 JSON 响应:
响应
{
"settings":
{
"authorizedGaeApplications": [],
"tier": "machine-type ",
"kind": "sql#settings",
"availabilityType": "REGIONAL",
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"activationPolicy": "ALWAYS",
"ipConfiguration":
{
"privateNetwork": "projects/project-id /global/networks/default",
"authorizedNetworks": [],
"ipv4Enabled": false
},
"locationPreference":
{
"zone": "zone ",
"kind": "sql#locationPreference"
},
"dataDiskType": "PD_SSD",
"maintenanceWindow":
{
"kind": "sql#maintenanceWindow",
"hour": 0,
"day": 0
},
"backupConfiguration":
{
"startTime": "03:00",
"kind": "sql#backupConfiguration",
"enabled": true,
"binaryLogEnabled": true
},
"settingsVersion": "54",
"storageAutoResizeLimit": "0",
"storageAutoResize": true,
"dataDiskSizeGb": "10"
}
}
问题排查
问题
问题排查
Aborted connection
。
可能的问题:网络不稳定。
没有对 TCP keep-alive 命令的响应(客户端或服务器无响应,可能超载)。
超出了数据库引擎的连接生命周期,服务器终止了该连接。
应用必须能够容忍网络故障并遵循最佳做法 ,例如连接池和重试。大多数连接池程序会尽可能捕获这些错误。否则,应用必须正常重试或失败。
对于连接重试,我们建议使用以下方法:
指数退避算法 。以指数方式增加每次重试之间的时间间隔。
另外,增加随机退避时间。
结合使用这些方法有助于减少限制。
Certificate verify failed
。
客户端证书已过期,或证书路径不正确。
通过重新创建证书 重新生成证书。
FATAL: database 'user' does not exist
。
gcloud sql connect --user
仅适用于默认的 postgres
用户。使用默认用户进行连接,然后更改用户。
您想知道是谁处于连接状态。
登录到数据库并运行以下命令:
SELECT datname,
usename,
application_name as appname,
client_addr,
state,
now() - backend_start as conn_age,
now() - state_change as last_activity_age
FROM pg_stat_activity
WHERE backend_type = 'client backend'
ORDER BY 6 DESC
LIMIT 20
Hostname/IP does not match certificate's altnames:
Host: localhost. is not in the cert's altnames
。
主机地址与服务器证书备用名称中的地址不匹配。
如果您使用的是具有 verify-full 或其等效功能的 Node.js,请将 DNS 名称用于 servername 参数。您可以使用 openssl 在服务器证书中找到 DNS 名称。例如 openssl x509 -in server-cert.pem -noout -text |grep 'DNS:'
。
ssl: {
rejectUnauthorized: true,
ca: fs.readFileSync( "/path/to/server/CA" ) ,
servername: 'N-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx.us-central1.sql.goog'
}
后续步骤