使用 Cloud 运行 的 dotnetcore 应用程序的正确 Cloud SQL 连接字符串语法是什么?
What is the correct Cloud SQL connection string syntax for dotnetcore app with Cloud Run?
我想在 Cloud 运行 上使用 Google Cloud SQL 数据库设置 .NET Core Web 应用程序。我轻松地部署了在云 SQL 上具有 public IP 的数据库和在云 运行 上使用 Docker 容器的 Web 应用程序。我可以毫无困难地使用 SQL Server Management Studio 访问数据库,Web 应用程序已启动并且 运行 符合预期。唯一缺少的是它们之间允许它们连接的 link。
在我的 Web 应用程序中,我得到了该格式的连接字符串:
Data Source=***;Initial Catalog=***;User ID=***;Password=***;Pooling=true;Trusted_Connection=false;Connection Timeout=60;Integrated Security=false;Persist Security Info={0};Encrypt=true;TrustServerCertificate=true;MultipleActiveResultSets=true;
一旦我从 Cloud SQL 获得 public IP 和 连接名称 ,应该如何准确地说是连接字符串and/or接下来的步骤?
此外,在云 运行 服务下的连接选项卡中,我添加了云 SQL 连接。这应该为我配置云 SQL 代理。
要从云端 运行 连接到云端 SQL,您必须遵循 this guide
您已经按照 Configuring Cloud Run section. You can check the guide for the Public IP 中所述在 Connections 选项卡中进行了一些配置,因为您以这种方式配置了您的实例,以确保遵循所有步骤.
简而言之,步骤是:
- Configure the service account for your service. Make sure that the service account has the appropriate Cloud SQL roles and permissions to connect to Cloud SQL.
The service account for your service needs one of the following IAM roles:
Cloud SQL Client
(preferred)
Cloud SQL Admin
If the authorizing service account belongs to a different project than the Cloud SQL instance, the Cloud SQL Admin API and IAM permissions will need to be added for both projects.
Like any configuration change, setting a new configuration for the Cloud SQL connection leads to the creation of a new Cloud Run revision. Subsequent revisions will also automatically get this Cloud SQL connection, unless you make explicit updates to change it.
- Go to Cloud Run
- Configure the service:
- If you are adding Cloud SQL connections to an existing service:
- Click on the service name.
- Click on the Connections tab.
- Click Deploy.
- Enable connecting to a Cloud SQL instance:
- Click Advanced Settings.
- Click on the Connections tab.
- If you are adding a connection to a Cloud SQL instance in your project, select the desired Cloud SQL instance from the dropdown menu.
- If you are deleting a connection, hover your cursor to the right of the connection to display the Trash icon, and click it.
- Click Create or Deploy.
仔细检查上述步骤后,您可以继续 Connecting to Cloud SQL. You can follow the steps on the Public IP 选项卡部分。
Connect with Unix sockets
Once correctly configured, you can connect your service to your Cloud SQL instance's Unix domain socket accessed on the environment's filesystem at the following path: /cloudsql/INSTANCE_CONNECTION_NAME
.
The INSTANCE_CONNECTION_NAME can be found on the Overview page for your instance in the Google Cloud Console or by running the following command:
gcloud sql instances describe [INSTANCE_NAME]
.
These connections are automatically encrypted without any additional configuration.
The code samples shown below are extracts from more complete examples on the GitHub site. To see this snippet in the context of a web application, view the README on GitHub.
// Equivalent connection string:
// "Server=<dbSocketDir>/<INSTANCE_CONNECTION_NAME>;Uid=<DB_USER>;Pwd=<DB_PASS>;Database=<DB_NAME>;Protocol=unix"
String dbSocketDir = Environment.GetEnvironmentVariable("DB_SOCKET_PATH") ?? "/cloudsql";
String instanceConnectionName = Environment.GetEnvironmentVariable("INSTANCE_CONNECTION_NAME");
var connectionString = new MySqlConnectionStringBuilder()
{
// The Cloud SQL proxy provides encryption between the proxy and instance.
SslMode = MySqlSslMode.None,
// Remember - storing secrets in plain text is potentially unsafe. Consider using
// something like https://cloud.google.com/secret-manager/docs/overview to help keep
// secrets secret.
Server = String.Format("{0}/{1}", dbSocketDir, instanceConnectionName),
UserID = Environment.GetEnvironmentVariable("DB_USER"), // e.g. 'my-db-user
Password = Environment.GetEnvironmentVariable("DB_PASS"), // e.g. 'my-db-password'
Database = Environment.GetEnvironmentVariable("DB_NAME"), // e.g. 'my-database'
ConnectionProtocol = MySqlConnectionProtocol.UnixSocket
};
connectionString.Pooling = true;
// Specify additional properties here.
return connectionString;
Google recommends that you use Secret Manager to store sensitive information such as SQL credentials. You can pass secrets as environment variables or mount as a volume with Cloud Run.
After creating a secret in Secret Manager, update an existing service, with the following command:
gcloud run services update SERVICE_NAME \
--add-cloudsql-instances=INSTANCE_CONNECTION_NAME
--update-env-vars=INSTANCE_CONNECTION_NAME=INSTANCE_CONNECTION_NAME_SECRET \
--update-secrets=DB_USER=DB_USER_SECRET:latest \
--update-secrets=DB_PASS=DB_PASS_SECRET:latest \
--update-secrets=DB_NAME=DB_NAME_SECRET:latest
另请参阅:
我想在 Cloud 运行 上使用 Google Cloud SQL 数据库设置 .NET Core Web 应用程序。我轻松地部署了在云 SQL 上具有 public IP 的数据库和在云 运行 上使用 Docker 容器的 Web 应用程序。我可以毫无困难地使用 SQL Server Management Studio 访问数据库,Web 应用程序已启动并且 运行 符合预期。唯一缺少的是它们之间允许它们连接的 link。
在我的 Web 应用程序中,我得到了该格式的连接字符串:
Data Source=***;Initial Catalog=***;User ID=***;Password=***;Pooling=true;Trusted_Connection=false;Connection Timeout=60;Integrated Security=false;Persist Security Info={0};Encrypt=true;TrustServerCertificate=true;MultipleActiveResultSets=true;
一旦我从 Cloud SQL 获得 public IP 和 连接名称 ,应该如何准确地说是连接字符串and/or接下来的步骤?
此外,在云 运行 服务下的连接选项卡中,我添加了云 SQL 连接。这应该为我配置云 SQL 代理。
要从云端 运行 连接到云端 SQL,您必须遵循 this guide
您已经按照 Configuring Cloud Run section. You can check the guide for the Public IP 中所述在 Connections 选项卡中进行了一些配置,因为您以这种方式配置了您的实例,以确保遵循所有步骤.
简而言之,步骤是:
- Configure the service account for your service. Make sure that the service account has the appropriate Cloud SQL roles and permissions to connect to Cloud SQL. The service account for your service needs one of the following IAM roles:
Cloud SQL Client
(preferred)Cloud SQL Admin
If the authorizing service account belongs to a different project than the Cloud SQL instance, the Cloud SQL Admin API and IAM permissions will need to be added for both projects.
Like any configuration change, setting a new configuration for the Cloud SQL connection leads to the creation of a new Cloud Run revision. Subsequent revisions will also automatically get this Cloud SQL connection, unless you make explicit updates to change it.
- Go to Cloud Run
- Configure the service:
- If you are adding Cloud SQL connections to an existing service:
- Click on the service name.
- Click on the Connections tab.
- Click Deploy.
- Enable connecting to a Cloud SQL instance:
- Click Advanced Settings.
- Click on the Connections tab.
- If you are adding a connection to a Cloud SQL instance in your project, select the desired Cloud SQL instance from the dropdown menu.
- If you are deleting a connection, hover your cursor to the right of the connection to display the Trash icon, and click it.
- Click Create or Deploy.
仔细检查上述步骤后,您可以继续 Connecting to Cloud SQL. You can follow the steps on the Public IP 选项卡部分。
Connect with Unix sockets
Once correctly configured, you can connect your service to your Cloud SQL instance's Unix domain socket accessed on the environment's filesystem at the following path:
/cloudsql/INSTANCE_CONNECTION_NAME
.The INSTANCE_CONNECTION_NAME can be found on the Overview page for your instance in the Google Cloud Console or by running the following command:
gcloud sql instances describe [INSTANCE_NAME]
.These connections are automatically encrypted without any additional configuration.
The code samples shown below are extracts from more complete examples on the GitHub site. To see this snippet in the context of a web application, view the README on GitHub.
// Equivalent connection string:
// "Server=<dbSocketDir>/<INSTANCE_CONNECTION_NAME>;Uid=<DB_USER>;Pwd=<DB_PASS>;Database=<DB_NAME>;Protocol=unix"
String dbSocketDir = Environment.GetEnvironmentVariable("DB_SOCKET_PATH") ?? "/cloudsql";
String instanceConnectionName = Environment.GetEnvironmentVariable("INSTANCE_CONNECTION_NAME");
var connectionString = new MySqlConnectionStringBuilder()
{
// The Cloud SQL proxy provides encryption between the proxy and instance.
SslMode = MySqlSslMode.None,
// Remember - storing secrets in plain text is potentially unsafe. Consider using
// something like https://cloud.google.com/secret-manager/docs/overview to help keep
// secrets secret.
Server = String.Format("{0}/{1}", dbSocketDir, instanceConnectionName),
UserID = Environment.GetEnvironmentVariable("DB_USER"), // e.g. 'my-db-user
Password = Environment.GetEnvironmentVariable("DB_PASS"), // e.g. 'my-db-password'
Database = Environment.GetEnvironmentVariable("DB_NAME"), // e.g. 'my-database'
ConnectionProtocol = MySqlConnectionProtocol.UnixSocket
};
connectionString.Pooling = true;
// Specify additional properties here.
return connectionString;
Google recommends that you use Secret Manager to store sensitive information such as SQL credentials. You can pass secrets as environment variables or mount as a volume with Cloud Run.
After creating a secret in Secret Manager, update an existing service, with the following command:
gcloud run services update SERVICE_NAME \
--add-cloudsql-instances=INSTANCE_CONNECTION_NAME
--update-env-vars=INSTANCE_CONNECTION_NAME=INSTANCE_CONNECTION_NAME_SECRET \
--update-secrets=DB_USER=DB_USER_SECRET:latest \
--update-secrets=DB_PASS=DB_PASS_SECRET:latest \
--update-secrets=DB_NAME=DB_NAME_SECRET:latest
另请参阅: