{ "id": "cloud/gcp-cloud-run-egress-connection-refused", "signature": "Error: dial tcp 10.0.0.4:3306: connect: connection refused — Cloud Run cannot reach Cloud SQL via private IP without VPC Connector", "signature_zh": "错误:拨号 tcp 10.0.0.4:3306:连接被拒绝——Cloud Run 在没有 VPC 连接器的情况下无法通过私有 IP 访问 Cloud SQL", "regex": "dial tcp \\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}:\\d+: connect: connection refused", "domain": "cloud", "category": "network_error", "subcategory": null, "root_cause": "Cloud Run in serverless mode cannot directly access resources on a VPC network; a Serverless VPC Access connector is required to route traffic to private IP endpoints like Cloud SQL.", "root_cause_type": "generic", "root_cause_zh": "无服务器模式下的 Cloud Run 无法直接访问 VPC 网络上的资源;需要 Serverless VPC Access 连接器才能将流量路由到 Cloud SQL 等私有 IP 端点。", "versions": [ { "version": "Cloud Run (fully managed) gcloud 474.0.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Cloud SQL for MySQL 8.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "gcloud CLI 474.0.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "", "why_fails": "Adding public IP to Cloud SQL and allowing 0.0.0.0/0 is insecure and often blocked by organizational policy; it also doesn't resolve the VPC routing issue.", "fail_rate": 0.95, "condition": "", "sources": [] }, { "action": "", "why_fails": "Simply adding the Cloud SQL connection string to the Cloud Run environment variable does not create the network path; it only configures the client.", "fail_rate": 0.9, "condition": "", "sources": [] }, { "action": "", "why_fails": "Enabling 'Direct VPC Egress' on Cloud Run without a connector still doesn't route to private IPs; it only allows outbound traffic to the internet through the VPC.", "fail_rate": 0.7, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Create a Serverless VPC Access connector in the same VPC and region as Cloud SQL, then attach it to the Cloud Run service: `gcloud compute networks vpc-access connectors create my-connector --region=us-central1 --network=default --range=10.8.0.0/28` and `gcloud run deploy my-service --vpc-connector my-connector`", "success_rate": 0.95, "how": "Create a Serverless VPC Access connector in the same VPC and region as Cloud SQL, then attach it to the Cloud Run service: `gcloud compute networks vpc-access connectors create my-connector --region=us-central1 --network=default --range=10.8.0.0/28` and `gcloud run deploy my-service --vpc-connector my-connector`", "condition": "", "sources": [] }, { "action": "Alternatively, use Cloud SQL Auth Proxy sidecar in Cloud Run by building a custom container that runs the proxy and your app, connecting via Unix socket at /cloudsql/INSTANCE_CONNECTION_NAME.", "success_rate": 0.85, "how": "Alternatively, use Cloud SQL Auth Proxy sidecar in Cloud Run by building a custom container that runs the proxy and your app, connecting via Unix socket at /cloudsql/INSTANCE_CONNECTION_NAME.", "condition": "", "sources": [] } ], "workarounds_zh": [ "Create a Serverless VPC Access connector in the same VPC and region as Cloud SQL, then attach it to the Cloud Run service: `gcloud compute networks vpc-access connectors create my-connector --region=us-central1 --network=default --range=10.8.0.0/28` and `gcloud run deploy my-service --vpc-connector my-connector`", "Alternatively, use Cloud SQL Auth Proxy sidecar in Cloud Run by building a custom container that runs the proxy and your app, connecting via Unix socket at /cloudsql/INSTANCE_CONNECTION_NAME." ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://cloud.google.com/run/docs/configuring/connecting-vpc", "official_doc_section": null, "error_code": null, "verification_tier": "ai_generated", "confidence": 0.85, "fix_success_rate": 0.9, "resolvable": "true", "first_seen": "2024-03-15", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }