This page describes how to connect to your Cloud SQL instance using the Cloud SQL Auth Proxy.
For more information about how the Cloud SQL Auth Proxy works, see About the Cloud SQL Auth Proxy.
OverviewUsing the Cloud SQL Auth Proxy is the recommended method for connecting to a Cloud SQL instance. The Cloud SQL Auth Proxy:
Some Google Cloud services and applications use the Cloud SQL Auth Proxy to provide connections for public IP paths with encryption and authorization, including:
Applications running in Google Kubernetes Engine can connect using the Cloud SQL Auth Proxy.
Note: For connecting from Google Kubernetes Engine, we recommend running the Cloud SQL Auth Proxy in asidecar pattern, as an additional container that shares a pod with your application. Also see the related quickstart.
See the Quickstart for using the Cloud SQL Auth Proxy for a basic introduction to its usage.
You can also connect, with or without the Cloud SQL Auth Proxy, using a sqlcmd client from a local machine or Compute Engine.
Before you beginBefore you can connect to a Cloud SQL instance, do the following:
cloudsql.instances.connect permission, which authorizes a principal to connect to all Cloud SQL instances in a project.
Enable the Cloud SQL Admin API.
curl -o cloud-sql-proxy https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.17.1/cloud-sql-proxy.linux.amd64
chmod +x cloud-sql-proxy
curl -o cloud-sql-proxy https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.17.1/cloud-sql-proxy.linux.386
curl command is not found, run sudo apt install curl and repeat the download command.chmod +x cloud-sql-proxy
curl -o cloud-sql-proxy https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.17.1/cloud-sql-proxy.darwin.amd64
chmod +x cloud-sql-proxy
curl -o cloud-sql-proxy https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.17.1/cloud-sql-proxy.darwin.arm64
chmod +x cloud-sql-proxy
cloud-sql-proxy.exe. Windows 32-bit Right-click https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.17.1/cloud-sql-proxy.x86.exe and select Save Link As to download the Cloud SQL Auth Proxy. Rename the file to cloud-sql-proxy.exe. Cloud SQL Auth Proxy Docker image
The Cloud SQL Auth Proxy has different container images, such as distroless, alpine, and buster. The default Cloud SQL Auth Proxy container image uses distroless, which contains no shell. If you need a shell or related tools, then download an image based on alpine or buster. For more information, see Cloud SQL Auth Proxy Container Images.
You can pull the latest image to your local machine using Docker by using the following command:
docker pull gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.17.1Note: The Cloud SQL Auth Proxy uses a repository that supports the
gcr.io domain but serves images from Artifact Registry. For more information, see Transition from Container Registry. Other OS For other operating systems not included here, you can compile the Cloud SQL Auth Proxy from source. Start the Cloud SQL Auth Proxy
You can start the Cloud SQL Auth Proxy using TCP sockets or the Cloud SQL Auth Proxy Docker image. The Cloud SQL Auth Proxy binary connects to one or more Cloud SQL instances specified on the command line, and opens a local connection as a TCP socket. Other applications and services, such as your application code or database management client tools, can connect to Cloud SQL instances through that TCP socket connection.
Warning: Be careful when binding the Cloud SQL Auth Proxy to an external interface. Anyone with access to that interface/port will be authorized to connect to your instance. TCP socketsFor TCP connections, the Cloud SQL Auth Proxy listens on localhost(127.0.0.1) by default. So, when you specify --port PORT_NUMBER for an instance, the local connection is at 127.0.0.1:PORT_NUMBER.
Alternatively, you can specify a different address for the local connection. For example, here's how to make the Cloud SQL Auth Proxy listen at 0.0.0.0:1234 for the local connection:
./cloud-sql-proxy --address 0.0.0.0 --port 1234 INSTANCE_CONNECTION_NAME
Copy your INSTANCE_CONNECTION_NAME. This can be found on the Overview page for your instance in the Google Cloud console or by running the following command:
gcloud sql instances describe INSTANCE_NAME --format='value(connectionName)'
For example: myproject:myregion:myinstance.
--private-ip
Some possible Cloud SQL Auth Proxy invocation strings:
./cloud-sql-proxy --port 1433 INSTANCE_CONNECTION_NAMEThe specified port must not already be in use, for example, by a local database server.
./cloud-sql-proxy \ --credentials-file PATH_TO_KEY_FILE INSTANCE_CONNECTION_NAME &
For more information about Cloud SQL Auth Proxy options, see Options for authenticating the Cloud SQL Auth Proxy.
To run the Cloud SQL Auth Proxy in a Docker container, use the Cloud SQL Auth Proxy Docker image available from the Google Container Registry.
You can start the Cloud SQL Auth Proxy using either TCP sockets or Unix sockets, with the commands shown below. The options use an INSTANCE_CONNECTION_NAME as the connection string to identify a Cloud SQL instance. You can find the INSTANCE_CONNECTION_NAME on the Overview page for your instance in the Google Cloud console. or by running the following command:
gcloud sql instances describe INSTANCE_NAME.
For example: myproject:myregion:myinstance.
Depending on your language and environment, you can start the Cloud SQL Auth Proxy using either TCP sockets or Unix sockets. Unix sockets are not supported for applications written in the Java programming language or for the Windows environment.
Using TCP socketsdocker run -d \\ -v PATH_TO_KEY_FILE:/path/to/service-account-key.json \\ -p 127.0.0.1:1433:1433 \\ gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.17.1 \\ --address 0.0.0.0 --port 1433 \\ --credentials-file /path/to/service-account-key.json INSTANCE_CONNECTION_NAME
If you're using the credentials provided by your Compute Engine instance, don't include the --credentials-file parameter and the -v PATH_TO_KEY_FILE:/path/to/service-account-key.json line.
Always specify 127.0.0.1 prefix in -p so that the Cloud SQL Auth Proxy is not exposed outside the local host. The "0.0.0.0" in the instances parameter is required to make the port accessible from outside of the Docker container.
docker run -d -v /cloudsql:/cloudsql \\ -v PATH_TO_KEY_FILE:/path/to/service-account-key.json \\ gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.17.1 --unix-socket=/cloudsql \\ --credentials-file /path/to/service-account-key.json INSTANCE_CONNECTION_NAME
If you're using the credentials provided by your Compute Engine instance, don't include the --credentials-file parameter and the -v PATH_TO_KEY_FILE:/path/to/service-account-key.json line.
If you are using a container optimized image, use a writeable directory in place of /cloudsql, for example:
-v /mnt/stateful_partition/cloudsql:/cloudsql
You can specify more than one instance, separated by commas. You can also use Compute Engine metadata to dynamically determine the instances to connect to. Learn more about the Cloud SQL Auth Proxy parameters.
Connect with the sqlcmd clientThe connection string you use depends on whether you started the Cloud SQL Auth Proxy using a TCP socket or Docker.
TCP socketssqlcmd -S tcp:127.0.0.1,1433 -U USERNAME -P PASSWORD
When you connect using TCP sockets, the Cloud SQL Auth Proxy is accessed through 127.0.0.1.
Need help? For help troubleshooting the proxy, see Troubleshooting Cloud SQL Auth Proxy connections, or see our Cloud SQL Support page.
Connect with an applicationYou can connect to the Cloud SQL Auth Proxy from any language that enables you to connect to a TCP socket. Below are some code snippets from complete examples on GitHub to help you understand how they work together in your application.
Connecting with TCPCloud SQL Auth Proxy invocation statement:
./cloud-sql-proxy INSTANCE_CONNECTION_NAME &Additional topics Cloud SQL Auth Proxy command-line arguments
The examples above cover the most common use cases, but the Cloud SQL Auth Proxy also has other configuration options that can be set with command-line arguments. For help on command-line arguments, use the --help flag to view the latest documentation:
./cloud-sql-proxy --help
See the README on the Cloud SQL Auth Proxy GitHub repository for additional examples of how to use Cloud SQL Auth Proxy command-line options.
Options for authenticating the Cloud SQL Auth Proxy When you authenticate the Cloud SQL Auth Proxy, you enable it to access Google Cloud on behalf of your application, using a set of Google credentials. This is separate from database user authentication.All of these options use an INSTANCE_CONNECTION_NAME as the connection string to identify a Cloud SQL instance. You can find the INSTANCE_CONNECTION_NAME on the Overview page for your instance in the Google Cloud console. or by running the following command:
gcloud sql instances describe --project PROJECT_ID INSTANCE_CONNECTION_NAME.
For example: gcloud sql instances describe --project myproject myinstance .
Some of these options use a JSON credentials file that includes the RSA private key for the account. For instructions on creating a JSON credentials file for a service account, see Creating a service account.
The Cloud SQL Auth Proxy provides several alternatives for authentication, depending on your environment. The Cloud SQL Auth Proxy checks for each of the following items, in the following order, using the first one it finds to attempt to authenticate:
--credentials-file flag to the path of the file when you start the Cloud SQL Auth Proxy. The service account must have the required permissions for the Cloud SQL instance.
To use this option on the command-line, invoke the cloud-sql-proxy command with the --credentials-file flag set to the path and filename of a JSON credential file. The path can be absolute, or relative to the current working directory. For example:
./cloud-sql-proxy --credentials-file PATH_TO_KEY_FILE \ INSTANCE_CONNECTION_NAME
For detailed instructions about adding IAM roles to a service account, see Granting Roles to Service Accounts.
For more information about the roles Cloud SQL supports, see IAM roles for Cloud SQL.
cloud-sql-proxy command with the --token flag set to an OAuth 2.0 access token. For example:
./cloud-sql-proxy --token ACCESS_TOKEN \ INSTANCE_CONNECTION_NAME
--credentials-file flag, except you specify the JSON credential file you set in the GOOGLE_APPLICATION_CREDENTIALS environment variable instead of using the --credentials-file command-line argument.If you have installed the gcloud CLI and have authenticated with your personal account, the Cloud SQL Auth Proxy can use the same account credentials. This method is especially helpful for getting a development environment up and running.
To enable the Cloud SQL Auth Proxy to use your gcloud CLI credentials, use the following command to authenticate the gcloud CLI:
gcloud auth application-default login
scope to connect using the Cloud SQL Admin API.
Configure the service account to have either of the following access scopes:
resourcemanager.projects.setIamPolicy permission. This permission is included in the Project Owner, Project IAM Admin, and Organization Administrator roles.
The private key file is downloaded to your machine. You can move it to another location. Keep the key file secure.
To connect to a Cloud SQL instance using private IP, the Cloud SQL Auth Proxy must be on a resource with access to the same VPC network as the instance.
The Cloud SQL Auth Proxy uses IP to establish a connection with your Cloud SQL instance. By default, the Cloud SQL Auth Proxy attempts to connect using a public IPv4 address.
If your Cloud SQL instance has only private IP or the instance has both public and private IP configured, and you want the Cloud SQL Auth Proxy to use the private IP address, then you must provide the following option when you start the Cloud SQL Auth Proxy:
--private-ip
You can use the Cloud SQL Auth Proxy to connect to a Cloud SQL instance with Private Service Connect enabled.
The Cloud SQL Auth Proxy is a connector that provides secure access to this instance without a need for authorized networks or for configuring SSL.
To allow Cloud SQL Auth Proxy client connections, you must set up a DNS record which matches the recommended DNS name that's provided for the instance. The DNS record is a mapping between a DNS resource and a domain name.
For more information about using the Cloud SQL Auth Proxy to connect to instances with Private Service Connect enabled, see Connect using the Cloud SQL Auth Proxy.
Run the Cloud SQL Auth Proxy in a separate processRunning the Cloud SQL Auth Proxy in a separate Cloud Shell terminal process can be useful, to avoid mixing its console output with output from other programs. Use the syntax shown below to invoke the Cloud SQL Auth Proxy in a separate process.
LinuxOn Linux or macOS, use a trailing & on the command line to launch the Cloud SQL Auth Proxy in a separate process:
./cloud-sql-proxy INSTANCE_CONNECTION_NAME
--credentials-file PATH_TO_KEY_FILE &
In Windows PowerShell, use the Start-Process command to launch the Cloud SQL Auth Proxy in a separate process:
Start-Process --filepath "cloud-sql-proxy.exe"
--ArgumentList "
--credentials-file PATH_TO_KEY_FILEINSTANCE_CONNECTION_NAME"
To run the Cloud SQL Auth Proxy in a Docker container, use the Cloud SQL Auth Proxy Docker image available from the Google Container Registry. You can install the Cloud SQL Auth Proxy Docker image using the following command:
docker pull gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.17.1
You can start the Cloud SQL Auth Proxy using either TCP sockets or Unix sockets, with the commands shown below.
Note: Unix sockets are not supported for applications written in the Java programming language or for the Windows environment. TCP sockets docker run -d \
-v PATH_TO_KEY_FILE:/path/to/service-account-key.json \
-p 127.0.0.1:1433:1433 \
gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.17.1 \
--address 0.0.0.0 \
--credentials-file /path/to/service-account-key.json \
INSTANCE_CONNECTION_NAME Unix sockets
docker run -d \
-v /PATH_TO_HOST_TARGET:/PATH_TO_GUEST_TARGET \
-v PATH_TO_KEY_FILE:/path/to/service-account-key.json \
gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.17.1 --unix-socket /cloudsql \
--credentials-file /path/to/service-account-key.json/PATH_TO_KEY_FILE \
INSTANCE_CONNECTION_NAME
If you are using a container optimized image, use a writeable directory in place of /cloudsql, for example:
v /mnt/stateful_partition/cloudsql:/cloudsql
If you are using the credentials provided by your Compute Engine instance, do not include the credential_file parameter and the -v PATH_TO_KEY_FILE:/path/to/service-account-key.json line.
Running the Cloud SQL Auth Proxy as a background service is an option for local development and production workloads. In development, when you need to access your Cloud SQL instance, you can start the service in the background and stop it when you're finished.
For production workloads, the Cloud SQL Auth Proxy doesn't currently provide built-in support for running as a Windows service, but third-party service managers can be used to run it as a service. For example, you can use NSSM to configure the Cloud SQL Auth Proxy as a Windows service, and NSSM monitors the Cloud SQL Auth Proxy and restarts it automatically if it stops responding. See the NSSM documentation for more information.
Note: If you run the Cloud SQL Auth Proxy as a service, keep in mind that it uses a secure connection to communicate with Cloud SQL instances, but connections from your application to the Cloud SQL Auth Proxy are not encrypted. For this reason, ensure that only trusted users are able to access the address and port that the Cloud SQL Auth Proxy is listening on. Connect when SSL is required Note: If a SQL Server instance has Require SSL/TLS checked, even with Cloud SQL Auth Proxy or Cloud SQL Connectors, the client application needs to have TLS/SSL configured the same way as if Cloud SQL Auth Proxy or Cloud SQL Connectors aren't involved, otherwise a connection attempt might fail. For successful connections, Cloud SQL Auth Proxy or Cloud SQL Connectors add another layer of encryption besides SQL Server's native encryption. In other words, the connection between the Proxy Client/Cloud SQL Connectors and the Proxy Server would be double-encrypted.Enable the use of the Cloud SQL Auth Proxy in Cloud SQL using ConnectorEnforcement.
If you're using a Private Service Connect-enabled instance, then there's a limitation. If the instance has connector enforcement enabled, then you can't create read replicas for the instance. Similarly, if the instance has read replicas, then you can't enable connector enforcement for the instance.
gcloudThe following command enforces the use of Cloud SQL connectors.
gcloud sql instances patch INSTANCE_NAME \
--connector-enforcement REQUIRED
To disable the enforcement, use the following line of code: --connector-enforcement NOT_REQUIRED The update doesn't trigger a restart.
The following command enforces the use of Cloud SQL connectors
Before using any of the request data, make the following replacements:
HTTP method and URL:
PATCH https://sqladmin.googleapis.com/v1/projects/project-id/instances/instance-id
Request JSON body:
{
"settings": {
"connectorEnforcement": "REQUIRED"
}
}
To send your request, expand one of these options:
curl (Linux, macOS, or Cloud Shell) Note: The following command assumes that you have logged in to thegcloud CLI with your user account by running gcloud init or gcloud auth login , or by using Cloud Shell, which automatically logs you into the gcloud CLI . You can check the currently active account by running gcloud auth list.
Save the request body in a file named request.json, and execute the following command:
curl -X PATCH \PowerShell (Windows) Note: The following command assumes that you have logged in to the
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json; charset=utf-8" \
-d @request.json \
"https://sqladmin.googleapis.com/v1/projects/project-id/instances/instance-id"
gcloud CLI with your user account by running gcloud init or gcloud auth login . You can check the currently active account by running gcloud auth list.
Save the request body in a file named request.json, and execute the following command:
$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }Invoke-WebRequest `
-Method PATCH `
-Headers $headers `
-ContentType: "application/json; charset=utf-8" `
-InFile request.json `
-Uri "https://sqladmin.googleapis.com/v1/projects/project-id/instances/instance-id" | Select-Object -Expand Content
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/v1/projects/project-id/instances/instance-id",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-16T02:32:12.281Z",
"operationType": "UPDATE",
"name": "operation-id",
"targetId": "instance-id",
"selfLink": "https://sqladmin.googleapis.com/v1/projects/project-id/operations/operation-id",
"targetProject": "project-id"
}
To disable the enforcement, use "connectorEnforcement": "NOT_REQUIRED" instead. The update does not trigger a restart.
The following command enforces the use of Cloud SQL connectors.
Before using any of the request data, make the following replacements:
HTTP method and URL:
PATCH https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id
Request JSON body:
{
"settings": {
"connectorEnforcement": "REQUIRED"
}
}
To send your request, expand one of these options:
curl (Linux, macOS, or Cloud Shell) Note: The following command assumes that you have logged in to thegcloud CLI with your user account by running gcloud init or gcloud auth login , or by using Cloud Shell, which automatically logs you into the gcloud CLI . You can check the currently active account by running gcloud auth list.
Save the request body in a file named request.json, and execute the following command:
curl -X PATCH \PowerShell (Windows) Note: The following command assumes that you have logged in to the
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json; charset=utf-8" \
-d @request.json \
"https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id"
gcloud CLI with your user account by running gcloud init or gcloud auth login . You can check the currently active account by running gcloud auth list.
Save the request body in a file named request.json, and execute the following command:
$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }Invoke-WebRequest `
-Method PATCH `
-Headers $headers `
-ContentType: "application/json; charset=utf-8" `
-InFile request.json `
-Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id" | Select-Object -Expand Content
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-16T02:32:12.281Z",
"operationType": "UPDATE",
"name": "operation-id",
"targetId": "instance-id",
"selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id/operations/operation-id",
"targetProject": "project-id"
}
To disable the enforcement, use "connectorEnforcement": "NOT_REQUIRED" instead. The update does not trigger a restart.
You can use one local Cloud SQL Auth Proxy client to connect to multiple Cloud SQL instances. The way you do this depends on whether you are using Unix sockets or TCP.
TCP socketsWhen you connect using TCP, you specify a port on your machine for the Cloud SQL Auth Proxy to listen on for each Cloud SQL instance. When connecting to multiple Cloud SQL instances, each port specified must be unique and available for use on your machine.
For example:
# Start the Cloud SQL Auth Proxy to connect to two different Cloud SQL instances.
# Give the Cloud SQL Auth Proxy a unique port on your machine to use for each Cloud SQL instance.
./cloud-sql-proxy "myProject:us-central1:myInstance?port=1433" \
"myProject:us-central1:myInstance2?port=1234"
# Connect to "myInstance" using port 1433 on your machine:
sqlcmd -U myUser -S "127.0.0.1,1433"
# Connect to "myInstance2" using port 1234 on your machine:
sqlcmd -U myUser -S "127.0.0.1,1234"
Troubleshoot Cloud SQL Auth Proxy connections
The Cloud SQL Auth Proxy Docker image is based on a specific version of the Cloud SQL Auth Proxy. When a new version of the Cloud SQL Auth Proxy becomes available, pull the new version of the Cloud SQL Auth Proxy Docker image to keep your environment up to date. You can see the current version of the Cloud SQL Auth Proxy by checking the Cloud SQL Auth Proxy GitHub releases page.
If you are having trouble connecting to your Cloud SQL instance using the Cloud SQL Auth Proxy, here are a few things to try to find what's causing the problem.
Verify that you're using the IP address to connect to the instance, and not the write endpoint.
Check the Cloud SQL Auth Proxy output.
Often, the Cloud SQL Auth Proxy output can help you determine the source of the problem and how to solve it. Pipe the output to a file, or watch the Cloud Shell terminal where you started the Cloud SQL Auth Proxy.
If you are getting a 403 notAuthorized error, and you are using a service account to authenticate the Cloud SQL Auth Proxy, make sure the service account has the correct permissions.
You can check the service account by searching for its ID on the IAM page. It must have the cloudsql.instances.connect permission. The Cloud SQL Admin, Client and Editor predefined roles have this permission.
If you are connecting from App Engine and are getting a 403 notAuthorized error, check the app.yaml value cloud_sql_instances for a misspelled or incorrect instance connection name. Instance connection names are always in the format PROJECT:REGION:INSTANCE.
Also, check that the App Engine service account (for example, $PROJECT_ID@appspot.gserviceaccount.com) has the Cloud SQL Client IAM role.
If the App Engine service lives in one project (project A) and the database lives in another (project B), this error means the App Engine service account has not been given the Cloud SQL Client IAM role in the project with the database (project B).
Make sure to enable the Cloud SQL Admin API.
If it is not, you see output like Error 403: Access Not Configured in your Cloud SQL Auth Proxy logs.
If you are including multiple instances in your instances list, make sure you are using a comma as a delimiter, with no spaces. If you are using TCP, make sure you are specifying different ports for each instance.
If you are connecting using UNIX sockets, confirm that the sockets were created by listing the directory you provided when you started the Cloud SQL Auth Proxy.
If you have an outbound firewall policy, make sure it allows connections to port 3307 on the target Cloud SQL instance.
Note: The Cloud SQL Auth Proxy uses 3307 to connect to the Cloud SQL Auth Proxy server. Port1433 is the default port for the SQL Server protocol over a direct TCP connection (not using the Cloud SQL Auth Proxy).You can confirm that the Cloud SQL Auth Proxy started correctly by looking in the logs under the Operations > Logging > Logs explorer section of the Google Cloud console. A successful operation looks like the following:
2021/06/14 15:47:56 Listening on /cloudsql/$PROJECT_ID:$REGION:$INSTANCE_NAME/1433 for $PROJECT_ID:$REGION:$INSTANCE_NAME
2021/06/14 15:47:56 Ready for new connections
Quota issues: When the Cloud SQL Admin API quota is breached, the Cloud SQL Auth Proxy starts up with the following error message:
There was a problem when parsing a instance configuration but ignoring due
to the configuration. Error: googleapi: Error 429: Quota exceeded for quota
metric 'Queries' and limit 'Queries per minute per user' of service
'sqladmin.googleapis.com' for consumer 'project_number:$PROJECT_ID.,
rateLimitExceeded
Once an application connects to the proxy, the proxy reports the following error:
failed to refresh the ephemeral certificate for $INSTANCE_CONNECTION_NAME:
googleapi: Error 429: Quota exceeded for quota metric 'Queries' and limit
'Queries per minute per user' of service 'sqladmin.googleapis.com' for
consumer 'project_number:$PROJECT_ID., rateLimitExceeded
Solution: Either identify the source of the quota problem, for example, an application is misusing the connector and unnecessarily creating new connections, or contact support to request an increase to the Cloud SQL Admin API quota. If the quota error appears on startup, you must re-deploy the application to restart the proxy. If the quota error appears after startup, a re-deploy is unnecessary.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4