[cstpdk]

But, correct me if this has changed please, last i checked Cloud Run did not support private networks. So you SQL instance has to be exposed to the internet, correct?

[chimera77]

Your Cloud SQL instance would have a public IP, but would not be exposed to the internet. All traffic is blocked by default. Only GCP service accounts with the right permissions can make connections to your SQL instance, or IPs added to a whitelist (not recommended).

[cstpdk]

Ah, thanks for clearing that up, I was unaware. How is the traffic blocked by default? Firewall layer?

[helpfulgoogler]

Yes. There is a proxy in front of the database which only allows whitelisted traffic (dangerous) or traffic with a valid cert (safe).

[dstaley]

Yes, Cloud Run requires your Cloud SQL instance to have a public IP address.