无法使用cloud_sql_proxy从容器连接到云SQL

Question

因此，由于某些原因，我无法通过cloud_sql_proxy连接到SQL实例。

我尝试在telnet 127.0.0.1 3306容器上进行wordpress（通过kubectl exec ...）：

bash-4.3# telnet 127.0.0.1 3306
Connection closed by foreign host

即使我kubectl exec..进入cloudsql-proxy容器，我也会得到与上面相同的行为。

然而，在本地做这件事工作正常。

我如何诊断这个问题，可能是什么原因？

这是我的容器配置（在部署中）：

containers:
    - image: eu.gcr.io/abcxyz/wordpress:initial
      name: wordpress
      imagePullPolicy: "Always"
      env:
        - name: WORDPRESS_HOST
          value: localhost
        - name: WORDPRESS_DB_USERNAME
          valueFrom:
            secretKeyRef:
              name: cloudsql-db-credentials
              key: username
      volumeMounts:
        - name: wordpress-persistent-storage
          mountPath: /var/www/html
    - image: eu.gcr.io/abcxyz/nginx:initial
      name: nginx
      imagePullPolicy: "Always"
      ports:
        - containerPort: 80
          name: nginx
      volumeMounts:
        - name: wordpress-persistent-storage
          mountPath: /var/www/html
    - image: gcr.io/cloudsql-docker/gce-proxy:1.09
      name: cloudsql-proxy
      command: ["/cloud_sql_proxy", "--dir=/cloudsql",
                "-instances=abcxyz:europe-west1:wordpressdb=tcp:3306",
                "-credential_file=/secrets/cloudsql/credentials.json"]
      volumeMounts:
        - name: cloudsql-instance-credentials
          mountPath: /secrets/cloudsql
          readOnly: true
        - name: ssl-certs
          mountPath: /etc/ssl/certs
        - name: cloudsql
          mountPath: /cloudsql

如果从cloudsql-proxy获取日志，我会看到以下内容：

   2017/08/11 12:55:03 New connection for "abcxyz:europe-west1:wordpressdb"
   2017/08/11 12:55:03 couldn't connect to "abcxyz:europe-west1:wordpressdb": ensure that the account has access to "abcxyz:europe-west1:wordpressdb" (and make sure there's no typo in that name). Error during createEphemeral for abcxyz:europe-west1:wordpressdb: googleapi: Error 403: The client is not authorized to make this request., notAuthorized

相关服务帐户具有Cloud SQL Admin权限。