关于创建 VPC 访问连接器的困惑
[英]Confusion Around Creating a VPC Access Connector
问题描述
I am trying to set up Serverless VPC access
我正在尝试设置无服务器 VPC 访问
Serverless VPC Access enables you to connect from your Cloud Functions directly to Compute Engine VM instances, Memorystore instances, Cloud SQL instances,
Sounds great.听起来不错。 But the documentation is not super friendly to a beginner.但是文档对初学者来说并不是超级友好。 Step 2 is to create a connector, about which I have a couple of questions:第 2 步是创建一个连接器,对此我有几个问题:
In the Network field, select the VPC.network to connect to.
My dropdown here contains only "Default".我的下拉列表仅包含“默认”。 Is this normal?这是正常的吗? What should IO expect to see here? IO 应该在这里看到什么?
In the IP range field, enter an unused CIDR /28 IP range.
I don't know what to do here.我不知道在这里做什么。 I tried using the information in the linked document to first) enter an IP from the region I had selected, and, second) enter an IP from outside that region.我尝试使用链接文档中的信息首先)从我选择的区域输入 IP,然后)从该区域外输入 IP。 Both resulted in connectors that were created with the error.两者都导致创建的连接器出现错误。 " Connector is in a bad state, manual deletion is recommended " “ Connector is in a bad state, manual deletion is recommended ”
The documentation continues with a couple of troubleshooting steps if the creation fails:如果创建失败,文档将继续执行几个故障排除步骤:
Specify an IP range that does not overlap with any existing IP address reservations in the VPC.network.
I don't know what this means.我不知道这是什么意思。 Maybe like, if I have other connectors I should be sure the IP range for the new one doesn't overlap with those.也许就像,如果我有其他连接器,我应该确保新连接器的 IP 范围不会与那些重叠。 That's just a guess, but anyway I have none.这只是一个猜测,但无论如何我没有。
Grant your project permission to use Compute Engine VM images from the project with ID serverless-vpc-access-images.
This leads me to another document about updating my organization's "Image Policy".这让我看到了另一份关于更新我的组织的“形象政策”的文件。 This one has me so out of my depth, I don't even think I should be here.这件事让我无法理解,我什至认为我不应该来这里。
This has all started with just wanting to connect to a SQL Server instance from Firebase .这一切都始于只想从 Firebase 连接到 SQL 服务器实例。 Creating the VPC connector seems like a good step, but I've just fallen at every hurdle.创建 VPC 连接器似乎是一个很好的步骤,但我遇到了每一个障碍。 Can a cloud-dweller please help me with a few of these points of confusion?云居民可以帮助我解决其中的一些困惑吗?
2 个解决方案
解决方案1
9 2020-01-04 04:10:13
I think you've resolved the issue but I will write an answer to summarize all the steps for future reference.我认为您已经解决了问题,但我会写一个答案来总结所有步骤以供将来参考。
1. Create a Serverless VPC Access 1. 创建无服务器 VPC 访问
I think the best reference is to follow the steps in this doc .我认为最好的参考是按照本文档中的步骤操作。 In step 7 , it says the following:在第7步,它说如下:
In the IP range field, enter an unreserved CIDR /28 IP range.
The IP you can use is for example 10.8.0.0/28 or even 10.64.0.0/28 with the condition it is not in use for any other network.例如,您可以使用的 IP 是 10.8.0.0/28 甚至 10.64.0.0/28,条件是它没有用于任何其他网络。 You can check which IPs are in use going to VPC Network > VPC networks .您可以转到VPC 网络 > VPC 网络检查正在使用的 IP。 In the Network field you will have the "default" option so it's okay.在网络字段中,您将拥有“默认”选项,所以没关系。
This can take some minutes, so in the meantime you can create your SQL Server/MySQL/PostgreSQL instance.这可能需要几分钟时间,因此在此期间您可以创建 SQL Server/MySQL/PostgreSQL 实例。
2. Creating a CloudSQL instance 2. 创建 CloudSQL 实例
Create your desired instance ( MySQL / PostgreSQL / SQL Server ).创建所需的实例 ( MySQL / PostgreSQL / SQL Server )。 In your case it will be a SQL Server instance.在您的情况下,它将是一个 SQL Server 实例。 Also check these steps to configure the Private IP for your instance at creation time or if you have created an instance you can check this .还要检查这些步骤以在创建时为您的实例配置私有 IP,或者如果您已经创建了一个实例,您可以检查这个。 Take note of the Private IP as you will use it later.记下私有 IP,因为您稍后将使用它。
3. Create a Cloud function 3. 创建一个云函数
Before creating your Cloud Function, you have to grant permission to the CF service account to use the VPC.在创建 Cloud Function 之前,您必须授予 CF 服务帐户使用 VPC 的权限。 Please follow these steps .请按照以下步骤操作。
Then follow these steps to configure the connector of your function to use the VPC.然后按照以下步骤配置函数的连接器以使用 VPC。 In step 5 it says the following:在第 5 步中,它说如下:
In the VPC connector field, enter the fully-qualified name of your connector in the following format:
projects/PROJECT_ID/locations/REGION/connectors/CONNECTOR_NAME
It is not necessary to add your VPC with this format.无需使用此格式添加您的 VPC。 There is already a list where you can choose your VPC.已经有一个列表,您可以在其中选择您的 VPC。 Finally deploy your function.最后部署你的函数。
I wrote a little function to test the connection.我写了一个小函数来测试连接。 I would prefer to use Python but it needs more system dependencies than NodeJS.我更喜欢使用 Python,但它比 NodeJS 需要更多的系统依赖项。
index.js :索引.js :
var express = require('express');
var app = express();
var sql = require("mssql");
exports.helloWorld = (req, res) => {
var config = {
user: 'sqlserver',
password: 'password',
server: 'Your.SQL.Priavte.IP',
database: 'dbname'
};
// connect to your database
sql.connect(config, function (err) {
if (err) console.log(err);
// create Request object
var request = new sql.Request();
// query to the database and get the records
request.query('select * from a_table', function (err, recordset) {
if (err) console.log(err)
// send records as a response
res.send(recordset);
});
});
};
package.json :包.json :
{
"name": "sample-http",
"version": "0.0.1",
"dependencies": {
"express": "4.17.1",
"mssql": "6.0.1"
}
}
And that's all!就这样! :D :D
It's important to mention that this procedure is more about connecting Cloud Functions to SQL Server as there is already an easier way to connect CF to PostgreSQL and MySQL.值得一提的是,此过程更多地是关于将 Cloud Functions 连接到 SQL Server,因为已经有一种更简单的方法将 CF 连接到 PostgreSQL 和 MySQL。
解决方案2
0 2023-01-16 10:00:17
I discovered that there exists a hard limit on how many IP you can use for such connectors.我发现对于此类连接器可以使用多少个 IP 存在硬性限制。 You can increase quota or you can switch to other region.您可以增加配额,也可以切换到其他区域。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.