stackoom
  简体   繁体   中英

Cloud SQL Connection within different projects

 原文  2020-09-21 07:01:15       google-cloud-platform/ google-cloud-sql

Question

Problem : Hello, I have recently started using GCP. For a task, it is requied to connect my cloud sql instance with only private-ip present in my 'prod' project in 'vpc2' to an vm launched in diff project 'dev' in 'vpc1'.

Solution attempt: I have made a private service connection from 'vpc2' for providing private-ip to my sql instance. and also i have done vpc peering b/w vpc1 & vpc2 with import/export of custom routes enabled. But i am unable to access sql from vm.Curently i dont want to use shared vpc or sql proxy feature.

Thanks.

2 answers

solution1
 2 ACCPTED  2020-09-21 09:29:58

Actually, when you create a private IP for your Cloud SQL database, you create a peering between your VPC.network and the Google Managed Network for your Cloud SQL instances. Therefore, you can't create another peering because you break the peering transitivity rule

Only directly peered.networks can communicate. Transitive peering is not supported. In other words, if VPC.network N1 is peered with N2 and N3, but N2 and N3 are not directly connected, VPC.network N2 cannot communicate with VPC.network N3 over VPC Network Peering.

There is several solution for this:

  • Set a public IP on the Cloud SQL instance, without any allowed.network (for security reason) and use Cloud SQL proxy in your Dev project. It will be able to connect to the CLoud SQL instance through the public IP and with an encrypted protocol. But you don't want to use Cloud SQL proxy; and in addition you need to add a public IP on your prod Cloud SQL instance, you might be not authorized to do this!
  • Set up a Shared VPC. But it's not very easy to manage with lot of service limitation. And you don't want to use this solution
  • My latest bullet is to set up a Cloud VPN between your projects. It's a workaround but it works fine.

solution2
 0  2022-12-06 14:48:06

I had a similar problem, I have 2 projects A and B, and I needed to access the cloud sql instance in project B from project AI created a simple VPN instance with pritunl,configured the routes inside pritunl, after that I just created a VPN Ipsec between project A and B, with custom routes to the cloud sql, and it worked, now I can access the database using internal IP from my laptop locally.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question GCP: Connection to Cloud SQL Import Data into Cloud SQL Using Cloud SQL Client Connection Ended Error running: .\cloud_sql_proxy.exe for cloud sql connection Cloud SQL connection with SQL Alchemy not working terraform google cloud run add cloud sql connection Cloud SQL Proxy connection timesout occasionaly GCP cloud sql postgres connection count missing Error from Google Authentication in cloud sql connection GCP Cloud Run Cloud - Cloud SQL instance "${process.env.INSTANCE_CONNECTION_NAME}" is not reachable Django on Google App Engine connection to Cloud SQL, cannot connect
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM