从另一个GCP项目访问Cloud SQL [英] Accessing Cloud SQL from another GCP project

问题描述

我想从另一个GCP项目连接到Cloud SQL.

I want to connect to Cloud SQL from a different GCP project.

Cloud SQL位于ProjectSQL中，而VPC网络位于ProjectSQL项目中，名称为sql_vpc

Cloud SQL is location in ProjectSQL and a VPC network is there in ProjectSQL project with name sql_vpc

还有另一个项目ProjectDataflow，它有一个vpc dataflow_vpc.我想使用ProjectDataflow项目中启动的VM从ProjectSQL连接到cloudSQL

There is another project ProjectDataflow and this has a vpc dataflow_vpc. I want to connect to cloudSQL from ProjectSQL with the VM launched in ProjectDataflow project

我尝试过的成功和失败的事情.

Things I have tried with success and failure.

私人访问:

VPC对等:

Enable Private IP access in Cloud with the vpc sql_vpc
Creating VPC peering between dataflow_vpc and sql_vpc
This solution does not work because you can not access the Peered Network.
https://cloud.google.com/sql/docs/mysql/private-ip
Status: FAILED

共享网络

As per doc I can create the CloudSQL in shared VPC network, that says I 
have to create the CloudSQL in host project, and to access the Cloud 
SQL from  VM instance, it has be in the same network as of authorized 
private ip network of Cloud SQL
Status: NOT TRIED but looks to be Negative

公共访问:

Create a Cloud NAT in ProjectDataflow with dataflow_vpc with manual IP
Use the Cloud NAT public ip to whitelist in CloudSQL instance
Now I can access the CloudSQL from project ProjectDataflow using CloudSQL Public IP
STATUS: Success

请分享您从另一个项目访问Cloud SQL的经验. 是否有最佳实践来连接来自另一个gcp项目的云SQL?

Please share your experience accessing Cloud SQL from another project. Is there any best practice to connect cloud SQL from another gcp project?

推荐答案

较新的实例似乎默认情况下启用了此选项，并且不再需要与支持人员联系.但是，如果在完成所有过程后仍无法进行设置，则可能需要与支持人员联系.

Newer instances seem to be having this option enabled by default and there's no need to contact support anymore. However, if after all the process, the setup is still not working, it may be needed to contact support.

通过

The process of interconnecting a Cloud SQL with another GCP project it is pretty straightforward following the documentation. The only thing you need to take into consideration in order to make it work is that you will have to request Google Cloud Support to enable custom routes for your Cloud SQL speckle umbrella instance in which your Cloud SQL is running under otherwise you won’t be able to access your Cloud SQL within your GCP project.

以下步骤将为您工作:

-为Cloud SQL实例配置VPC

在拥有Cloud SQL实例的项目中，创建一个 VPC网络具有您想要的ip地址范围.选择相同 您的实例所在的VPC的区域.

Inside the project where you have your Cloud SQL instance, create a VPC network with the ip address range of your desire. Choose the same zone for the VPC in which your instance is located.

-为GCP项目配置VPC

现在切换到CloudDataflow实例所在的项目 并遵循相同的过程.小心创建VPC网络 IP范围不会相互冲突.您可以使用以下工具来 检查IP地址范围是否冲突.也要考虑 两个VPC网络必须位于同一区域.

Now switch to the project where your CloudDataflow instance is located and follow the same process. Create the VPC network being careful that the IP ranges do not collide between each other. You can use the following tool to check if the IP addresses range collide. Also take into consideration that both VPC networks must be in the same zone.

-通过对等连接两个项目的VPC

一旦创建了两个VPC网络，就需要配置VPC 两个项目的网络对等.在Cloud SQL实例方面， 将指定项目和VPC网络名称的对等配置为 连接并选择导出自定义路线的选项.这 对等的另一部分(在本例中为您的GCP项目)将 可以了解您的Cloud SQL实例.现在，从GCP项目 方面，配置对等连接并指定Cloud SQL项目名称，并 要连接的VPC网络名称.我们对 Cloud SQL对等，我们必须设置对等才能导入自定义 路由，因为它将接收来自另一端的导出路由 连接，在我们的例子中是您的Cloud SQL实例.

Once both VPC networks are created it is needed to configure the VPC network peering from both projects. From the Cloud SQL instance side, configure the peering specifying the project and VPC network name to connect with and also select the option to export custom routes. This way the other part of the peering, in this case your GCP project, will have visibility of your Cloud SQL instance. Now, from the GCP project side, configure the peering specifying the Cloud SQL project name and the VPC network name to connect with. The same way we did with the Cloud SQL peering, we have to set up the peering to import custom routes as it will receive exported routes coming from the other side of the connection, which in our case is your Cloud SQL instance.

此处，您可以查看有关的更多信息在任何VPC网络对等体之间导入和导出路由.

Here you can check more information about importing and exporting routes between any VPC network peerings.

-请求Google Cloud支持以为您启用Cloud SQL的交换自定义路由

达到Google Cloud支持并要求他们启用以下功能: 与您的散斑伞VPC网络相关的自定义路由 您根据Cloud SQL自动创建的实例 实例已创建.

Reach Google Cloud Support and ask them to enable the exchange of custom routes for your speckle-umbrella VPC network associated with your instance that is automatically created upon the Cloud SQL instance is created.

请注意，这最后一步非常重要，所有SQL项目都在伞式项目下运行，因此，无需请求Google Cloud Support为您的实例启用交换自定义路由，这将永远无法进行.

Take into consideration that this last step is very important, all SQL projects run under the umbrella project, hence without requesting Google Cloud Support to enable the exchange custom routes for your instance this will never work.

对于共享VPC，您唯一需要考虑的事情是，一旦创建Cloud SQL实例，就需要启用该选项，因为以后将无法添加它.

As for Shared VPC, the only thing you need to take into consideration is that you need to enable the option once creating your Cloud SQL instance as you can’t add it afterwards.

您将在以下链接中找到共享VPC的配置指南.

这篇关于从另一个GCP项目访问Cloud SQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！