从另一个 GCP 项目访问 Cloud SQL [英] Accessing Cloud SQL from another GCP project
问题描述
我想从不同的 GCP 项目连接到 Cloud SQL.
I want to connect to Cloud SQL from a different GCP project.
Cloud SQL 位于 ProjectSQL 中,ProjectSQL 项目中有一个名为 sql_vpc 的 VPC 网络
Cloud SQL is location in ProjectSQL and a VPC network is there in ProjectSQL project with name sql_vpc
还有另一个项目 ProjectDataflow,它有一个 vpc dataflow_vpc.我想使用在 ProjectDataflow 项目中启动的 VM 从 ProjectSQL 连接到 cloudSQL
There is another project ProjectDataflow and this has a vpc dataflow_vpc. I want to connect to cloudSQL from ProjectSQL with the VM launched in ProjectDataflow project
我尝试过的成功和失败的事情.
Things I have tried with success and failure.
私人访问:
VPC 对等:
Enable Private IP access in Cloud with the vpc sql_vpc
Creating VPC peering between dataflow_vpc and sql_vpc
This solution does not work because you can not access the Peered Network.
https://cloud.google.com/sql/docs/mysql/private-ip
Status: FAILED
共享网络
As per doc I can create the CloudSQL in shared VPC network, that says I
have to create the CloudSQL in host project, and to access the Cloud
SQL from VM instance, it has be in the same network as of authorized
private ip network of Cloud SQL
Status: NOT TRIED but looks to be Negative
公共访问:
Create a Cloud NAT in ProjectDataflow with dataflow_vpc with manual IP
Use the Cloud NAT public ip to whitelist in CloudSQL instance
Now I can access the CloudSQL from project ProjectDataflow using CloudSQL Public IP
STATUS: Success
请分享您从其他项目访问 Cloud SQL 的经验.是否有从另一个 gcp 项目连接云 SQL 的最佳实践?
Please share your experience accessing Cloud SQL from another project. Is there any best practice to connect cloud SQL from another gcp project?
推荐答案
较新的实例似乎默认启用了此选项,不再需要联系支持人员.但是,如果在完成所有过程后,设置仍然无法正常工作,则可能需要联系支持人员.
Newer instances seem to be having this option enabled by default and there's no need to contact support anymore. However, if after all the process, the setup is still not working, it may be needed to contact support.
将 Cloud SQL 与另一个 GCP 项目互连的过程非常简单,遵循 文档.为了使其工作,您需要考虑的唯一一件事是您必须请求 Google Cloud Support 为您的 Cloud SQL 运行在其中的 Cloud SQL 散斑伞实例启用自定义路由,否则您将无法能够在您的 GCP 项目中访问您的 Cloud SQL.
The process of interconnecting a Cloud SQL with another GCP project it is pretty straightforward following the documentation. The only thing you need to take into consideration in order to make it work is that you will have to request Google Cloud Support to enable custom routes for your Cloud SQL speckle umbrella instance in which your Cloud SQL is running under otherwise you won’t be able to access your Cloud SQL within your GCP project.
以下步骤对您有用:
-为 Cloud SQL 实例配置 VPC
在您拥有 Cloud SQL 实例的项目中,创建一个具有您想要的 IP 地址范围的 VPC 网络.选择相同您的实例所在的 VPC 的区域.
Inside the project where you have your Cloud SQL instance, create a VPC network with the ip address range of your desire. Choose the same zone for the VPC in which your instance is located.
-为 GCP 项目配置 VPC
现在切换到您的 CloudDataflow 实例所在的项目并遵循相同的过程.创建 VPC 网络时要小心IP 范围不会相互冲突.您可以使用以下工具检查 IP 地址范围是否冲突.还要考虑两个 VPC 网络必须在同一地区.
Now switch to the project where your CloudDataflow instance is located and follow the same process. Create the VPC network being careful that the IP ranges do not collide between each other. You can use the following tool to check if the IP addresses range collide. Also take into consideration that both VPC networks must be in the same zone.
-通过对等互连连接两个项目的 VPC
创建两个 VPC 网络后,需要配置 VPC来自两个项目的网络对等互连.从 Cloud SQL 实例端,配置指定项目和 VPC 网络名称的对等互连连接并选择导出自定义路由的选项.这对等互连的另一部分(在本例中为您的 GCP 项目)将了解您的 Cloud SQL 实例.现在,从 GCP 项目一边,配置指定 Cloud SQL 项目名称的对等互连,以及要连接的 VPC 网络名称.与我们对Cloud SQL 对等互连,我们必须设置对等互连以导入自定义路由,因为它将接收来自另一端的导出路由连接,在我们的例子中是您的 Cloud SQL 实例.
Once both VPC networks are created it is needed to configure the VPC network peering from both projects. From the Cloud SQL instance side, configure the peering specifying the project and VPC network name to connect with and also select the option to export custom routes. This way the other part of the peering, in this case your GCP project, will have visibility of your Cloud SQL instance. Now, from the GCP project side, configure the peering specifying the Cloud SQL project name and the VPC network name to connect with. The same way we did with the Cloud SQL peering, we have to set up the peering to import custom routes as it will receive exported routes coming from the other side of the connection, which in our case is your Cloud SQL instance.
此处您可以查看有关在任何 VPC 网络对等互连之间导入和导出路由.
Here you can check more information about importing and exporting routes between any VPC network peerings.
-请求 Google Cloud 支持为您启用 Cloud SQL 的交换自定义路由
联系 Google Cloud 支持并要求他们启用与相关联的斑点伞 VPC 网络的自定义路由您在 Cloud SQL 上自动创建的实例实例已创建.
Reach Google Cloud Support and ask them to enable the exchange of custom routes for your speckle-umbrella VPC network associated with your instance that is automatically created upon the Cloud SQL instance is created.
考虑到最后一步非常重要,所有 SQL 项目都在伞形项目下运行,因此如果不请求 Google Cloud 支持为您的实例启用交换自定义路由,这将永远无法工作.
Take into consideration that this last step is very important, all SQL projects run under the umbrella project, hence without requesting Google Cloud Support to enable the exchange custom routes for your instance this will never work.
对于共享 VPC,您唯一需要考虑的是,您需要在创建 Cloud SQL 实例后启用该选项,因为您之后无法添加它.
As for Shared VPC, the only thing you need to take into consideration is that you need to enable the option once creating your Cloud SQL instance as you can’t add it afterwards.
您可以在以下链接
You will find a configuration guide for Shared VPC in the following link.
这篇关于从另一个 GCP 项目访问 Cloud SQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
