无法在 GCP 上重新创建 Private Service Access

Unable to recreate Private Service Access on GCP

按照 https://cloud.google.com/vpc/docs/configure-private-services-access 的指南,我成功地创建了私人服务访问连接。但是,第二次(在删除现有错误之后),我遇到了一个无法在任何地方找到引用的神秘错误。这是错误:

Cannot modify reserved ranges in CreateConnection. Please use UpdateConnection.

您遇到的错误是预料之中的,因为目前无法在创建后修改您保留的范围。这是在 GCP official documentation 上收集的:

After you have established a private services access connection, and created a Cloud SQL instance with private IP configured for that connection, the corresponding (internal) subnet and range used by the Cloud SQL service cannot be modified or deleted. This is true even if you delete the peering and your IP range.

目前有一个 public Feature Request 因为更多的用户报告相同。

现在,当前的 "solution" 是像您一样为此创建另一个 VPC。

我因错误地删除对等互连而遇到了同样的问题...

但是,可以通过更新 gcloud SDK 和 运行 gcloud 命令来重新连接对等(或更新对等):

$ gcloud components update

$ gcloud services vpc-peerings connect --service=servicenetworking.googleapis.com --ranges=[private_connection_range_name] --network=[vpc_network_name] --project=[project_name]

ERROR: (gcloud.services.vpc-peerings.connect) The operation "operations/pssn.XXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXX" resulted in a failure "Cannot modify allocated ranges in CreateConnection. Please use UpdateConnection.".

Details: "[]".

$ gcloud services vpc-peerings update --service=servicenetworking.googleapis.com --ranges=[private_connection_range_name] --network=[vpc_network_name] --project=[project_name] --force

Operation "operations/pssn.XXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXX" finished Successfully.

查找您的专用连接范围名称:

gcloud compute addresses list --global --filter="purpose=VPC_PEERING"

如果您没有手动创建一个,默认情况下,名称是: google-managed-services-[vpc_network_name]

来源:https://cloud.google.com/vpc/docs/configure-private-services-access

一旦 googleapis 对等互连启动,CloudSQL 对等互连也会单独启动

此致。

使用以下命令更新您的连接。无需重新创建新的 VPC

gcloud beta services vpc-peerings update \
    --service=servicenetworking.googleapis.com \
    --ranges=[your-private-connection-range-name] \
    --network=[your-vpc-name] \
    --project=[your-project-id] \
    --force