从另一个 GCP 项目访问云 SQL
Accessing Cloud SQL from another GCP project
我想从不同的 GCP 项目连接到云 SQL。
Cloud SQL 位于 ProjectSQL 中,VPC 网络位于 ProjectSQL 项目中,名称为 sql_vpc
还有另一个项目 ProjectDataflow,它有一个 vpc dataflow_vpc。我想使用在 ProjectDataflow 项目
中启动的 VM 从项目SQL 连接到云SQL
我尝试过的成功和失败的事情。
私人访问:
VPC 对等:
Enable Private IP access in Cloud with the vpc sql_vpc
Creating VPC peering between dataflow_vpc and sql_vpc
This solution does not work because you can not access the Peered Network.
https://cloud.google.com/sql/docs/mysql/private-ip
Status: FAILED
共享网络
As per doc I can create the CloudSQL in shared VPC network, that says I
have to create the CloudSQL in host project, and to access the Cloud
SQL from VM instance, it has be in the same network as of authorized
private ip network of Cloud SQL
Status: NOT TRIED but looks to be Negative
Public访问:
Create a Cloud NAT in ProjectDataflow with dataflow_vpc with manual IP
Use the Cloud NAT public ip to whitelist in CloudSQL instance
Now I can access the CloudSQL from project ProjectDataflow using CloudSQL Public IP
STATUS: Success
请分享您从另一个项目访问 Cloud SQL 的经验。
是否有从另一个 gcp 项目连接云 SQL 的最佳实践?
编辑:
较新的实例似乎默认启用此选项,无需再联系支持人员。但是,如果在所有过程之后,设置仍然无法正常工作,可能需要联系支持人员。
重要提示:VPC 对等选项将不再起作用,如文档中所述,更准确地说在 Considerations topic 中。那么实现它的唯一可用选项是使用共享 VPC
将云 SQL 与另一个 GCP 项目互连的过程在 documentation 之后非常简单。为了使其正常工作,您唯一需要考虑的是您必须请求 Google 云支持为您的云 SQL 散斑伞实例启用自定义路由,其中您的云 SQL 是 运行ning,否则您将无法在 GCP 项目中访问您的云 SQL。
以下步骤适合您:
-为云配置 VPC SQL 实例
Inside the project where you have your Cloud SQL instance, create a
VPC network with the ip address range of your desire. Choose the same
zone for the VPC in which your instance is located.
-为GCP项目配置VPC
Now switch to the project where your CloudDataflow instance is located
and follow the same process. Create the VPC network being careful that
the IP ranges do not collide between each other. You can use the following tool to
check if the IP addresses range collide. Also take into consideration
that both VPC networks must be in the same zone.
-用peering连接两个项目的VPC
Once both VPC networks are created it is needed to configure the VPC
network peering from both projects. From the Cloud SQL instance side,
configure the peering specifying the project and VPC network name to
connect with and also select the option to export custom routes. This
way the other part of the peering, in this case your GCP project, will
have visibility of your Cloud SQL instance. Now, from the GCP project
side, configure the peering specifying the Cloud SQL project name and
the VPC network name to connect with. The same way we did with the
Cloud SQL peering, we have to set up the peering to import custom
routes as it will receive exported routes coming from the other side
of the connection, which in our case is your Cloud SQL instance.
Here您可以查看有关在任何 VPC 网络对等互连之间导入和导出路由的更多信息。
-请求 Google 云支持为您启用云的交换自定义路由 SQL
Reach Google Cloud Support and ask them to enable the exchange of
custom routes for your speckle-umbrella VPC network associated with
your instance that is automatically created upon the Cloud SQL
instance is created.
考虑到这最后一步非常重要,所有 SQL 项目 运行 都在伞形项目下,因此无需请求 Google 云支持来启用交换自定义路由你的实例这永远不会工作。
共享 VPC
至于共享 VPC,您唯一需要考虑的是您需要在创建 Cloud SQL 实例后启用该选项,因为之后您无法添加它。
您将在以下内容中找到共享 VPC 的配置指南link。
我想从不同的 GCP 项目连接到云 SQL。
Cloud SQL 位于 ProjectSQL 中,VPC 网络位于 ProjectSQL 项目中,名称为 sql_vpc
还有另一个项目 ProjectDataflow,它有一个 vpc dataflow_vpc。我想使用在 ProjectDataflow 项目
中启动的 VM 从项目SQL 连接到云SQL我尝试过的成功和失败的事情。
私人访问:
VPC 对等:
Enable Private IP access in Cloud with the vpc sql_vpc
Creating VPC peering between dataflow_vpc and sql_vpc
This solution does not work because you can not access the Peered Network.
https://cloud.google.com/sql/docs/mysql/private-ip
Status: FAILED
共享网络
As per doc I can create the CloudSQL in shared VPC network, that says I
have to create the CloudSQL in host project, and to access the Cloud
SQL from VM instance, it has be in the same network as of authorized
private ip network of Cloud SQL
Status: NOT TRIED but looks to be Negative
Public访问:
Create a Cloud NAT in ProjectDataflow with dataflow_vpc with manual IP
Use the Cloud NAT public ip to whitelist in CloudSQL instance
Now I can access the CloudSQL from project ProjectDataflow using CloudSQL Public IP
STATUS: Success
请分享您从另一个项目访问 Cloud SQL 的经验。 是否有从另一个 gcp 项目连接云 SQL 的最佳实践?
编辑:
较新的实例似乎默认启用此选项,无需再联系支持人员。但是,如果在所有过程之后,设置仍然无法正常工作,可能需要联系支持人员。
重要提示:VPC 对等选项将不再起作用,如文档中所述,更准确地说在 Considerations topic 中。那么实现它的唯一可用选项是使用共享 VPC
将云 SQL 与另一个 GCP 项目互连的过程在 documentation 之后非常简单。为了使其正常工作,您唯一需要考虑的是您必须请求 Google 云支持为您的云 SQL 散斑伞实例启用自定义路由,其中您的云 SQL 是 运行ning,否则您将无法在 GCP 项目中访问您的云 SQL。
以下步骤适合您:
-为云配置 VPC SQL 实例
Inside the project where you have your Cloud SQL instance, create a VPC network with the ip address range of your desire. Choose the same zone for the VPC in which your instance is located.
-为GCP项目配置VPC
Now switch to the project where your CloudDataflow instance is located and follow the same process. Create the VPC network being careful that the IP ranges do not collide between each other. You can use the following tool to check if the IP addresses range collide. Also take into consideration that both VPC networks must be in the same zone.
-用peering连接两个项目的VPC
Once both VPC networks are created it is needed to configure the VPC network peering from both projects. From the Cloud SQL instance side, configure the peering specifying the project and VPC network name to connect with and also select the option to export custom routes. This way the other part of the peering, in this case your GCP project, will have visibility of your Cloud SQL instance. Now, from the GCP project side, configure the peering specifying the Cloud SQL project name and the VPC network name to connect with. The same way we did with the Cloud SQL peering, we have to set up the peering to import custom routes as it will receive exported routes coming from the other side of the connection, which in our case is your Cloud SQL instance.
Here您可以查看有关在任何 VPC 网络对等互连之间导入和导出路由的更多信息。
-请求 Google 云支持为您启用云的交换自定义路由 SQL
Reach Google Cloud Support and ask them to enable the exchange of custom routes for your speckle-umbrella VPC network associated with your instance that is automatically created upon the Cloud SQL instance is created.
考虑到这最后一步非常重要,所有 SQL 项目 运行 都在伞形项目下,因此无需请求 Google 云支持来启用交换自定义路由你的实例这永远不会工作。
共享 VPC
至于共享 VPC,您唯一需要考虑的是您需要在创建 Cloud SQL 实例后启用该选项,因为之后您无法添加它。
您将在以下内容中找到共享 VPC 的配置指南link。