Reputation: 23
Cloud SQL Connection within different projects
Problem: Hello, I have recently started using GCP. For a task, it is requied to connect my cloud sql instance with only private-ip present in my 'prod' project in 'vpc2' to an vm launched in diff project 'dev' in 'vpc1'.
Solution attempt: I have made a private service connection from 'vpc2' for providing private-ip to my sql instance. and also i have done vpc peering b/w vpc1 & vpc2 with import/export of custom routes enabled. But i am unable to access sql from vm.Curently i dont want to use shared vpc or sql proxy feature.
Thanks.
Upvotes: 2
Views: 2585
Answers (2)
Reputation: 1
I had a similar problem, I have 2 projects A and B, and I needed to access the cloud sql instance in project B from project A I created a simple VPN instance with pritunl,configured the routes inside pritunl, after that I just created a VPN Ipsec between project A and B, with custom routes to the cloud sql, and it worked, now I can access the database using internal IP from my laptop locally.
Upvotes: 0
Reputation: 76073
Actually, when you create a private IP for your Cloud SQL database, you create a peering between your VPC network and the Google Managed Network for your Cloud SQL instances. Therefore, you can't create another peering because you break the peering transitivity rule
Only directly peered networks can communicate. Transitive peering is not supported. In other words, if VPC network N1 is peered with N2 and N3, but N2 and N3 are not directly connected, VPC network N2 cannot communicate with VPC network N3 over VPC Network Peering.
There is several solution for this:
- Set a public IP on the Cloud SQL instance, without any allowed network (for security reason) and use Cloud SQL proxy in your Dev project. It will be able to connect to the CLoud SQL instance through the public IP and with an encrypted protocol. But you don't want to use Cloud SQL proxy; and in addition you need to add a public IP on your prod Cloud SQL instance, you might be not authorized to do this!
- Set up a Shared VPC. But it's not very easy to manage with lot of service limitation. And you don't want to use this solution
- My latest bullet is to set up a Cloud VPN between your projects. It's a workaround but it works fine.
Upvotes: 3
Related Questions
- Connect to the CloudSQL Postgres from different project
- Do I need a Provate VPC to Allow Cloud SQL Access from another GCP project?
- Access Cloud SQL instance in separate project
- How to enable private IP connectivity to two Cloud SQL instances on two separate projects from third project?
- CloudSQL instances must be in the same project as the query connection
- Connecting to Google Cloud SQL
- Accessing Cloud SQL from another GCP project
- How to connect user to different Cloud SQL instance once they login?
- Connect google cloud SQL from Google Instance
- How to connect from a pool of Google Compute Engine instances to Cloud SQL DB in the same project?