Reputation: 2685
Connecting Cloud SQL Private Instance with Cloud Build
In my GCP org I've a Cloud SQL Private instance running with a Private IP, peering with my internal VPC. For my Cloud Run payload, I setup a Serverless VPC connector and it works fine. Also, my GCE instances in the VPC can reach the CloudSQL instances using Cloud SQL proxy... great.
But now I need to make that Cloud SQL instance reachable by my CloudBuild pipelines. To do that, of course I'll switch my building pool to private. But I'm puzzled about how to ensure connectivity between these two kinds of managed services.
AFAIK CloudBuild does not tunnel through Serverless VPC connectors.
1- Does CloudSQL and CloudBuild share the same google-managed service VPC? Do I need two distinct VPC peering spaces for those two services or should they share the same one?
2- In case they don't, since peering is not transitive, I guess that peering the CloudBuild network won't make the private IP of CloudSQL reachable by its own. How can I ensure connectivity between the two services, then? Should I need to peer from CloudSQL to CloudBuild networks (how?)? Do I need to setup a HA VPN between the two (wasting money)? Hopping using a GCE bastion (not so elegant)?
Upvotes: 1
Views: 406
Answers (0)
Related Questions
- Access Cloud SQL instance in separate project
- How to export specific routes over a peered vpc connection in google cloud?
- The peering connection cloudsql-mysql-googleapis-com is not established when a Cloud SQL instance is configured to use Private IP
- How to connect to Cloud SQL from Cloud Run instance while also using Serverless-VPC-Connector?
- GCE cannot access private SQL
- GCP Cloud Functions connecting to cloud sql with private IP
- Connect to Cloud SQL from GKE clusters in different VPC Networks using Private IP
- Accessing Cloud SQL from another GCP project
- Connecting VPC to Cloud SQL