Skip to content

Commit

Permalink
Merge pull request #4593 from EnterpriseDB/docs/edits_to_pr4564
Browse files Browse the repository at this point in the history 
Edits to pr4564
  • Loading branch information
@drothery-edb
drothery-edb authored Aug 14, 2023
2 parents e72db8d + d16bf7f commit f72d2fc
Showing 1 changed file with 38 additions and 39 deletions.
77 changes: 38 additions & 39 deletions .../release/using_cluster/02_connecting_your_cluster/connecting_from_gcp/index.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ navTitle: From Google Cloud
The way you create a private Google Cloud endpoint differs when you're using your Google Cloud account versus using BigAnimal's cloud account.

## Using BigAnimal's cloud account
When using BigAnimal's cloud account, you provide BigAnimal with your Google Cloud project ID when creating a cluster (see [Networking](/biganimal/latest/getting_started/creating_a_cluster/#network-logs--telemetry-section)). BigAnimal, in turn, provides you with a Google Cloud service attachment, which you can use to connect to your cluster privately.
When using BigAnimal's cloud account, when creating a cluster, you provide BigAnimal with your Google Cloud project ID (see [Networking](/biganimal/latest/getting_started/creating_a_cluster/#network-logs--telemetry-section)). BigAnimal, in turn, provides you with a Google Cloud service attachment, which you can use to connect to your cluster privately.

1. When creating your cluster, on the **Cluster Settings** tab, in the **Network** section:
1. Select **Private**.
Expand All @@ -25,7 +25,7 @@ Two different methods enable you to connect to your private cluster from your ap

- You can use Google Cloud [Private Service Connect (PSC)](https://cloud.google.com/vpc/docs/configure-private-service-connect-producer) to publish services using internal IP addresses in your VPC network. PSC is a network interface that securely connects a private IP address from your Google Cloud VPC to an external service. You grant access only to a single cluster instead of the entire BigAnimal resource VPC, thus ensuring maximum network isolation. We refer to this process of connecting as using PSC-connected endpoints.

- We recommend the PSC-connected endpoint method and it is most commonly used. It's the method we describe in this topic. However, you can also use the [VPC peering](vpc_peering) connection method, if required by your organization.
- We recommend the PSC-connected endpoint method, which is most commonly used and is used in the example. However, if required by your organization, you can also use the [VPC peering](vpc_peering) connection method.

### PSC-connected endpoint example
This example shows how to connect your cluster using PSC-connected endpoints.
Expand All @@ -48,7 +48,7 @@ Assume that your cluster is in a project called `development` and is being acces
- VM Client’s Subnet: `client-app-subnet`


### Prerequisites
#### Prerequisites

To walk through an example in your own environment, you need a:

Expand All @@ -57,76 +57,75 @@ To walk through an example in your own environment, you need a:
- Subnet in the VM’s VPC in the same region as the BigAnimal cluster.


### Step 1: Publish a service from BigAnimal
#### Step 1: Publish a service from BigAnimal

!!! Note
Perform this procedure in the Google Cloud project connected to your BigAnimal subscription.
Publish a service from BigAnimal in the Google Cloud project connected to your BigAnimal subscription.

In the Google Cloud project connected to BigAnimal, create a PSC Published Service to provide access to your cluster from other VPCs in other Google Cloud projects. Perform this procedure for each Postgres cluster to which you want to provide access.
In the Google Cloud project connected to BigAnimal, to provide access to your cluster from other VPCs in other Google Cloud projects, create a PSC published service. Publish a service from BigAnimal for each Postgres cluster to which you want to provide access.

1. Get the hostname of your Postgres cluster from the Connect tab of the Cluster page on the BigAnimal portal (`P-mckwlbakq5.private.brcxzr08qr7rbei1.biganimal.io`).
1. Get the hostname of your Postgres cluster from the **Connect** tab of the Cluster page on the BigAnimal portal (`P-mckwlbakq5.private.brcxzr08qr7rbei1.biganimal.io`).

1. Using Cloudshell, the command prompt, or other terminal, get the internal IP address of the host by performing a ping, nslookup, or dig +short <host> against the hostname (`10.247.200.9`).
1. Using Cloudshell, the command prompt, or some other terminal, get the internal IP address of the host by performing a ping, nslookup, or dig +short <host> against the hostname (`10.247.200.9`).

1. In the Google Cloud portal, go to **Network Services > Load balancing**.

1. In the Filter area, choose Addresses under **LOAD BALANCERS**, and filter for the host IP (`10.247.200.9`). Note the load balancer name (`a58262cd80b234a3aa917b719e69843f`).
1. In the Filter area, under **Load Balancers**, select **Addresses** and filter for the host IP (`10.247.200.9`). Note the load balancer name (`a58262cd80b234a3aa917b719e69843f`).

1. Navigate to **Private Service Connect > PUBLISHED SERVICES > + PUBLISH SERVICE**.
1. Go to **Private Service Connect > Published Services > + Publish Service**.

1. Select **+ PUBLISH SERVICE**.
1. Select **+ Publish Service**.
1. Under **Load Balancer Type**:

1. Select **Internal passthrough Network Load Balancer**
1. Select **Internal passthrough Network Load Balancer**.

1. Paste the load balancer name (`a58262cd80b234a3aa917b719e69843f`) in the **Internal load balancer** field.
1. In the **Internal load balancer** field, paste the load balancer name (`a58262cd80b234a3aa917b719e69843f`).
1. For **Service Name**, enter the published service a name (`p-mckwlbakq5`).
1. For **Subnets**, choose RESERVE NEW SUBNET.
1. For **Subnets**, select **Reserve New Subnet**.

1. In the Reserve subnet for Private Service Connect window, enter the following details, then select **ADD**.
1. In the Reserve subnet for Private Service Connect window, enter the following details, and then select **Add**.
1. For **Name**, use the name of the Postgres cluster (`p-mckwlbakq5`).

1. For **IPv4 range**, assign the CIDR for the field IPv4 range. For example, `10.247.214.0/29`.
!!! Note Recommendations for IP Range:
- Allocate at least 8 IP addresses to the CIDR. The subnet mask should not be greater than 29.
1. For **IPv4 range**, assign the CIDR for the field IPv4 range, for example, `10.247.214.0/29`.
!!! Note "Recommendations for IP range"
- Allocate at least 8 IP addresses to the CIDR. The subnet mask must not be greater than 29.
- Avoid overlap with other reserved IP ranges by not allocating too many IP addresses at one time.
- If you encounter the error "This IPv4 address range overlaps with a subnet you already added. Enter an address range that doesn't overlap.", you’ll need to use another CIDR block (until no error returns).
- If you encounter the error "This IPv4 address range overlaps with a subnet you already added. Enter an address range that doesn't overlap.", use another CIDR block until no error is returned.

1. (Optional) Add the consumer (where the client app resides) Google Cloud project ID (`test-001`) to accept connections automatically.
1. (Optional) To accept connections automatically, add the consumer (where the client app resides) Google Cloud project ID (`test-001`).

1. Select **ADD SERVICE** and get the name of the service attachment. You may need to select the newly created Published service to find the name of the service attachment. (`projects/development-001/regions/us-central1/serviceAttachments/p-mckwlbakq5`).
1. Select **Add Service** and get the name of the service attachment. You might need to select the newly created published service to find the name of the service attachment. (`projects/development-001/regions/us-central1/serviceAttachments/p-mckwlbakq5`).

1. Proceed to Step 2: Create a connected endpoint for the VM client/application.

### Step 2: Create a connected endpoint for the VM client/application
#### Step 2: Create a connected endpoint for the VM client/application

!!! Note
You perform this procedure in the Google Cloud project where your VM client/application resides.
Create a connected endpoint for the VM client/application in the Google Cloud project where your VM client/application resides.

1. From the Google Cloud console, switch over to the project where your VM client/application resides (`test`).

1. Go to **Compute Engine > VM Instances > Network Interface > Network** to get the VPC of your VM (`client-app-vpc`).
1. To get the VPC of your VM (`client-app-vpc`), go to **Compute Engine > VM Instances > Network Interface > Network**.

1. Go to **Network Services > Private Service Connect - CONNECTED ENDPOINTS > +CONNECT ENDPOINT** to create an endpoint with the VPC.
1. For the Target, select Published service, and use the service attachment captured earlier (`projects/development-001/regions/us-central1/serviceAttachments/p-mckwlbakq5`).
1. To create an endpoint with the VPC, go to **Network Services > Private Service Connect - Connected Endpoints > +Connect Endpoint**.
1. For the target, select **Published service**, and use the service attachment captured earlier (`projects/development-001/regions/us-central1/serviceAttachments/p-mckwlbakq5`).

1. For the Endpoint name, use the name of your VM client/application (`test-app-1`).
1. For the Network (VPC), use the name of your VM Client’s VPC (`client-app-vpc`).
1. For the Subnetwork, use your VM Client’s Subnet (`client-app-subnet`).
1. For the endpoint name, use the name of your VM client/application (`test-app-1`).
1. For the network (VPC), use the name of your VM client’s VPC (`client-app-vpc`).
1. For the subnetwork, use your VM client’s subnet (`client-app-subnet`).
!!! Note
If no subnet is available, create a subnet in the VPC for the region where your Postgres cluster was created. Refer to the steps in [this knowledge base article](https://support.biganimal.com/hc/en-us/articles/20383247227801-GCP-Connect-to-BigAnimal-private-cluster-using-GCP-Private-Service-Connect#h_01H4NMNNSFQXNTX78W08Q3G39K).
1. For the IP address, create an IP address, or choose an existing IP that is not used by the other endpoints.
1. Enable Global Access.
If no subnet is available, create a subnet in the VPC for the region where your Postgres cluster was created as shown in [this knowledge base article](https://support.biganimal.com/hc/en-us/articles/20383247227801-GCP-Connect-to-BigAnimal-private-cluster-using-GCP-Private-Service-Connect#h_01H4NMNNSFQXNTX78W08Q3G39K).
1. For the IP address, create an IP address, or choose an existing IP that isn't used by the other endpoints.
1. Enable **Global Access**.
!!! Note
If your VM is running in a different region from BigAnimal, then Global Access should always be enabled.
1. Select ** ADD ENDPOINT**.
If your VM is running in a different region from BigAnimal, then always enable **Global Access**.
1. Select **Add Endpoint**.

1. Check to see if the endpoint status is Accepted, and obtain the IP address.
!!! Note
If the endpoint status is Pending, refer to the steps in [this knowledge base article](https://support.biganimal.com/hc/en-us/articles/20383247227801-GCP-Connect-to-BigAnimal-private-cluster-using-GCP-Private-Service-Connect#h_01H4NMPGXCSC9V30WNESV52FAV).
If the endpoint status is Pending, see [this knowledge base article](https://support.biganimal.com/hc/en-us/articles/20383247227801-GCP-Connect-to-BigAnimal-private-cluster-using-GCP-Private-Service-Connect#h_01H4NMPGXCSC9V30WNESV52FAV).

1. Connect to your BigAnimal cluster from your client application using the endpoint IP address (for example, `psql "postgres://edb_admin@<endpoint IP>:5432/edb_admin?sslmode=require"`).

### Step 3: Set up a Private DNS Zone (optional)
Setting up a Private DNS Zone in your Google Cloud project allows you to connect BigAnimal with the host. For instructions on setting up a Private DNS Zone, refer to [this knowledge base article](https://support.biganimal.com/hc/en-us/articles/20383247227801-GCP-Connect-to-BigAnimal-private-cluster-using-GCP-Private-Service-Connect#h_01H4QMHF1DJGKW5ED2BQ6YCT29).
#### Step 3: (Optional) Set up a private DNS zone

Setting up a private DNS zone in your Google Cloud project allows you to connect BigAnimal with the host. For instructions on setting up a private DNS zone, see [this knowledge base article](https://support.biganimal.com/hc/en-us/articles/20383247227801-GCP-Connect-to-BigAnimal-private-cluster-using-GCP-Private-Service-Connect#h_01H4QMHF1DJGKW5ED2BQ6YCT29).

1 comment on commit f72d2fc

@github-actions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉 Published on https://edb-docs-staging.netlify.app as production
🚀 Deployed on https://64da4ac575bf5b55036e4e88--edb-docs-staging.netlify.app

Please sign in to comment.