Background
This article introduces the steps to connect a private cluster setup in EDB Cloud Service.
For BYOA private connection setup, please kindly refer to GCP | Connect to private cluster using GCP Private Endpoint, and GCP | Connect to private cluster using GCP VPC Peering
Prerequisites
- A private Cluster deployed in EDB Cloud Service
- A VM with psql or edb-psql installed in your GCP project. The example here is: development-data
- VM's VPC has a subnet in the same region as the cluster.
Main Steps
- Make sure GCP project ID is set
- Create Endpoint in your GCP project
- Private DNS Zone
- Connect to Cluster
Step 1 GCP project ID
Your Google Cloud Project ID is required when creating a private cluster. This GCP Project will be added to the allowlist, and then BigAnimal will accept the connection from this project.
Please make sure your VM is running in this GCP project.
Step 2 Create Endpoint from Client Application
Go to your GCP project; here is development-data
2.1 Get VPC info
It is recommended that you create one in the same region as the Cluster.
If the VM is running, then go to your VM, Network Interface - Network is your VPC, (below default is my VM’s VPC)
2.2 Create an endpoint with VPC
Go to your GCP project; here is development-data
- Go to Private Service Connect - CONNECTED ENDPOINTS - + CONNECT ENDPOINT
- Target: Published Service, and paste Service Attachment URL from Cluster - Connect
- Endpoint Name: use cluster ID (for example, p-zxvvj29eca)
- Choose the VPC(of your VM) and select the subnet (if no subnet is available, then please check VPC requirement below )
- Create an IP address, or choose an existing IP that is not used by the other endpoints
- Enable Global Access – Please note, if your VM is running in a different region from the cluster, then Global Access should be enabled.
- Create the endpoint.
- Check the endpoint status is accepted and get the IP address.
2.3 Access the Cluster with IP Address
Step 3 Private DNS Zone
- Go to Network services, Cloud DNS
- Check if the Cloud DNS zone already exists, filtering with the DNS name
DNS name is from your cluster -
If not, create a DNS zone with Service Directory
Just make sure the VPC, Region, Namespace are the same as your endpoint.
If you configured with Service Directory, then all the Endpoints in the same VPC, Region, Namespace will be added to this DNS zone automatically.
Step 4 Access the Cluster with the connection string
Now you can connect with your <endpoint name>.private.bahstaging.s.edbcloud.io
Please note, we do recommend you name the endpoint with the pg cluster id and then you can connect to the cluster with the connection string provided by BigAnimal.
Appendix A - Possible issues
VPC Requirement
If the application-side VPC does not have a subnet in the same region as the Cluster, it will return the below errors when creating the endpoint.
Solution: add a subnet in that region
Endpoint is in a Pending or Error Status
Pending state
It may be caused by the GCP project ID not being added. Please go to your cluster edit page and verify that the GCP project ID is correct. If the problem still exists, contact Support.
Error state
If the other endpoint uses the IP address, it will be in an error state. Solution: Create a new IP when creating the endpoint.