2

I'm trying to connect App Engine application to MongoDB Cloud over a peering connection.

All services in my GCP are using non-default network called "main". I've setup peering connection with terraform:

resource "google_compute_network_peering" "mongodb_peering" {
  name         = "mongodb-peering"
  network      = google_compute_network.main.self_link
  peer_network = "projects/${mongo-cloud-project}/global/networks/${mongo-cloud-network}"
}

It works as expected.

Presumably App Engine uses default VPC network.

When I'm trying to create second connection on the default network I'm getting error because of overlapping ranges. So, I've just deleted the peering with main network and set up a new one with the default network.

Still the App Engine application cannot connect to mongodb over the peering connection.

App.yaml:

runtime: nodejs12

instance_class: F4

handlers:
  - url: /.*
    secure: always
    redirect_http_response_code: 301
    script: auto

automatic_scaling:
  max_instances: 2
  max_concurrent_requests: 80

inbound_services:
  - warmup
stkvtflw
  • 93
  • 6
  • What where the CIDR ranges of the main and default network for the first and second peering that you attempted? – James S Nov 15 '22 at 18:41
  • @JamesS main: 10.128.0.0/9, default: 10.128.0.0/20 – stkvtflw Nov 15 '22 at 19:05
  • What's up with the downvote? Is something wrong with that question? – stkvtflw Nov 15 '22 at 19:20
  • 1
    If you haven't solved it yet... When you said `when I'm trying to create second connection on the default network...`, what do you mean by `second connection`? My understanding you have an App Engine using the default VPC and the default VPC peering to the Atlas cloud and cannot connect from the GAE to the database? – jabbson Nov 18 '22 at 21:42
  • 1
    Maybe also include info like - what flavour of gae you are using, how your app.yaml looks like, how you are accessing the database from the app, how your firewall is configured, whether you can access the same database from the VM in the VPC – jabbson Nov 18 '22 at 22:20
  • You cannot have 2 or more VPC peerings that in your case, uses the same overlapping IP Ranges. This will create confusion since the routes will be created with the same priority. My suggestion for now would be as @jabbson stated, clarify your goal and provide more details and use a completely different CIDR range with the other VPC peer. – James S Nov 19 '22 at 03:34
  • @jabbson I also thought that App Engine is using the default VPC. I deleted the "main" pearing and created one for the default VPC. The connection did not work. I've just added app.yaml. – stkvtflw Nov 21 '22 at 13:21
  • 1
    So this is for a standard environment then. If so then the app is not using any of your networks by default, you need to use the serverless VPC access connector to connect to your VPCs. – jabbson Nov 21 '22 at 15:22
  • @jabbson thanks, that helped! – stkvtflw Nov 22 '22 at 18:07
  • @stkvtflw Were your questions answered? If so, please post it as an answer so other members with the same questions can see it. – James S Nov 22 '22 at 18:29

1 Answers1

0

You cannot have 2 or more VPC peerings that in your case, uses the same overlapping IP Ranges. This will create confusion since the routes will be created with the same priority.

And as @jabbson pointed out, the app is not using any of your networks by default. so you'll need to create a serverless VPC access connector to connect your VPCs.

James S
  • 256
  • 1
  • 4