1

I have created a GCP CloudSQL instance with a private address using Private Service Access. I assigned the subnet mask (/20) for Private Service Access and was able to successfully launch a MySQL instance using this range. The following range was allocated by GCP for /20 subnet mask

 $ gcloud compute addresses list --global --filter="purpose=VPC_PEERING"
 NAME         ADDRESS/RANGE    TYPE      PURPOSE                       NETWORK        REGION  SUBNET  STATUS
 google-managed-services-kube-shared-vpc   10.120.192.0/20  INTERNAL  VPC_PEERING  kube-shared-vpc     RESERVED

After that I created the Private Connection which is listed as shown below

$ gcloud services vpc-peerings list  --network=kube-shared-vpc --project=training-network-dta-26a2
---
network: projects/957681968813/global/networks/kube-shared-vpc
peering: servicenetworking-googleapis-com
reservedPeeringRanges:
- google-managed-services-kube-shared-vpc
service: services/servicenetworking.googleapis.com

Now I allocated another private address range to Private Service Connection as shown below

cloudsqlrange 192.168.0.0/24   INTERNAL  VPC_PEERING     kube-shared-vpc       RESERVED

Following are my queries based on above setup

  1. As I already created the Private Connection for this shared VPC how can I add the new IP range to this private connection or will it be automatically taken care of ?

  2. When I create a CloudSQL instance using 'Private IP" it is allocating IP address to the CloudSQL instance from the first range I created . This is the IP range

NAME        ADDRESS/RANGE    TYPE      PURPOSE                       NETWORK        REGION  SUBNET  STATUS
google-managed-services-kube-shared-vpc   10.120.192.0/20  INTERNAL  VPC_PEERING  kube-shared-vpc     RESERVED

I want to launch the CloudSQL using the newly allocated IP Address Range. I cannot specify the IP as it is VPC Name only which I can submit

       gcloud beta sql instances create mysqlprivatetest \
       --network=kube-shared-vpc \
       --region us-central1 \
       --no-assign-ip \
       --tier=db-f1-micro \
       --storage-type=HDD \
       --require-ssl \
       --database-version=MYSQL_8_0

Does this mean that only one IP Range is associated with a Private Service Connection ?

  1. Can we launch Redis instance using the same Private connection ?
Zama Ques
  • 1,497
  • 5
  • 26
  • 45
  • **1**. Could you please provide a network scheme? **2**. Why do you need another private address range? **3**. Do you mean GCE instance in shared VPC? – Serhii Rohoza Oct 30 '20 at 16:39
  • Initially I allocated a automated IP range assigned by Google. Now we created another IP range which we manually allocated and wants the CloudSQL instance to be assigned IP from this range . – Zama Ques Nov 04 '20 at 05:00
  • Please provide a network scheme. How about Redis instance? Do you mean GCE instance in shared VPC? It looks like it's easier to configure from scratch starting from networking. – Serhii Rohoza Nov 04 '20 at 07:28

0 Answers0