0

I have an architectural issue with Cloud SQL. We have an API that is running in a GKE cluster in a network A and a cloud SQL instance in a network B. The current network config doesn't allow peering between these 2 networks. Is there any possibility to connect the API to the instance.

Draft of the current architecture

Max
  • 175
  • 1
  • 8
  • Is the Cloud SQL instance configured to have only private IP? If so, you can connect both VPCs using Cloud VPN. Anyways please add more details about how the services are configured. – Puteri Dec 09 '22 at 23:48
  • @Ferregina the Cloud SQL instance only have private IP. And the network team will not allow the use of a cloud VPN. – Max Dec 12 '22 at 02:08
  • Then the best option is to use a bastion host in the vpc where is the sql instance or use a shared vpc. If non of the both options are feasible then you will not be able to connect them – Puteri Dec 12 '22 at 04:24
  • Thanks for your response @Ferregina. Using a shared VPC is feasible. But when using a shared VPC, should I place a cloud sql auth proxy in the shared VPC? – Max Dec 12 '22 at 10:24

1 Answers1

1

As @ Ferregina suggested:

The bastion hosts provide secure access to Linux instances located in the private and public subnets of your virtual private cloud (VPC). The solution sets up a Multi-AZ environment and deploys Linux bastion host instances into the public subnets.

As mentioned in the document:

To connect to a Cloud SQL instance using private IP, the Cloud SQL Auth proxy must be on a resource with access to the same VPC network as the instance.

Refer to this link for more information.

Fariya Rahmat
  • 2,123
  • 3
  • 11