Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Private VPC Peering for Cloud SQL is not supported by deployment manager

See original GitHub issue

(TL;DR) Solution: https://github.com/GoogleCloudPlatform/deploymentmanager-samples/issues/549#issuecomment-613842019

Basically, there is no way to connect/enable servicenetworking.googleapis.com service for a vpc network through deployment-manager.

The gcloud command for the above action/operation is:

gcloud services vpc-peerings connect --service=servicenetworking.googleapis.com --ranges=<my-range> --network=<my-network> --project=<my-project>

Any pointers for how this could be done via deployment-manager?

Issue Analytics

State:
Created 3 years ago
Comments:29 (11 by maintainers)

Top GitHub Comments

2reactions

andytheapedemontaguecommented, Jun 16, 2020

Just to say thanks @Priyankasaggu11929 and @ocsig this was super useful and saved me loads of time. Looking forward to Google supporting this in Deployment Manager directly. In the meantime this works well.

2reactions

Priyankasaggu11929commented, Apr 15, 2020

@jjlorenzo

The jinja template, say example-postgres.jinja will include the following:

{% set ID = env['name'] %}

resources:

######## Network ###########

- name: {{ ID }}-network
  type: compute.v1.network
  properties:
    autoCreateSubnetworks: false

######### SUBNETS ##########

{% for i in range(properties["ipCidrRange"]|length) %}
- name: {{ ID }}-subnet-{{ i }}
  type: compute.v1.subnetwork
  properties:
    network: $(ref.{{ ID }}-network.selfLink)
    privateIpGoogleAccess: true
    ipCidrRange: {{ properties["ipCidrRange"][i] }}
    region: {{ properties["region"] }}
    logConfig:
      aggregationInterval: {{ properties["log"]["aggregationInterval"] }}
      flowSampling: {{ properties["log"]["flowSampling"] }}
      enable: true
{% endfor %}

######### GOOGLE MANAGED SERVICES ##########

- name: addpeering
  action: {project-id}/vpcpeering-v1beta-type:servicenetworking.services.connections.create
  properties:
    parent: services/servicenetworking.googleapis.com
    network: projects/{project-id}/global/networks/{{ ID }}-network
    peering: cloudsql-postgres-googleapis-com
    reservedPeeringRanges:
    - google-managed-services-{{ ID }}-network
  metadata:
    dependsOn:
    - {{ ID }}-network

- name: google-managed-services-{{ ID }}-network
  type: compute.beta.globalAddress
  properties:
    network: $(ref.{{ ID }}-network.selfLink)
    purpose: VPC_PEERING
    addressType: INTERNAL
    prefixLength: 16

# ########## POSTGRES CREATION ##########
  
- name: {{ ID }}-master
  type: gcp-types/sqladmin-v1beta4:instances
  properties:
    region: {{ properties['region'] }}  
    backendType: {{ properties['backendType'] }}  
    gceZone: {{ properties['gceZone'] }}  
    instanceType: CLOUD_SQL_INSTANCE
    databaseVersion: {{ properties['databaseVersion'] }}  
    settings:
      tier: {{ properties['ptier'] }}
      activationPolicy: ALWAYS
      availabilityType: ZONAL
      backupConfiguration:
        enabled: true
        pointInTimeRecoveryEnabled: false
        replicationLogArchivingEnabled: false
      dataDiskSizeGb: {{ properties['dataDiskSizeGb'] }}
      dataDiskType: {{ properties['dataDiskType'] }}      
      ipConfiguration:
        authorizedNetworks:
        - kind: sql#aclEntry
          name: {{ properties["ipConfiguration"]["authorizedNetworks"]["name"] }}
          value: {{ properties["ipConfiguration"]["authorizedNetworks"]["value"] }}
        ipv4Enabled: true
        privateNetwork: projects/{project-id}/global/networks/{{ ID }}-network
  metadata:
    dependsOn:
    - {{ ID }}-network
    - addpeering

- name: {{ ID }}-db
  type: gcp-types/sqladmin-v1beta4:databases
  properties:
    name: {{ properties["database"]["name"] }}
    instance: $(ref.{{ ID }}-master.name)
    charset: {{ properties["database"]["charset"] }}

- name: {{ ID }}-db-root
  type: gcp-types/sqladmin-v1beta4:users
  properties:
    name: {{ properties["database-root"]["user"] }}
    instance: $(ref.{{ ID }}-master.name)
    host: ""
    password: {{ properties["database-root"]["password"] }}
  metadata:
    dependsOn:
    - {{ ID }}-db

And the config.yaml will include the following:

imports:
- path: example-postgres.jinja

resources:

- name: demo
  type: example-postgres.jinja
  properties:
    region: us-west1
    zone: us-west1-a

###### VPC CONFIGS ###### 

    ipCidrRange:
    - 172.16.0.0/21
    log:
      aggregationInterval: INTERVAL_10_MIN
      flowSampling: 0.5

###### POSTGRES CONFIGS ######

    backendType: SECOND_GEN
    gceZone: us-west1-a
    databaseVersion: POSTGRES_11
    ptier: db-custom-2-7680
    dataDiskSizeGb: '10'
    dataDiskType: PD_SSD
    ipConfiguration:
      authorizedNetworks:
        name: example
        value: {ip-range}
    database:
      name: test
      charset: utf8
    database-root:
      user: root
      password: password

You need to change value for the following:

project-id
Inside config.yaml,
- change name & value in ipConfiguration -> authorizedNetworks.
- And pass user and password values accordingly in database-root section.