How to connect Google managed Postgres SQL Database from another VPC

Google Cloud Serverless Applications
1

Hello Experts,

Are there any resources that I can follow to connect CloudSQL Postgres Database (in VPC-A) from VPC-B.

I see that VPC-A has “Private Service Access” created when I enabled the PrivateIP for the database.

Screenshot Capture - 2024-02-25 - 05-11-54.png
Screenshot Capture - 2024-02-25 - 05-11-54.png1090×334 35.3 KB

I have another vpc say VPC-B, in a different Project and Organization, which I want to connect to this Database. So far I have done vpc peering between VPC-A and VPC-B. I have also set ingress and egress firewall rules to allow-all. However I am still unable to connect to the database.

Running network connectivity test from the VM in VPC-B to Database shows following:

network_connectivity_test_gcp_feb25.png
network_connectivity_test_gcp_feb25.png978×1656 78 KB

From above it seems that instead of sending the request to the peered network hop the request is being routed to “internet gateway”. The issue happens only with database. Testing anyother VM in vpc-a correctly shows the “peering vpc” as the next hop.

network_connectivity_vm_test_Feb25png.png
network_connectivity_vm_test_Feb25png.png964×1168 55.4 KB

I am suspecting the above routing issue has something to do with “Private Service Access” endpoint created for the database. However I am not sure how to proceed here and fix the issue.

Any help will be appreciated. Thanks.

1 Like
2

Hello @kronus86 ,

Take a look at this documentation: Configure private services access

Also, check out: Connect your instance to multiple VPCs. This shows how to connect to your Cloud SQL instance across transitively peered VPCs

If the above options don’t work, you can contact Google Cloud Support to further look into your case. Let me know if it helped, thanks!

3

Thanks Marramirez.

We followed the above guide and configured HA VPN + Custom Route Advertisement. We were able to access Database now via VMs in different Org/Projects.

We are however could not connect our CloudRun machines via the same. Can you please confirm if the above method will work for CloudRun as well. Note we have created “Serviceless VPC Access” for the CloudRun machines.