Google Cloud - Private service connection for CloudSQL using Deployment Manager

Question

I'm trying to automate the deployment of a system using deployment manager. In essence, it's comprised of:

One compute instance running a proxy server
A second compute instance running the app itself (private IP only)
A CloudSQL instance hosting the database (MySQL)

In the existing environments they have, the database is configured with a private IP address, and private service access in the network so that the compute instance can acccess the DB by its private IP.

I've managed to get the 2 instances running, and the CloudSQL instance, but I"m struggling to get the private IP set up on the SQL instance. I've got the following:

    - name: database
      type: sqladmin.v1beta4.instance
      properties:
        backendType: SECOND_GEN
        instanceType: CLOUD_SQL_INSTANCE
        region: {{ properties["region"] }}
        databaseVersion: {{ properties["dbType"] }}
        settings:
          tier: db-n1-standard-1
          dataDiskSizeGb: 10
          dataDiskType: PD_SSD
          storageAutoResize: true
          replicationType: SYNCHRONOUS
          locationPreference:
            zone: {{ properties['zone']}}
          ipConfiguration:
            privateNetwork: {{ properties["network"] }}

However, when I try to build this, I receive the error:

Failed to create subnetwork. Please create Service Networking connection with service 'servicenetworking.googleapis.com' from consumer project '' network '' again

I've tried to dig through the documentation to find how to create this connection using Deployment Manager, but I'm at a loss! I got as far as creating a private address range for peering:

    - name: google-managed-services-<network_name>
      type: compute.beta.globalAddress
      properties:
        network: $(ref.<network_name>.selfLink)
        purpose: VPC_PEERING
        addressType: INTERNAL
        prefixLength: 16

and this appears to create the reservation for private service links correctly, but I can't find the final piece of the puzzle, the actual peer connection to Google's network. The documentation suggests the CLI call I need is:

> gcloud services vpc-peerings connect 
    --service=servicenetworking.googleapis.com 
    --ranges=[RESERVED_RANGE_NAME] 
    --network=[VPC_NETWORK] 
    --project=[PROJECT_ID]

but as far as I can tell, Deployment Manager doesn't support this API.

Has anyone had success with automating this sort of setup before? Pointers to relevant documentation that I might have missed are of course welcome!

score 3 · Accepted Answer · answered Jul 19 '19 at 15:23

3

The servicenetworking.googleapis.com is not currently supported by Deployment Manager nor is it a supported GCP-type so this can't be done through DM for now. I recommend creating a feature request for it since it's a relatively new API.

answered Jul 19 '19 at 15:23

Patrick W

4,603
1
12
26

To configure a private network using `gcloud` _before_ the first SQL instance is created with that network, see also [Configuring private services access for Cloud SQL](https://cloud.google.com/sql/docs/mysql/configure-private-ip#configure-access) (official docs). – yair Sep 17 '19 at 23:37

score -1 · Answer 2 · answered Jan 29 '20 at 23:46

-1

below config works for me, after setting https://cloud.google.com/sql/docs/mysql/configure-private-ip#configure-access

  ipConfiguration:
    privateNetwork: "internal"
    ipv4Enabled: false
    authorizedNetworks: null

answered Jan 29 '20 at 23:46

LINGYUN ZHAO

1

Google Cloud - Private service connection for CloudSQL using Deployment Manager

2 Answers2