问题描述

我想将三个不同的项目与他们自己的VPC互连；

I want to interconnect three different projects with their own VPC's;

Project A; test-project
Project B; dev-project
Project C; vpn-project

项目A&B将其VPC与项目C对等.项目C还充当共享VPC的主机，该共享VPC也已附加到项目A&B．已创建此共享VPC，以便可以从VPN项目访问CloudSQL实例

Project A & B have their VPC's peered with project C.Project C also serves as a host for a shared VPC that's also attached to Project A & B.This Shared VPC has been created so that CloudSQL-instances can be accessed from the VPN project

创建共享VPC之后，在项目A&中创建了2个CloudSQL实例.B，您就可以从Project C与这些项目联系.

After creating the shared VPC there were 2 CloudSQL instances created within project A & B, and you are able to contact those projects from Project C.

问题在于，在项目A&中还有计算实例.B，但这些服务器不是共享VPC的一部分.我想将这些实例连接到CloudSQL，但目前无法正常工作.我尝试创建自定义路由并导入它们，但是没有任何运气.

The problem is that there are also Compute Instances in Project A & B, but those servers are not part of the Shared VPC. I would like to connect those instances to the CloudSQL but that doesn't work at the moment.I've tried to create custom routes and import them, but without any luck.

如何在计算实例和来自其他项目的Cloud SQL之间建立连接?

How do I establish a connection between the compute instances and the Cloud SQL from an other project than their own?

推荐答案

直接在GCP中，您不能这样做.只是为了向您解释问题.首先，其名称为:对等传递.(限制结束前的第4段)

Directly in GCP, you can't. Just to explain you the problem. Firstly, its name: peering transitivity. (4th paragraph before the end of restrictions)

然后，规则:Project A->凝视->项目B->凝视->项目C

Then the rule: Project A -> Peering -> Project B -> Peering -> Project C

• 项目A的VPC中的资源可以访问项目B的VPC中的资源
• 项目B的VPC中的资源可以访问项目C的VPC中的资源
• 项目A的VPC中的资源不能访问项目C的VPC中的资源

• Resource into VPC of Project A can access to resource into VPC of Project B
• Resource into VPC of Project B can access to resource into VPC of Project C
• Resource into VPC of Project A can't access to resource into VPC of Project C

现在，我将此应用于您的上下文(您必须知道，当您将您的Cloud SQL实例连接到您的VPC，这是对等连接):

Now, I apply this to your context (you have to know that when you attach your Cloud SQL instance to your VPC, this a Peering connection):

项目A->凝视->项目C->凝视->云端SQL

Project A -> Peering -> Project C -> Peering -> Cloud SQL

使用共享VPC没问题，因为共享VPC内的资源位于同一VPC中，并且与Cloud SQL的对等仅1跳，而不是2 !！

With a shared VPC, no problem, because resources inside the Shared VPC are in the same VPC and the peering with the Cloud SQL is only 1 hop, not 2!.

如何解决

您必须在共享VPC中设置代理，以将请求从共享VPC外部转发到内部.这样，该跃点就不受Google管理，您也不会违反对等传递性规则.

You have to set up a proxy in your shared VPC that forward the requests from outside the shared VPC to inside it. Like this, the hop is not manage by Google and you don't violate the peering transitivity rule.

问题:您必须托管，配置，管理，更新并确保此代理的高可用性.

这篇关于GCP:通过对等连接到CloudSQL实例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！