混淆在创建VPC访问连接器时。

huangapple go评论70阅读模式
英文:

Confusion Around Creating a VPC Access Connector

问题

我正在尝试设置无服务器VPC访问

无服务器VPC访问允许您直接从Cloud Functions连接到Compute Engine虚拟机实例,Memorystore实例,Cloud SQL实例,

听起来很不错。但文档对初学者不够友好。第二步是创建连接器,对此我有一些问题:

在网络字段中,选择要连接的VPC网络。

我的下拉菜单只包含“默认”。这正常吗?我应该在这里看到什么?

在IP范围字段中,输入未使用的CIDR /28 IP范围。该范围内的地址用作通过连接器发送的流量的源地址。此IP范围不得与VPC网络中的任何现有IP地址保留重叠。

我不知道该怎么办。我尝试使用链接文档中的信息,首先从我选择的区域输入一个IP,然后从该区域之外输入一个IP。结果都是创建具有错误的连接器。 "连接器处于糟糕的状态,建议手动删除"

如果创建失败,文档继续提供了一些故障排除步骤:

指定不与VPC网络中的任何现有IP地址保留重叠的IP范围。

我不知道这是什么意思。也许像,如果我有其他连接器,我应该确保新连接器的IP范围不与那些重叠。这只是一个猜测,但无论如何我都没有。

授予您的项目权限,以使用具有ID为serverless-vpc-access-images的项目中的Compute Engine VM映像。有关如何相应地更新组织策略的信息,请参阅设置图像访问约束。

这将我引向另一篇文档,关于更新我的组织的“图像策略”。这让我感到非常困惑,我甚至觉得我可能不应该在这里。

这一切都始于想要从Firebase连接到SQL Server实例。创建VPC连接器似乎是一个好的步骤,但我每个障碍都无法克服。云专家能否帮助我解决其中一些困惑点?

英文:

I am trying to set up Serverless VPC access

> Serverless VPC Access enables you to connect from your Cloud Functions directly to Compute Engine VM instances, Memorystore instances, Cloud SQL instances,

Sounds great. But the documentation is not super friendly to a beginner. Step 2 is to create a connector, about which I have a couple of questions:

> In the Network field, select the VPC network to connect to.

My dropdown here contains only "Default". Is this normal? What should IO expect to see here?

>In the IP range field, enter an unused CIDR /28 IP range. Addresses in this range are used as source addresses for traffic sent through the connector. This IP range must not overlap with any existing IP address reservations in your VPC network.

I don't know what to do here. I tried using the information in the linked document to first) enter an IP from the region I had selected, and, second) enter an IP from outside that region. Both resulted in connectors that were created with the error. "Connector is in a bad state, manual deletion is recommended"

The documentation continues with a couple of troubleshooting steps if the creation fails:

> Specify an IP range that does not overlap with any existing IP address reservations in the VPC network.

I don't know what this means. Maybe like, if I have other connectors I should be sure the IP range for the new one doesn't overlap with those. That's just a guess, but anyway I have none.

> Grant your project permission to use Compute Engine VM images from the project with ID serverless-vpc-access-images. See Setting image access constraints for information on how to update your organization policy accordingly.

This leads me to another document about updating my organization's "Image Policy". This one has me so out of my depth, I don't even think I should be here.

This has all started with just wanting to connect to a SQL Server instance from Firebase. Creating the VPC connector seems like a good step, but I've just fallen at every hurdle. Can a cloud-dweller please help me with a few of these points of confusion?

答案1

得分: 11

  1. 创建一个无服务器VPC访问

我认为最好的参考是按照这个文档中的步骤进行操作。在第7步中,它说:

在IP范围字段中,输入一个未被保留的CIDR /28 IP范围。

你可以使用的IP范围示例是10.8.0.0/28,甚至是10.64.0.0/28,条件是它没有被用于任何其他网络。你可以通过转到VPC Network > VPC networks来检查哪些IP地址正在使用。在网络字段中,你将看到"default"选项,所以没问题。

这可能需要一些时间,因此在此期间,你可以创建你的SQL Server/MySQL/PostgreSQL实例。

  1. 创建一个CloudSQL实例

创建你需要的实例(MySQL/PostgreSQL/SQL Server)。在你的情况下,它将是一个SQL Server实例。还要检查这些步骤,以在创建时为你的实例配置私有IP,或者如果你已经创建了一个实例,你可以检查这个。记下私有IP,因为稍后将会用到它。

  1. 创建一个Cloud函数

在创建Cloud函数之前,你必须授予CF服务帐户使用VPC的权限。请按照这些步骤进行操作。

然后按照这些步骤配置你的函数的连接器以使用VPC。在第5步中,它说:

在VPC连接器字段中,输入以下格式的完全限定名称的连接器:

projects/PROJECT_ID/locations/REGION/connectors/CONNECTOR_NAME

不需要以这种格式添加你的VPC。已经有一个列表,你可以选择你的VPC。最后部署你的函数。

我写了一个小函数来测试连接。我更愿意使用Python,但它需要比NodeJS更多的系统依赖项。

index.js

var express = require('express');
var app = express();
var sql = require("mssql");

exports.helloWorld = (req, res) => {
    var config = {
        user: 'sqlserver',
        password: 'password',
        server: 'Your.SQL.Priavte.IP', 
        database: 'dbname' 
    };

    // connect to your database
    sql.connect(config, function (err) {
        if (err) console.log(err);

        // create Request object
        var request = new sql.Request();
           
        // query to the database and get the records
        request.query('select * from a_table', function (err, recordset) {
            if (err) console.log(err)

            // send records as a response
            res.send(recordset);
        });
    });
};

package.json:

{
  "name": "sample-http",
  "version": "0.0.1",
  "dependencies": {
    "express": "4.17.1",
    "mssql": "6.0.1"
  }
}

就是这样! 混淆在创建VPC访问连接器时。

重要的是要提到,这个过程更多地涉及将Cloud Functions连接到SQL Server,因为已经有一种更简单的方式将CF连接到PostgreSQL和MySQL。

英文:

I think you've resolved the issue but I will write an answer to summarize all the steps for future reference.

1. Create a Serverless VPC Access

I think the best reference is to follow the steps in this doc. In step 7, it says the following:

> In the IP range field, enter an unreserved CIDR /28 IP range.

The IP you can use is for example 10.8.0.0/28 or even 10.64.0.0/28 with the condition it is not in use for any other network. You can check which IPs are in use going to VPC Network > VPC networks. In the Network field you will have the "default" option so it's okay.

This can take some minutes, so in the meantime you can create your SQL Server/MySQL/PostgreSQL instance.

2. Creating a CloudSQL instance

Create your desired instance (MySQL/PostgreSQL/SQL Server). In your case it will be a SQL Server instance. Also check these steps to configure the Private IP for your instance at creation time or if you have created an instance you can check this. Take note of the Private IP as you will use it later.

3. Create a Cloud function

Before creating your Cloud Function, you have to grant permission to the CF service account to use the VPC. Please follow these steps.

Then follow these steps to configure the connector of your function to use the VPC. In step 5 it says the following:

> In the VPC connector field, enter the fully-qualified name of your connector in the following format:
>
> projects/PROJECT_ID/locations/REGION/connectors/CONNECTOR_NAME

It is not necessary to add your VPC with this format. There is already a list where you can choose your VPC. Finally deploy your function.

I wrote a little function to test the connection. I would prefer to use Python but it needs more system dependencies than NodeJS.

index.js:

var express = require('express');
var app = express();
var sql = require("mssql");

exports.helloWorld = (req, res) => {
    var config = {
        user: 'sqlserver',
        password: 'password',
        server: 'Your.SQL.Priavte.IP', 
        database: 'dbname' 
    };

    // connect to your database
    sql.connect(config, function (err) {
        if (err) console.log(err);

        // create Request object
        var request = new sql.Request();
           
        // query to the database and get the records
        request.query('select * from a_table', function (err, recordset) {
            if (err) console.log(err)

            // send records as a response
            res.send(recordset);
        });
    });
};

package.json:

{
  "name": "sample-http",
  "version": "0.0.1",
  "dependencies": {
    "express": "4.17.1",
    "mssql": "6.0.1"
  }
}

And that's all! 混淆在创建VPC访问连接器时。

It's important to mention that this procedure is more about connecting Cloud Functions to SQL Server as there is already an easier way to connect CF to PostgreSQL and MySQL.

答案2

得分: 0

我发现对于这种连接器,存在一个IP使用的硬性限制。您可以增加配额,或者切换到其他地区。
IP的硬性限制是由免费套餐的配额所强制实施的https://console.cloud.google.com/iam-admin/quotas。
如果不是在免费套餐中,您可以请求增加配额。

英文:

I discovered that there exists a hard limit on how many IP you can use for such connectors. You can increase quota or you can switch to other region.
Hard limit on IP are imposed by quota on the free tier https://console.cloud.google.com/iam-admin/quotas.

When not in free tier, you can request an increment on quota.

huangapple
  • 本文由 发表于 2020年1月4日 00:56:08
  • 转载请务必保留本文链接:https://go.coder-hub.com/59582390.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定