Skip to content
This repository has been archived by the owner on Nov 12, 2024. It is now read-only.

Commit

Permalink
docs: upstream
Browse files Browse the repository at this point in the history 
planetscale/www@8dbb71e
  • Loading branch information
@planetscale-actions-bot
planetscale-actions-bot committed May 22, 2024
1 parent 10788e7 commit 6d4b52d
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 29 deletions.
36 changes: 20 additions & 16 deletions docs/concepts/private-connections-gcp.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,43 +20,43 @@ Below is a list of instructions to set up your VPC network to utilize a Private

- **Target**: Published Service.
- **Target Service**: Select the target service from the table below for the region you want to establish an endpoint in.
- **Name**: Select the endpoint name from the table below for the region you want to establish an endpoint in.
- **Name**: Pick any endpoint name. The examples in this document use `"edge"`.
- **Network and subnet**: Select the network (VPC) to create the endpoint in. The endpoint will reserve a static IP address in the subnet. The VPC and subnet must be reachable by the applications you intend to connect to your PlanetScale databases from.
- **Create an IP Address**: Create a reserved IP address. This is the address your applications will use to access your PlanetScale databases. PlanetScale recommends using the `Endpoint Name` for the name of the reserved IP address for consistency, but you may use any name.
- **Enable Global Access**: PlanetScale recommends enabling this option. When enabled this allows applications in other regions to reach the PSC endpoint.
- **Create an IP Address**: Create a reserved IP address for the endpoint. This is the address your applications will use to access your PlanetScale databases.
- **Enable Global Access**: PlanetScale recommends enabling this option. When enabled, this allows applications in other regions of your VPC to reach the PSC endpoint.
- Finally, click **Add Endpoint** to start the process. Setup will take approximately 1-2 minutes.

![setup_endpoint_details](/assets/docs/multi/gcp/private-service-connect/connect_endpoint_details.png)

{% table %}

- GCP Region
- Endpoint Name
- Target Service
- Domain Name

---

- asia-northeast3
- gcp-asia-northeast3
- `projects/planetscale-production/regions/asia-northeast3/serviceAttachments/edge-gateway-gcp-asia-northeast3`
- gcp-asia-northeast3.private-connect.psdb.cloud

---

- northamerica-northeast1
- gcp-northamerica-northeast1
- `projects/planetscale-production/regions/northamerica-northeast1/serviceAttachments/edge-gateway-gcp-northamerica-northeast1`
- gcp-northamerica-northeast1.private-connect.psdb.cloud

---

- us-central1
- gcp-us-central1
- `projects/planetscale-production/regions/us-central1/serviceAttachments/edge-gateway-gcp-us-central1`
- gcp-us-central1.private-connect.psdb.cloud

---

- us-east4
- gcp-us-east4
- `projects/planetscale-production/regions/us-east4/serviceAttachments/edge-gateway-gcp-us-east4`
- gcp-us-east4.private-connect.psdb.cloud

{% /table %}

Expand All @@ -68,26 +68,30 @@ Below is a list of instructions to set up your VPC network to utilize a Private

GCP will automatically create a private Cloud DNS zone in the project where the PSC consumer endpoints are created.

The domain name used is `private-connect.psdb.cloud`. Your endpoints will be available via DNS records visible only within your VPC using the format:
The domain name depends on the region the consumer endpoint was created in. Refer to the table above. The format of the domain name will be:

- `<Endpoint-Name>.private-connect.psdb.cloud`
- `<Endpoint-Name>.<Domain-Name>`

1. Log into any VM instance in the configured VPC and run `dig +short <Endpoint-Name>.private-connect.psdb.cloud` to confirm that DNS resolution resolves to the static IP address reserved during endpoint creation.
For example, if you chose `edge` as the endpoint name in the `us-central1` region, the domain name for the endpoint would be:

- `edge.gcp-us-central1.private-connect.psdb.cloud`

1. Log into any VM instance in the configured VPC and run `dig +short <Endpoint-Name>.<Domain-Name>` to confirm that DNS resolution resolves to the static IP address reserved during endpoint creation.

```shell
$ dig +short gcp-us-central1.private-connect.psdb.cloud
$ dig +short edge.gcp-us-central1.private-connect.psdb.cloud
10.128.0.17
```

2. Run `curl https://<Endpoint-Name>.private-connect.psdb.cloud` to verify your connectivity. A successful response will yield `Welcome to PlanetScale`.
2. Run `curl https://<Endpoint-Name>.<Domain-Name>` to verify your connectivity. A successful response will yield `Welcome to PlanetScale`.

```shell
curl https://gcp-us-central1.private-connect.psdb.cloud
curl https://edge.gcp-us-central1.private-connect.psdb.cloud
Welcome to PlanetScale.
```

## Modifying your Connection Strings to utilize your Private Service Connect endpoint.

By default, PlanetScale provides users with a connection string that reads `<planetscale-region>.connect.psdb.cloud`.
By default, PlanetScale provides connection strings based on the `connect.psdb.cloud` domain name. To access your databases over the private endpoint change your connection string to match the `<Endpoint-Name>.<Domain-Name>` pattern.

To utilize your newly configured VPC endpoint, prepend `private-` to the `connect` subdomain as shown above, yielding a connection string that reads `<planetscale-region>.private-connect.psdb.cloud`.
For example, a connection string such as `gcp-us-central1.connect.psdb.cloud` would be changed to `edge.gcp-us-central1.private-connect.psdb.cloud` assuming `edge` was the Endpoint Name chosen during creation of the endpoint.
31 changes: 18 additions & 13 deletions docs/enterprise/managed/gcp/private-service-connect.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ If you are on a Scaler Pro plan and would like to set up GCP Private Service Con

## How PlanetScale Managed and GCP Private Service Connect work

Private Service Connect (PSC) lets a service producer offer services to a service consumer without the consumer being a member of the service producer's organization.
Private Service Connect (PSC) allows a service producer (PlanetScale) offer services to a service consumer without the consumer being a member of the service producer's organization.

The service producer is the Google Cloud project controlled by PlanetScale, and the service consumer is the project(s) where your applications operate. Your applications connect to a private IP you allocate in your project, which is routed to your PlanetScale databases in the project that PlanetScale controls.

Expand All @@ -42,15 +42,16 @@ If you use VPC Service Controls in your VPC, you must ensure that the policy all

Your Solutions Engineer will provide you the following information when the setup is complete:

- `Endpoint Name` (example: `izkpm55j334u-uscentral1`)
- `Target Service` (example: `projects/PROJECT/regions/REGION/serviceAttachments/SERVICE_NAME`)

You will use these values when configuring the Private Service Connect in your application projects.

If you have databases in multiple regions, each region will have a unique `Target Service`, and you will need to configure consumer endpoints for each region.

## Step 2: Establishing Private Service Connect

{% callout type="warning" %}
Only proceed to the next steps once a PlanetScale Solutions Engineer has provided the `Endpoint Name` and `Target Service`.
Only proceed to the next steps once a PlanetScale Solutions Engineer has provided the `Target Service`.
{% /callout %}

Refer to Google Cloud's [Access published services through endpoints](https://cloud.google.com/vpc/docs/configure-private-service-connect-services) document for more information on connecting to services via Private Service Connect. This document covers additional details not covered here, including the IAM roles required to perform the configuration process.
Expand All @@ -67,10 +68,10 @@ The following steps are an example of establishing a Private Service Connect end

- **Target**: Published Service.
- **Target Service**: Paste the `Target Service` attachment URI provided by your Solutions Engineer in step 1.
- **Name**: This is the `Endpoint Name` provided by your Solutions Engineer.
- **Name**: Pick any `Endpoint Name`. The examples in this document use `"edge"`.
- **Network and subnet**: Select the network (VPC) to create the endpoint in. The endpoint will reserve a static IP address in the subnet. The VPC and subnet must be reachable by the applications you intend to connect to your PlanetScale databases from.
- **Create an IP Address**: Create a reserved IP address. This is the address your applications will use to access your PlanetScale databases. PlanetScale recommends using the `Endpoint Name` for the name of the reserved IP address for consistency, but you may use any name.
- **Enable Global Access**: PlanetScale recommends enabling this option. When enabled this allows applications in other regions to reach the PSC endpoint.
- **Create an IP Address**: Create a reserved IP address. This is the address your applications will use to access your PlanetScale databases.
- **Enable Global Access**: PlanetScale recommends enabling this option. When enabled, this allows applications in other regions of your VPC to reach the PSC endpoint.

Finally, click **Add Endpoint** to start the process. Setup will take approximately 1-2 minutes.

Expand Down Expand Up @@ -104,22 +105,26 @@ Google maintains additional documentation covering DNS and Private Service Conne

Private Service Connect endpoints automatically create a private DNS records in the project where the PSC consumer endpoints are created that resolve to the endpoint's reserved IP.

The domain name used is `private-connect.psdb.cloud`. Your consumer endpoints will be available via DNS records visible only within your VPC using the format:
The domain name used varies by region. You can view the domain name by clicking on `Network Services > Cloud DNS`. If Google was able to set up automatic DNS, you will see a new private DNS zone labeled by `DNS Name`:

![cloud dns zone list](/assets/docs/managed/gcp/private-service-connect/cloud_dns.png)

Your consumer endpoints will be available via DNS records visible only within your VPC using the format:

- `<Endpoint-Name>.private-connect.psdb.cloud`
- `<Endpoint-Name>.<Domain-Name>`

If your endpoint was creatd with automatic DNS or your created your own DNS records manually you can verify resolution with `dig`, eg:
If your endpoint was creatd with automatic DNS or your created your own DNS records manually, you can verify resolution with `dig`. In this example, the endpoint was created with the name `edge` and the service's domain name was `izkpm55j334u-uscentral1.private-connect.psdb.cloud`:

```shell
$ dig +short izkpm55j334u-uscentral1.private-connect.psdb.cloud
$ dig +short edge.izkpm55j334u-uscentral1.private-connect.psdb.cloud
10.128.0.14
```

## Test Connectivity
## Test connectivity

Run `curl https://<Endpoint-Name>.private-connect.psdb.cloud` to verify your connectivity. A successful response will yield `Welcome to PlanetScale`.
Run `curl https://<Endpoint-Name>.<Domain-Name>` to verify your connectivity. A successful response will yield `Welcome to PlanetScale`.

```shell
curl https://izkpm55j334u-uscentral1.private-connect.psdb.cloud
curl https://edge.izkpm55j334u-uscentral1.private-connect.psdb.cloud
Welcome to PlanetScale.
```

0 comments on commit 6d4b52d

Please sign in to comment.