Skip to content
This repository has been archived by the owner on Nov 12, 2024. It is now read-only.

Commit

Permalink
docs: upstream
Browse files Browse the repository at this point in the history 
planetscale/www@d080bd3
  • Loading branch information
@planetscale-actions-bot
planetscale-actions-bot committed May 13, 2024
1 parent d49b766 commit d65cb94
Show file tree
Hide file tree
Showing 4 changed files with 99 additions and 5 deletions.
1 change: 1 addition & 0 deletions docs/concepts/deployment-options.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ Multi-tenancy is the default deployment option. When you sign up for a PlanetSca
- No configuration requirements on your end
- BAAs available for HIPAA compliance
- [Private connection support](/docs/concepts/private-connections) via AWS PrivateLink
- [Private connection support](/docs/concepts/private-connections-gcp) via GCP Private Service Connect

## Single-tenancy deployment on PlanetScale

Expand Down
93 changes: 93 additions & 0 deletions docs/concepts/private-connections-gcp.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
---
title: 'Connecting to PlanetScale privately on GCP'
subtitle: 'How to connect to PlanetScale privately on GCP via Private Service Connect.'
date: '2024-05-13'
---

## Connecting to PlanetScale privately via GCP Private Service Connect

When your compliance mandates that your connections do not route through the public Internet, PlanetScale provides private connection endpoints to GCP regions via [GCP Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect). Private connections are included on Scaler Pro plans. There is no additional charge on PlanetScale's end, but this may impact your GCP bill.

Below is a list of instructions to set up your VPC network to utilize a Private Service Connect endpoint when communicating with PlanetScale databases.

## Establishing a Private Service Connect Endpoint

1. Identify the GCP region that your VPC lives in, which we will refer to as `<gcp-region>` for the rest of this document.

2. In the GCP console, go to ["Network Service > Private Service Connect"](<(https://console.cloud.google.com/net-services/psc)>) page, select the "**Connected endpoints**" tab, and select the "**+ Connect endpoint**" button.

3. Add a Private Service Connect Endpoint with the following details:

- **Target**: Published Service.
- **Target Service**: Select the target service from the table below for the region you want to establish an endpoint in.
- **Name**: Select the endpoint name from the table below for the region you want to establish an endpoint in.
- **Network and subnet**: Select the network (VPC) to create the endpoint in. The endpoint will reserve a static IP address in the subnet. The VPC and subnet must be reachable by the applications you intend to connect to your PlanetScale databases from.
- **Create an IP Address**: Create a reserved IP address. This is the address your applications will use to access your PlanetScale databases. PlanetScale recommends using the `Endpoint Name` for the name of the reserved IP address for consistency, but you may use any name.
- **Enable Global Access**: PlanetScale recommends enabling this option. When enabled this allows applications in other regions to reach the PSC endpoint.
- Finally, click **Add Endpoint** to start the process. Setup will take approximately 1-2 minutes.

![setup_endpoint_details](/assets/docs/multi/gcp/private-service-connect/connect_endpoint_details.png)

{% table %}

- GCP Region
- Endpoint Name
- Target Service

---

- asia-northeast3
- gcp-asia-northeast3
- `projects/planetscale-production/regions/asia-northeast3/serviceAttachments/edge-gateway-gcp-asia-northeast3`

---

- northamerica-northeast1
- gcp-northamerica-northeast1
- `projects/planetscale-production/regions/northamerica-northeast1/serviceAttachments/edge-gateway-gcp-northamerica-northeast1`

---

- us-central1
- gcp-us-central1
- `projects/planetscale-production/regions/us-central1/serviceAttachments/edge-gateway-gcp-us-central1`

---

- us-east4
- gcp-us-east4
- `projects/planetscale-production/regions/us-east4/serviceAttachments/edge-gateway-gcp-us-east4`

{% /table %}

4. The endpoint creation process will take a minute or two. When finished, select the endpoint and verify the status is **Accepted**:

![Showing endpoint status as "Accepted"](/assets/docs/multi/gcp/private-service-connect/endpoint_status.png)

## Verifying the connectivity of your Private Service Connect endpoint

GCP will automatically create a private Cloud DNS zone in the project where the PSC consumer endpoints are created.

The domain name used is `private-connect.psdb.cloud`. Your endpoints will be available via DNS records visible only within your VPC using the format:

- `<Endpoint-Name>.private-connect.psdb.cloud`

1. Log into any VM instance in the configured VPC and run `dig +short <Endpoint-Name>.private-connect.psdb.cloud` to confirm that DNS resolution resolves to the static IP address reserved during endpoint creation.

```shell
$ dig +short gcp-us-central1.private-connect.psdb.cloud
10.128.0.17
```

2. Run `curl https://<Endpoint-Name>.private-connect.psdb.cloud` to verify your connectivity. A successful response will yield `Welcome to PlanetScale`.

```shell
curl https://gcp-us-central1.private-connect.psdb.cloud
Welcome to PlanetScale.
```

## Modifying your Connection Strings to utilize your Private Service Connect endpoint.

By default, PlanetScale provides users with a connection string that reads `<planetscale-region>.connect.psdb.cloud`.

To utilize your newly configured VPC endpoint, prepend `private-` to the `connect` subdomain as shown above, yielding a connection string that reads `<planetscale-region>.private-connect.psdb.cloud`.
4 changes: 2 additions & 2 deletions docs/enterprise/managed/gcp/private-service-connect.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
title: 'Set up GCP Private Service Connect with PlanetScale Managed'
subtitle: 'Learn how to set up GCP Private Service Connect to establish private database connectivity with PlanetScale Managed.'
label: 'Managed'
date: '2023-11-08'
date: '2024-05-13'
---

## Overview

PlanetScale Managed can connect you to your databases via [GCP Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect). The following guide describes how PlanetScale Managed with GCP Private Service Connect works and how to set it up.

{% callout type="note" %}
GCP Private Service Connect is only available on single-tenancy PlanetScale deployment options, including PlanetScale Managed. It is **not available on Scaler Pro plans, or other [multi-tenancy deployments](/docs/concepts/deployment-options)**. If you are interested in [PlanetScale Managed](/docs/enterprise/managed/overview), please [contact us](/contact).
If you are on a Scaler Pro plan and would like to set up GCP Private Service Connect endpoint, see our [Private connections documentation](/docs/concepts/private-connections-gcp).
{% /callout %}

## How PlanetScale Managed and GCP Private Service Connect work
Expand Down
6 changes: 3 additions & 3 deletions docs/navigation/standard.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,10 @@
slug: '/docs/concepts/connection-strings'
- label: 'Network latency'
slug: '/docs/concepts/network-latency'
- label: 'Private connections'
- label: 'Private connections - AWS'
slug: '/docs/concepts/private-connections'
- label: 'Private connections - GCP'
slug: '/docs/concepts/private-connections-gcp'
- label: 'Querying PlanetScale'
items:
- label: 'Web console'
Expand Down Expand Up @@ -246,8 +248,6 @@
items:
- label: 'Connection strings'
slug: '/docs/concepts/connection-strings'
- label: 'Private connections'
slug: '/docs/concepts/private-connections'
- label: 'Secure connections'
slug: '/docs/concepts/secure-connections'
- label: 'Password roles'
Expand Down

0 comments on commit d65cb94

Please sign in to comment.