I am trying to set up Serverless VPC access
Serverless VPC Access enables you to connect from your Cloud Functions directly to Compute Engine VM instances, Memorystore instances, Cloud SQL instances,
Sounds great. But the documentation is not super friendly to a beginner. Step 2 is to create a connector, about which I have a couple of questions:
In the Network field, select the VPC network to connect to.
My dropdown here contains only "Default". Is this normal? What should IO expect to see here?
In the IP range field, enter an unused CIDR /28 IP range. Addresses in this range are used as source addresses for traffic sent through the connector. This IP range must not overlap with any existing IP address reservations in your VPC network.
I don't know what to do here. I tried using the information in the linked document to first) enter an IP from the region I had selected, and, second) enter an IP from outside that region. Both resulted in connectors that were created with the error. "Connector is in a bad state, manual deletion is recommended
"
The documentation continues with a couple of troubleshooting steps if the creation fails:
Specify an IP range that does not overlap with any existing IP address reservations in the VPC network.
I don't know what this means. Maybe like, if I have other connectors I should be sure the IP range for the new one doesn't overlap with those. That's just a guess, but anyway I have none.
Grant your project permission to use Compute Engine VM images from the project with ID serverless-vpc-access-images. See Setting image access constraints for information on how to update your organization policy accordingly.
This leads me to another document about updating my organization's "Image Policy". This one has me so out of my depth, I don't even think I should be here.
This has all started with just wanting to connect to a SQL Server instance from Firebase. Creating the VPC connector seems like a good step, but I've just fallen at every hurdle. Can a cloud-dweller please help me with a few of these points of confusion?
Serverless VPC Access is based on a resource called a connector. A connector handles traffic between your serverless environment and your VPC network. When you create a connector in your Google Cloud project, you attach it to a specific VPC network and region.
No. Default VPCs are attached to the Internet and all instances launched in default subnets in the default VPC automatically receive public IP addresses. You can add a VPN connection to your default VPC if you choose.
Within a project, a subnet cannot have the same name as a VPC network unless it is a member of that network. Within a project, subnets in the same region must have unique names.
I think you've resolved the issue but I will write an answer to summarize all the steps for future reference.
1. Create a Serverless VPC Access
I think the best reference is to follow the steps in this doc. In step 7, it says the following:
In the IP range field, enter an unreserved CIDR /28 IP range.
The IP you can use is for example 10.8.0.0/28 or even 10.64.0.0/28 with the condition it is not in use for any other network. You can check which IPs are in use going to VPC Network > VPC networks. In the Network field you will have the "default" option so it's okay.
This can take some minutes, so in the meantime you can create your SQL Server/MySQL/PostgreSQL instance.
2. Creating a CloudSQL instance
Create your desired instance (MySQL/PostgreSQL/SQL Server). In your case it will be a SQL Server instance. Also check these steps to configure the Private IP for your instance at creation time or if you have created an instance you can check this. Take note of the Private IP as you will use it later.
3. Create a Cloud function
Before creating your Cloud Function, you have to grant permission to the CF service account to use the VPC. Please follow these steps.
Then follow these steps to configure the connector of your function to use the VPC. In step 5 it says the following:
In the VPC connector field, enter the fully-qualified name of your connector in the following format:
projects/PROJECT_ID/locations/REGION/connectors/CONNECTOR_NAME
It is not necessary to add your VPC with this format. There is already a list where you can choose your VPC. Finally deploy your function.
I wrote a little function to test the connection. I would prefer to use Python but it needs more system dependencies than NodeJS.
index.js:
var express = require('express');
var app = express();
var sql = require("mssql");
exports.helloWorld = (req, res) => {
var config = {
user: 'sqlserver',
password: 'password',
server: 'Your.SQL.Priavte.IP',
database: 'dbname'
};
// connect to your database
sql.connect(config, function (err) {
if (err) console.log(err);
// create Request object
var request = new sql.Request();
// query to the database and get the records
request.query('select * from a_table', function (err, recordset) {
if (err) console.log(err)
// send records as a response
res.send(recordset);
});
});
};
package.json:
{
"name": "sample-http",
"version": "0.0.1",
"dependencies": {
"express": "4.17.1",
"mssql": "6.0.1"
}
}
And that's all! :D
It's important to mention that this procedure is more about connecting Cloud Functions to SQL Server as there is already an easier way to connect CF to PostgreSQL and MySQL.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With