Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

Connecting DAG to MSSQL Data base in another Project

We have Created a Public Cloud Composer Environment in Project1 and Written Some DAGs.
In One of the DAG we want to  connect to a MSSQL - Database . The Database Needs the Client Ip whitelisted before connecting .
Both the database and composer environment are in default networks of their respective projects.
We are able to connect another databases which are in the same project using dags.
What have we Tried

  • whitelisting the Public IP of the GKE did not work.
  •  whitelisting Ip range of the GKE pods did not work.
  • whitelisted the Ip of the default NAT connection also .

We are not able to understand how to Connect to the database. 

0 1 175
1 REPLY 1

To connect a Cloud Composer environment in Project1 to an MSSQL database that requires client IP whitelisting, you'll need a consistent outbound IP address for requests from Cloud Composer's GKE-based environment. Current configurations, such as whitelisting the GKE public IP, IP ranges for GKE pods, and the NAT IP, haven’t worked because they do not ensure the use of a specific outbound IP address.

  • Reserve a Static External IP Address: In Google Cloud Console, go to VPC Network > External IP addresses and reserve an IPv4 static IP in the same region as your Composer environment.

  • Create a Cloud NAT Gateway: Under VPC Network > NAT gateways, create a new Cloud NAT gateway for your VPC network and region. Attach the reserved static IP to this NAT configuration to serve as the outbound IP for traffic from the Composer environment.

  • Configure GKE to Use Cloud NAT: Ensure the GKE cluster in Composer is configured to route traffic through the NAT gateway. By default, outbound traffic should flow through Cloud NAT unless another gateway is configured. This setup allows you to control and standardize the egress IP for all traffic originating from Composer.

  • Whitelist the Static IP on the MSSQL Database: Once verified, add this IP to the MSSQL database’s firewall or whitelist settings.

To verify, deploy a test pod in your GKE cluster to confirm that outbound traffic uses the designated static IP by querying a service that returns the client IP (e.g., curl ifconfig.me). This approach ensures a reliable, static IP for Composer to connect to the MSSQL database securely.