This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cannot Access Filestore from Service Project in Shared VPC

Posted on 01-27-2025 04:45 PM
atancoder
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM
I’m facing an issue with a Shared VPC setup on Google Cloud:

Setup:
- Shared VPC with a host project and a service project.
- Filestore instance is in the host project, created with Private Service Access.
- All subnets in the host project are shared with the service project.

Problem:
Nodes in the service project cannot access the Filestore. Routes from the service project to the Filestore are missing.

On the service project pod, `nc -zv 10.108.193.26 2049` hangs, while on a host project pod, it connects. `10.108.193.26` is the ipv4 of the filestore. On the service project pod, I'm able to ping pods in the host project, so I know the shared VPC is setup correctly, but perhaps it's due to the peering aspect of things (from Private Service Access)?

What I’ve Tried:
1. Granted roles/compute.networkUser on the shared subnet in the host project to service project accounts.
2. Created a filestore in the service project, but in the shared VPC. Same issue in that the service project nodes don't have access, but the host project does

I'm not sure if I'm missing a step or is this setup not designed to work? I saw a similar post saying it should work: https://www.googlecloudcommunity.com/gc/Infrastructure-Compute-Storage/Accessing-Filestore-in-host-p...
0 1 110
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
ChieKo
Staff
Reply posted on --/--/---- --:-- AM

Hi @atacoder,

Welcome to the Google Cloud community!

There might be a step missing with the Private Service Access configuration or network routes.

Here's a solution you can try based on Google Cloud Documentation.

  1. Verify Private Service Access Configuration: Make sure that Private Service Access is properly configured between the host and service project.
  2. Check Routes and Firewall Rules: it is possible that the routes required for accessing the Filestore are still missing. Make sure that the routes for accessing the Filestore’s IP range are present in the service project.
  3. Check IAM Roles and Permissions: Also ensure that the Filestore permissions are correctly set. Verify that the service project has the necessary permissions to access the Filestore instance in the host project.

If the steps above do not work, you can contact Google Cloud Support for a more in-depth analysis. When contacting them, please provide comprehensive details and include screenshots. This will help them better understand and address your issue.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

0 Likes
Top Labels in this Space
Top Solution Authors
View all