VPC Peering with Private Service Connect (PSC)

art_rrecaj · 08-28-2024 05:34 AM

I want to further understand how routing from peered projects to PSC works.

So I have setup a PSC in a network, and I can successfully connect to that PSC endpoint (which is created as a Frontend forwarding rule by default) from the same network.

When I try to connect to that PSC endpoint from another network which is PEERED with the PSC endpoint network (without importing/exporting custom routes), I cannot establish a connection and my request times out.

I tried to enable ingress to the PSC endpoint IP from the peered network as a firewall rule, but it doesn't change anything.

Would I have to create custom routes to enable this connection, or am I missing some other detail?

art_rrecaj

Upon further research, this seems to be impossible:
https://cloud.google.com/vpc/docs/about-accessing-vpc-hosted-services-endpoints

Henrygt

Yes, there are limitations with VPC peering. In my case, I attempted to connect from a GCP project running Composer v3 or a VM instance to a remote Cloud SQL Private Service Connect (PSC) instance in another GCP project. Instead of using VPC peering, I used DNS peering and Cloud VPN with static routing, and it worked for me.

You can find more details here: Peering Zones Documentation.

Additionally, here's an example from my setup that might help others:
Cloud VPN Static Routing Example