To document the setup process for VPC peering accross different GCP project VPCs for demo purpose only.
Setup VPC peering accross two GCP projects
in this demo, will create two GCP projects, and setup VPC network peering to work as network bridge to make sure the vm in one of GCP project can access the MongoDB installed on VM of another GCP project.
preparation
Mongo backups
1> backup MongoDB
to use mongo shell command to backup data, samples as below
mongodump --host 127.0.0.1 --port 27017 --out /Users/jamie/Documents/work-benches/mongo/dump/20200907 --gzip --collection users --db test
2> install Google Cloud SDK in local
please refer to https://cloud.google.com/storage/docs/gsutil_install
output:
2020-09-07T11:20:57.540+0800 writing test.users to
2020-09-07T11:20:57.792+0800 done dumping test.users (10004 documents)
3> upload the backup file to Cloud Storage
gsutil cp -r ../20200907 gs://mongo-backup-repo
GCP resource creation
| Resource | GCP project | GCP network | GCP Subnet | Remark |
|---|---|---|---|---|
| test-vm-01 | test-project-01 | test-vpc-01 | asia-east1 | with Mongo server installed and init data use the backups from Cloud Storage |
| test-vm-02 | test-project-02 | test-vpc-02 | asia-east1 | with MongoShell installed |
Notes:
1.VPC network & subnet & firewall
create a custom mode VPC with one subnet
VPC
name: test-vpc-01
subnet mode: Custom subnets
routing mode: RegionalSubnet
name: asia-east1
region: asia-east1
ip ranges: 10.140.0.0/20
private google access: on
name: test-vpc-02
subnet mode: Custom subnets
routing mode: RegionalSubnet
name: asia-east1
region: asia-east2
ip ranges: 10.150.0.0/20
private google access: on
for custom mode VPC, no any default firewall rules would be created, you must create it by yourself.
2.Create VM instance on Google Compute Engine & restore the MongoDB data
please refer to https://docs.mongodb.com/manual/tutorial/install-mongodb-on-debian/ to install mongo on VM
gsutil cp -r gs://mongo-backup-repo/20200907 ./backup/
mongorestore --gzip --archive= ./backup/20200907/test/users.bson.gz --db test
Configure VPC Peering
Create VPC network peering
- vpc peering from test-vpc-01 to test-vpc-02
2.vpc peering from test-vpc-02 to test-vpc-01
Test connectivity
1> ping from both side, should be successfully from both side.
2> install MongoDB shell on test-vm-02 to verify the mongo connection works as expected.
refer to https://docs.mongodb.com/manual/tutorial/install-mongodb-on-debian/, only install the the mongo shell.
sudo apt-get install -y mongodb-org-shell=4.4.0
notes: regarding how to secure the MongoDB access, please find the reference on the bottom of this page.
Resrictions for VPC peering
No subnet IP range overlap across peered VPC networks
No subnet IP range can overlap with another subnet IP range in a peered VPC network.
Checks performed at VPC Network Peering setup
Checks performed at subnet creation in VPC Network Peering scenarios
Tags and service accounts are not usable across peered networks
Userful References:
https://cloud.google.com/vpc/docs/using-vpc-peering
https://ciphertrick.com/setup-mongodb-authentication-connect-using-mongoose/
「真诚赞赏,手留余香」
Jamie's Blog
真诚赞赏,手留余香
使用微信扫描二维码完成支付
