Creating a GCP VPC Peering Connection

There are 2 ways of creating a GCP VPC Peering connection:

  • Use the CLI (recommended)

  • Create a manual connection

To create a peering connection on a team cluster, you must have either an admin or developer role. See Managing Teams and Users.

Using the Hazelcast Cloud CLI

This option provides the easiest way of creating GCP VPC Peering with your Enterprise Hazelcast Cloud Cluster.

Set Up Your Environment

  1. Install Hazelcast Cloud CLI.

  2. Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path to your Google Cloud credentials file.

    You can check further details about Google Application Credentials in the Google Cloud documentation.

Creating a Peering Connection

  1. Create the peering connection.

    hzcloud gcp-peering create \
--cluster-id={YOUR_CLUSTER_ID} \
--project-id={YOUR_PROJECT_ID} \
--network-name={YOUR_VPC_NETWORK_NAME}

    Make sure to replace the following placeholders:

    • YOUR_CLUSTER_ID with the ID of your cluster.

      To get your cluster ID, use the hzcloud enterprise-cluster list command of the Hazelcast Cloud CLI.

    • YOUR_PROJECT_ID with the ID of your project which contains your network on Google Cloud.

      For details about Google Cloud projects, see the Google Cloud documentation.

    • YOUR_VPC_NETWORK_NAME with the Name of your VPC network on Google Cloud on your terminal.

      For details about Google Cloud VPC Networks, see the Google Cloud documentation.

      Use the CLI to create a new peering connection

  2. Check for active peerings from the VPC Network Peering tab after you select your VPC on Google Cloud Platform for your side of peering.

    Check your peering connection on GCP

    Do not overlap the CIDR of your Hazelcast Cloud Enterprise cluster and the CIDR of your VPC, otherwise the connection will fail.

Creating a Manual Connection

You can still create VPC peering without using Hazelcast Cloud CLI. But, you need to handle everything it does properly. This way is more difficult but more configurable.

In order to create VPC Peering, you need to do the following:

  1. Collect GCP Peering Properties for your Cluster with our API.

  2. Create a GCP Peering connection from your side to our side.

  3. Accept our side of the GCP Peering connection you already sent with API.

Collecting Properties

You need to collect GCP Peering properties for your Enterprise Hazelcast Cloud cluster on GCP in order to create your side of the VPC Peering connection. You can get these properties from Hazelcast Cloud Public API or Hazelcast Cloud SDK Go as the following command.

  • Hazelcast Cloud Public API

  • Hazelcast Cloud SDK

query {
  gcpPeeringProperties(clusterId: "{YOUR_CLUSTER_ID}") {
    projectId
    networkName
  }
}
client, _, _ := hazelcastcloud.New()
properties, _, _ := client.GcpPeering.GetProperties(context.Background(), &models.GetGcpPeeringPropertiesInput{
  ClusterId: "YOUR_CLUSTER_ID",
},
)
fmt.Println(properties.ProjectId)
fmt.Println(properties.NetworkName)

Creating a Peering Connection

After you successfully collect peering properties, you need to create a peering connection from your VPC to our VPC using values you collected from peering the properties previous step.

Learn how to create a VPC Peering Connection on Google Cloud in the Google Cloud documentation.

Accepting a Peering Connection

After you successfully create a VPC Peering to the Hazelcast Cloud Enterprise Cluster, you need to accept that from our side by using Hazelcast Cloud Public API or Hazelcast Cloud SDK Go as the following commands.

  • Hazelcast Cloud Public API

  • Hazelcast Cloud SDK

mutation {
  acceptGcpPeering(input: {
    clusterId: "YOUR_CLUSTER_ID",
    projectId: "YOUR_PROJECT_ID",
    networkName: "YOUR_NETWORK_NAME" }){
    status
  }
}
client, _, _ := hazelcastcloud.New()
result, _, _ := client.GcpPeering.Accept(context.Background(), &models.AcceptGcpPeeringInput{
  ClusterId:   "YOUR_CLUSTER_ID",
  ProjectId:   "YOUR_PROJECT_ID",
  NetworkName: "YOUR_NETWORK_NAME",
},
)
fmt.Println(result.Status)

Validating Peering Connections

After you see the status value as Accepted, you can check active peerings from the Peerings tab after you select your VPC on Google Cloud Platform for your side of peering.

The CIDR of your Hazelcast Cloud Enterprise Cluster and the CIDR of your VPC should not be overlapped. or you can not see peering in this list.

Listing Peering Connections

You can list Google Cloud Platform peerings on your Enterprise Hazelcast Cluster on GCP from Console by going Cluster Details > Settings > VPC Peerings one by one as shown below. You can check where the connection established by checking Project ID and Network Name on the list.

List all VPC peering connections

Also, you can easily use Hazelcast Cloud SDK, Hazelcast Cloud CLI for this.

  • Hazelcast Cloud CLI

  • Hazelcast Cloud SDK

hzcloud gcp-peering list --cluster-id={YOUR_CLUSTER_ID}
client, _, _ := hazelcastcloud.New()
peerings, _, _ := client.GcpPeering.List(context.Background(), &models.ListGcpPeeringsInput{
  ClusterId:   "YOUR_CLUSTER_ID",
},
)
for _,peer := range *peerings {
  fmt.Println(peer.Id)
  fmt.Println(peer.NetworkName)
  fmt.Println(peer.ProjectId)
}

Deleting Peering Connections

You can delete Google Cloud Platform peerings of your Enterprise Hazelcast Cluster on GCP from VPC Peerings list by easily clicking the cross on item

Click Delete to delete the VPC peering connection

Also, you can easily use Hazelcast Cloud SDK, Hazelcast Cloud CLI for this.

  • Hazelcast Cloud CLI

  • Hazelcast Cloud SDK

hzcloud gcp-peering delete --peeering-id={ID_OF_PEERING}
client, _, _ := hazelcastcloud.New()
result, _, _ := client.GcpPeering.Delete(context.Background(), &models.DeleteGcpPeeringInput{
  Id: "ID_OF_PEERING",
},
)
fmt.Println(result)