GCP Private Service Connect

How to create a GCP PSC for your private services

Altinity.Cloud users can use Google Cloud’s Private Service Connect (PSC) to connect to a service in their GCP environment from their Altinity.Cloud environment. The PSC becomes a private connection between your existing GCP services and Altinity.Cloud without exposing the connection to the Internet.

The architecture of the connection looks like this:

Architecture of a PSC connection

Figure 1 - Architecture of a PSC connection

This is a specific example for a Bring Your Own Cloud (BYOC) environment, but the overall architecture is the same no matter how you’re running Altinity.Cloud.

On the left side of the diagram is your Altinity.Cloud account, running in Altinity’s GCP account. That’s where your environment with your ClickHouse® clusters are. On the right side of the diagram is your GCP account. The PSC connection gives your ClickHouse clusters secure access to the services in your GCP account.

To create the architecture in Figure 1, you’ll need to go through these steps:

  • Create a Private Service Connect in your GCP account
  • Contact Altinity support to configure the PSC

Creating a Private Service Connect in your GCP account

To get started, go to the list of GCP products and select Networking in the list of categories on the left. Select Network Services:

Opening Network Services

Figure 2 - Opening Network Services

Next, click Private Service Connect in the list on the left side of the page:

The Network Services menu

Figure 3 - The Network Services menu

You’ll be on the CONNECTED ENDPOINTS tab. Click CONNECT ENDPOINT in the Endpoints section:

Architecture of a PSC connection

Figure 4 - The CONNECT ENDPOINT link

You’ll see the Connect Endpoint dialog:

Connecting the endpoint

Figure 5 - Connecting the endpoint

Make the following choices:

  • Select Published service. You’re creating an endpoint to a service you’ve published already.
  • In the Target details field, enter a name in the pattern projects/[^/]+/regions/([^/]+)/serviceAttachments/([^/]+). In the example here we’re using the maddie project in region us-east1.
  • For the Endpoint details section, enter a name for your endpoint in the first field. Next, select a previously defined network and subnetwork. The network and subnetwork must be in the same region as your published service.
  • For the IP address field, select a previously defined static IP address or click the Create IP address link to create a new one.
  • Select Enable global access.

With those things defined, click the button to create the endpoint.

Contacting Altinity

Once you create and configure your endpoint, contact Altinity to finish the configuration. Altinity support will set up the DNS records needed to connect your Altinity.Cloud account and your Google PSC endpoint.

References

The Private Service Connect home page has lots of useful information, including a set of use cases and complete documentation.