Create a VPC Network

Peer your cluster VPC with a VPC in GCP

YugabyteDB Managed supports virtual private cloud (VPC) networks on AWS and GCP.

Using YugabyteDB Managed, you can create a VPC on GCP, deploy clusters in the VPC, and peer the VPC with application VPCs hosted on GCP.

To create a VPC network on GCP, you need to complete the following tasks:

Task Notes
Create the VPC Reserves a range of private IP addresses for the network.
The status of the VPC is Active when done.
Deploy a cluster in the VPC This can be done at any time - you don't need to wait until the VPC is peered.
Create a peering connection Connects your VPC and the application VPC on the cloud provider network.
The status of the peering connection is Pending when done.
Complete the peering in GCP Confirms the connection between your VPC and the application VPC.
The status of the peering connection is Active when done.
Add the application VPC to the IP allow list Allows the peered application VPC to connect to the cluster.
Add at least one of the CIDR blocks associated with the peered application VPC to the IP allow list for your cluster.

With the exception of completing the peering in GCP, these tasks are performed in YugabyteDB Managed.

For information on VPC network peering in GCP, refer to VPC Network Peering overview in the Google VPC documentation.

Create a VPC

To avoid cross-region data transfer costs, deploy your VPC in the same region as the application VPC you are peering with.

What you need
The CIDR range for the application VPC with which you want to peer, as the addresses can't overlap.

Where to find it
Navigate to the GCP VPC networks page.

To create a VPC, do the following:

  1. On the Network Access page, select VPC Network, then VPCs.

  2. Click Create VPC to display the Create VPC sheet.

  3. Enter a name for the VPC.

  4. Choose the provider (GCP).

  5. Choose one of the following options:

    • Automated - VPCs are created globally and assigned to all regions supported by YugabyteDB Managed.
    • Custom - Select a region. Click Add Region to add additional regions. CIDR addresses in different regions cannot overlap. If the VPC is to be used for a multi-region cluster, add a region for each of the regions in the cluster.

  6. Specify the CIDR address.

    • For Automated, use network sizes of /16, /17, or /18.
    • For Custom, use network sizes of /24, /25, or /26.

    Ensure the address does not overlap with that of the application VPC.

  7. Click Save.

YugabyteDB Managed adds the VPC to the VPCs list with a status of Creating. If successful, after a minute or two, the status will change to Active.

The VPC's network name and project ID are automatically assigned. You'll need these details when configuring the peering in GCP.

Deploy a cluster in the VPC

You can deploy a cluster in the VPC any time after the VPC is created.

To deploy a cluster in a VPC:

  1. On the Clusters page, click Add Cluster.
  2. Choose Dedicated.
  3. Enter a name for the cluster, choose GCP, and click Next.
  4. For a Single-Region Deployment, choose the region where the VPC is deployed, and under Configure VPC, choose Deploy this cluster in a dedicated VPC, and select your VPC.

    For a Multi-Region Deployment, specify a VPC for each region.

For more information on creating clusters, refer to Create a cluster.

Create a peering connection

After creating a VPC in YugabyteDB Managed that uses GCP, you can peer it with a GCP application VPC.

What you need
The following details for the GCP application VPC you are peering with:

  • GCP project ID
  • VPC name
  • VPC CIDR address

Where to find it
Navigate to your GCP VPC networks page.

To create a peering connection, do the following:

  1. On the Network Access page, select VPC Network, then Peering Connections.
  2. Click Add Peering Connection to display the Create Peering sheet.
  3. Enter a name for the peering connection.
  4. Choose GCP.
  5. Choose the YugabyteDB Managed VPC. Only VPCs that use GCP are listed.
  6. Enter the GCP Project ID, application VPC network name, and, optionally, VPC CIDR address.
  7. Click Initiate Peering.

The peering connection is created with a status of Pending.

Complete the peering in GCP

To complete a Pending GCP peering connection, you need to sign in to GCP and create a peering connection.

What you need
The Project ID and VPC network name of the YugabyteDB Managed VPC you are peering with.

Where to find it
The VPC Details sheet on the VPCs page or the Peering Details sheet on the Peering Connections page.

In the Google Cloud Console, do the following:

  1. Under VPC network, select VPC network peering and click Create Peering Connection.

    VPC network peering in GCP

  2. Click Continue to display the Create peering connection details.

    Create peering connection in GCP

  3. Enter a name for the GCP peering connection.

  4. Select your VPC network name.

  5. Select In another project and enter the Project ID and VPC network name of the YugabyteDB Managed VPC you are peering with.

  6. Click Create.

When finished, the status of the peering connection in YugabyteDB Managed changes to Active if the connection is successful.

Add the application VPC to the cluster IP allow list

To enable the peered application VPC to connect to the cluster, you need to add the VPC to the cluster IP allow list.

What you need
The CIDR address for the GCP application VPC you are peering with.

Where to find it
Navigate to the GCP VPC networks page.

To add the application VPC to the cluster IP allow list:

  1. On the Clusters page, select the cluster you are peering, and click Add IP Allow List to display the Add IP Allow List sheet.

  2. Click Create New List and Add to Cluster.

  3. Enter a name and description for the list. For example, the name and details of your application VPC.

  4. Add at least one of the CIDR blocks associated with the peered application VPC.

  5. Click Save when done.

For more information on IP allow lists, refer to IP allow lists.