By default, a database cluster only allows connections from within the user cluster and the same project. To allow connections from workloads in another project to all database clusters in your project:
Console
- Sign in to the GDC console with an account bound to the
project-networkpolicy-adminrole to create firewall rules. - From the main menu of the GDC console, choose Firewall.
- In the User created rules section, click Create.
- In Firewall rule details, create a name for your firewall rule.
- In the Direction of traffic dialog, choose INGRESS.
- In the Target dialog, choose Service and then select dbs.
- In the From dialog, choose Another project and select the project ID from which you would like to allow connectivity.
- Click Create.
- Wait for the Status column of the new rule to show Ready.
API
Create a ProjectNetworkPolicy resource to allow connections from a client
project.
apiVersion: networking.gdc.goog/v1
kind: ProjectNetworkPolicy
metadata:
name: dbs-allow-from-CLIENT_PROJECT
namespace: USER_PROJECT
spec:
subject:
managedServices:
matchTypes:
- dbs
subjectType: ManagedService
ingress:
- from:
- projects:
matchNames:
- CLIENT_PROJECT
policyType: Ingress
Replace the following:
CLIENT_PROJECT: the name of the project from which you would like to allow connectivity.USER_PROJECT: the name of the user project where the database cluster was created.