Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Secara default, cluster database hanya mengizinkan koneksi dari dalam
cluster pengguna dan project yang sama. Untuk mengizinkan koneksi dari workload di project lain ke semua cluster database di project Anda:
Konsol
Login ke konsol GDC dengan akun yang terikat ke peran
project-networkpolicy-admin untuk membuat aturan firewall.
Dari menu utama konsol GDC, pilih Firewall.
Di bagian Aturan buatan pengguna, klik Buat.
Di Detail aturan firewall, buat nama untuk aturan firewall Anda.
Pada dialog Direction of traffic, pilih INGRESS.
Dalam dialog Target, pilih Service, lalu pilih dbs.
Pada dialog Dari, pilih Project lain dan pilih
project ID yang koneksinya ingin Anda izinkan.
Klik Buat.
Tunggu hingga kolom Status aturan baru menampilkan Siap.
API
Buat resource ProjectNetworkPolicy untuk mengizinkan koneksi dari project klien.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[],[],null,["# Enable cross-project connections\n\nBy default, a database cluster only allows connections from within the\n[user cluster](/distributed-cloud/hosted/docs/latest/gdch/resources/resource-hierarchy#cluster) and the same project. To allow\nconnections from workloads in another project to all database clusters in your\nproject: \n\n### Console\n\n1. Sign in to the GDC console with an account bound to the `project-networkpolicy-admin` role to create firewall rules.\n2. From the main menu of the GDC console, choose **Firewall**.\n3. In the **User created rules** section, click **Create**.\n4. In **Firewall rule details**, create a name for your firewall rule.\n5. In the **Direction of traffic** dialog, choose **INGRESS**.\n6. In the **Target** dialog, choose **Service** and then select **dbs**.\n7. In the **From** dialog, choose **Another project** and select the project ID from which you would like to allow connectivity.\n8. Click **Create**.\n9. Wait for the **Status** column of the new rule to show **Ready**.\n\n### API\n\nCreate a `ProjectNetworkPolicy` resource to allow connections from a client\nproject. \n\n apiVersion: networking.gdc.goog/v1\n kind: ProjectNetworkPolicy\n metadata:\n name: dbs-allow-from-\u003cvar translate=\"no\"\u003eCLIENT_PROJECT\u003c/var\u003e\n namespace: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eUSER_PROJECT\u003c/span\u003e\u003c/var\u003e\n spec:\n subject:\n managedServices:\n matchTypes:\n - dbs\n subjectType: ManagedService\n ingress:\n - from:\n - projects:\n matchNames:\n - \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eCLIENT_PROJECT\u003c/span\u003e\u003c/var\u003e\n policyType: Ingress\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eCLIENT_PROJECT\u003c/var\u003e: the name of the project from which you would like to allow connectivity.\n- \u003cvar translate=\"no\"\u003eUSER_PROJECT\u003c/var\u003e: the name of the user project where the database cluster was created."]]