This page describes how to configure a PostgreSQL instance to use private IP. For information about how private IP works, including environment and management requirements, see Private IP.
Before you begin
Before configuring a Cloud SQL instance to use private IP, you must have the following items in place:
-
A subnet in a VPC network that includes the GCP resources that you will use to connect to your Cloud SQL instances.
These resources could be Compute Engine instances (VMs) or Google Kubernetes Engine instances. The subnet must be in the same region as your Cloud SQL instances.
-
An allocated IP address range.
Using private services access to connect to Cloud SQL requires that you allocate a range of IP addresses from your VPC network for use by Cloud SQL. If you want to control which addresses are allocated, you can allocate the IP address range manually. Otherwise, you can let Cloud SQL allocate the range for you.
-
The Service Networking API enabled for your project.
The Service Networking API is used to establish private services access.
Configuring an instance to use private IP at creation time
You can configure a Cloud SQL instance to use private IP when you create the instance. After you create the instance, you cannot remove private IP capability from the instance.
-
In the Creation wizard, under Configuration Options, expand the Set Connectivity section.
-
Select the Private IP checkbox.
A drop down list is displayed listing the available networks. If your project has a host project (using Shared VPC), the network can be in either your project or its host project.
-
Select the network where the resources you want to connect from are located.
-
If you previously established a private connection between this network and the Cloud SQL service, you are done; proceed with choosing instance settings and creating the instance.
-
If no allocated IP range exists for this network:
-
To let Cloud SQL allocate the range for you and create the private connection, click Allocate and connect. You are done; proceed with choosing instance settings and creating the instance.
-
Otherwise, allocate an IP range manually and return to this task.
-
-
If one or more allocated IP ranges exist for your network, and you haven’t yet selected the range you want to use to connect to the Cloud SQL service, select the range and click Connect. Proceed with choosing instance settings and creating the instance.
Configuring an existing instance to use private IP
You can configure an existing Cloud SQL instance to use private IP. After you configure an instance to use private IP, you cannot remove private IP capability from that instance.
- Go to the Cloud SQL Instances page in the Google Cloud Platform Console.
Go to the Cloud SQL Instances page - Click the instance name to open its Overview page.
-
Select the Connections tab.
-
Select the Private IP checkbox.
A drop down list is displayed listing the available networks. If your project has a host project (using Shared VPC), the network can be in either your project or its host project.
-
Select the network where the resources you want to connect from are located.
-
If you previously established a private connection between this network and the Cloud SQL service, you are done; proceed with choosing instance settings and creating the instance.
-
If no allocated IP range exists for this network:
-
To let Cloud SQL allocate the range for you and create the private connection, click Allocate and connect. You are done; proceed with choosing instance settings and creating the instance.
-
Otherwise, allocate an IP range manually and return to this task.
-
-
If one or more allocated IP ranges exist for your network, and you haven’t yet selected the range you want to use to connect to the Cloud SQL service, select the range and click Connect. Proceed with choosing instance settings and creating the instance.
