Egress Private Service Connect Endpoint Setup: Elasticsearch on Google Cloud for Confluent Cloud

This topic presents the steps for configuring the Elasticsearch Sink V2 connector in Confluent Cloud using Egress Private Service Connect on Google Cloud.

Prerequisites

The following is a list of prerequisites for configuring the Elasticsearch Sink V2 connector with an Egress Private Service endpoint:

  • In Confluent Cloud, one of the following cluster types is set up with the specified network resource:

  • An Elasticsearch Cloud deployment is running in Google Cloud within the same region and cloud as the Confluent Cloud network resource.

  • Confluent Cloud network (Dedicated or Serverless Egress Gateway) setup within same region and cloud as Elasticsearch.

Step 1. Obtain Service attachment URI and Private zone DNS name from Elasticsearch

  1. Consult the Elastic documentation to capture the following values for your region:

    • Service attachment URI: Use this as the PrivateLink service name in Confluent Cloud.

    • Private zone DNS name: Use this as the Domain when creating the DNS record in Confluent Cloud.

Step 3. Create a DNS record

  1. When the PrivateLink endpoint status transitions to Ready, in the DNS tab, click Create record on the associated PrivateLink endpoint.

    ../../_images/cc-elasticsearch-v2-gcp-create-dns-record.png

  2. Specify the following, and click Save.

    ../../_images/cc-elasticsearch-v2-gcp-dns-record-setup.png

  1. In the Network Management tab of your environment, click the For serverless products tab, and click the Confluent Cloud gateway.

  2. In the DNS tab, click Create DNS record.

  3. Specify the following field values:

  4. Click Save.

Step 4. Add Private Endpoint within Elasticsearch Deployment

  1. In the Confluent Cloud console, click the Egress connections tab and copy the Endpoint connection ID.

    ../../_images/cc-elasticsearch-v2-gcp-eap-endpoint-id.png

  2. Log in to the Elastic Cloud Console.

  3. From any deployment or project on the home page, select Manage.

  4. From the left navigation menu, select Access and security > Network security.

  5. Click the Create dropdown and select Private connection.

  6. Specify the following field values to create the policy:

    • Resource Type: Select hosted deployments.

    • Cloud provider and region: Select the cloud provider and region for the private connection, matching your Confluent Cloud cluster and network region.

    • Connectivity: Select Privatelink.

    • VPC Filter: Enter the Endpoint connection ID retrieved in the previous step.

    • Apply to resources: Under Apply to resources, associate the new private connection policy to your deployment. If you specified a VPC filter, then after you associate the filter with a deployment, it starts filtering traffic.

  7. Click Create.

To create a new private connection policy in the Elastic Cloud Console, you can also follow Elasticsearch documentation.

Step 5. Create the Elasticsearch Sink V2 connector

  1. While creating the connector, use the following URL structure for the Connection URI on the authentication page. This URL uses the endpoint information from your Elastic deployment and your registered private hosted zone domain name. For more information, see the Elasticsearch GCP Private Service Connect documentation.

    https://{{alias}}.{{product}}.{{private_hosted_zone_domain_name}}

    For example:

    https://my-deployment-d53192.es.psc.asia-southeast1.gcp.elastic-cloud.com

    Note

    • You can use either 443 or 9243 as a port.

    • You can also connect to the cluster using the Elasticsearch cluster ID, for example, https://6b111580caaa4a9e84b18ec7c600155e.psc.asia-southeast1.gcp.elastic-cloud.com

  2. See the Elasticsearch Sink V2 connector documentation for the steps to create the sink connector in Confluent Cloud.