Confluent Cloud Network on Google Cloud¶

Each Confluent Cloud network is a virtual network that is provisioned in your Confluent Cloud Google Cloud account.

You can create multiple Dedicated Kafka clusters within each Confluent Cloud network.

For details on default service quotas, see Network service quotas.

Prerequisites¶

Before you create a Confluent Cloud network, you need the following information.

Name your Confluent Cloud network¶

The name you choose is used to identify your network in the Confluent Cloud Console and when using the Confluent CLI. Choose a meaningful name, but consider including the connection type in the name (for example, My-GCP-CCN-1).

Select Region and Availability Zones¶

Dedicated clusters you create in your Confluent Cloud network inherit the selected Region and Availability Zones.

Select CIDR blocks¶

Select /16 CIDR blocks for your Confluent Cloud network on Google Cloud.

Review the following requirements for CIDR block selections:

The CIDR block must be in one of the following private networks, as mentioned in RFC 1918.
- 10.0.0.0/8
- 100.64.0.0/10
- 172.16.0.0/12
- 192.168.0.0/16
- 198.18.0.0/15
The CIDR block cannot be the following:
- 172.17.0.0/16
Due to routing conflicts with Confluent services, CIDRs for your VPC cannot overlap with the above CIDR block. More specifically, you cannot peer the Confluent Cloud network with your VPC using the above CIDR.
Additional notes when selecting your CIDR block:
- The RFC 6598 shared address space is supported on Google Cloud.
- Must be a /16 CIDR block.
- Cannot be modified after the Confluent Cloud network is provisioned.
- Must not overlap with an existing Confluent Cloud network CIDR block.

Create a Confluent Cloud network on Google Cloud¶

To create a Confluent Cloud network, follow the procedure below for either the Confluent Cloud Console, the Confluent REST API, or Confluent CLI.

In the Confluent Cloud Console, go to the Network management page for your environment.
Click Create your first network if this is the first network in your environment, or click + Add Network if your environment has existing networks.
Select Google Cloud Platform as the Cloud Provider and the desired geographic region.
Select the connectivity type: VPC Peering or Private Service Connect. Depending on the option selected, different Zone Placement options and CIDR for Confluent Cloud Network fields will appear.
- VPC Peering: Cluster is accessible using the VPC peering endpoint.
- Private Service Connect: Cluster is accessible using Private Service Connect.
Complete the steps for the connectivity type you selected and then click Continue.

Important

After provisioning your new Confluent Cloud network, you cannot change your selected Availability Zone (AZ) IDs or CIDR block size. Make sure to deploy a network based on your zonal requirements.
1. Under Zone Placement, select three zones for your network.
  
  Depending on the availability of supported zones, you might only have three zones to select.
1. Under Zone Placement, select three zones for your network.
  
  Depending on the availability of supported zones, you might only have three zones to select.
2. Under DNS configuration, select the DNS resolution method.
  
  Select Private DNS Resolution to resolve the private DNS name of the Confluent Cloud cluster to the private IP address of the cluster.
  
  If Private DNS Resolution is not selected, the private DNS name of the Confluent Cloud cluster requires public DNS Resolution to resolve the private IP address of the cluster.
  
  Before you select a DNS resolution option, review the details about DNS resolution in Google Cloud Private Service Connect in DNS resolution options.
Under Create Network, specify the Network Name, review your configuration, and click Create Network.

Here is an example REST API request:

HTTP POST request

POST https://api.confluent.cloud/networking/v1/networks

Authentication

See Authentication.

Request specification

Your REST request specification (spec) should include the following:

display_name (optional) A meaningful name for your Confluent Cloud network.
environment
- id – The identifier (ID) of your Confluent Cloud environment.
cloud – cloud service provider (GCP)
region – The Region where the network is located.
connection_types Use PEERING (for VPC Peering) or PRIVATELINK (for Private Service Connect).
zones – An array listing the three selected Availability Zone IDs in the same Region.
cidr – The CIDR block.
dns_config - Set resolution to PRIVATE or CHASED_PRIVATE. The default value is CHASED_PRIVATE.
- When resolution is CHASED_PRIVATE, clusters in this network require both public and private DNS to resolve cluster endpoints.
- When resolution is PRIVATE, clusters in this network only require private DNS to resolve cluster endpoints.
Before you select a DNS resolution option, review the details about DNS resolution in Google Cloud Private Service Connect in DNS resolution options.

Examples

{
   "spec": {
       "display_name": "GCP-PL-CCN-1",
       "cloud": "GCP",
       "region": "us-west-1",
       "connection_types": [
           "PRIVATELINK"
       ],
      "zones": [
        "usw2-az1",
        "usw2-az2",
        "usw2-az3"
      ],
      "dns_config": {
          "resolution": "PRIVATE"
      },
      "environment":{
          "id":"env-abc123"
      }
  }
}

Use the confluent network create Confluent CLI command to create a Confluent Cloud network:

confluent network create <network-name> <flags>

The following command-specific flags are supported:

--cloud: Required. Set to gcp.
--region: Required. Cloud region ID for this network.
--connection-types: Required. The network acces type. Specify one of privatelink, peering, or transitgateway.
--cidr: A /16 IPv4 CIDR block. Required for networks of connection type peering and transitgateway.
--zones: A comma-separated list of availability zones for this network.
--zone-info: A comma-separated list of zone=cidr pairs or CIDR blocks. Each CIDR must be a /27 IPv4 CIDR block.
--dns-resolution: Specify the DNS resolution as private or chased-private. The default value is chased-private.
- When resolution is chased-private, clusters in this network require both public and private DNS to resolve cluster endpoints.
- When resolution is private, clusters in this network only require private DNS to resolve cluster endpoints.
Before you select a DNS resolution option, review the details about DNS resolution in Azure PrivateLink in DNS resolution options.

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --context and --environment.

The following are example Confluent CLI commands:

confluent network create my_gcp_peering --cloud gcp \
  --region us-central1 \
  --connection-types peering \
  --zones us-central1-a,us-central1-b,us-central1-c \
  --cidr 10.1.0.0/16

confluent network create my_gcp_pl --cloud gcp \
  --region us-central1 \
  --connection-types privatelink \
  --zones us-central1-a,us-central1-b,us-central1-c \
  --dns-resolution private

Typically, it takes up to 15-20 minutes to create a Confluent Cloud network. Note the Confluent Cloud network ID from the response to specify it in the following commands.

Next steps¶

After successfully provisioning the Confluent Cloud network on Google Cloud, you can add Dedicated Kafka clusters within your Confluent Cloud network by using the following options:

Confluent Cloud Console: Manage Kafka Clusters on Confluent Cloud
Cluster Management API: Create Kafka clusters