Networking in Confluent Cloud for GCP¶
Follow this procedure to configure Confluent Cloud network peering for a cluster in GCP.
- A Dedicated Kafka cluster in GCP with VPC Peering enabled. The cluster must be provisioned in its own network and provide a CIDR for Confluent Cloud. For more information about how to create a dedicated cluster, see Create a Cluster in Confluent Cloud.
Navigate to the Cluster Settings page, click the Networking tab, and click Add Peering.
Provide the GCP Project ID, GCP Network Name, optionally select Import Custom Routes for your peering connection, and click Save. Your peering connection status will transition from “Pending” to “Inactive” in the Confluent Cloud UI.
- GCP Project ID
This is a unique identifier for your project. To find the unique identifier for your project, see the Google Cloud Platform dashboard.
- GCP Network Name
Specify the network name of the peer VPC. To find the network name, navigate to GCP Networking and see VPC Networks.
- Import Custom Routes
This is an optional parameter. Enable this option to import static and dynamic custom routes over the VPC peering connection. The custom routes have to be configured to be exported in the customer VPC.
When the connection status is “Inactive” in the Confluent Cloud UI, navigate to the GCP Networking select VPC network peering. Click CREATE CONNECTION to create a peering connection the Confluent Cloud.
In the Google Cloud Platform dashboard, fill out the form to initiate a peering connection to Confluent Cloud and click CREATE.
Specify a name for your peering connection.
- Your VPC network
Specify the name of your GCP VPC network.
- Peered VPC network
Select In another project.
- Project ID
Specify your Confluent Cloud Project ID. You can find this in the Confluent Cloud Networking tab for your cluster.
- VPC network name
Specify your Confluent Cloud VPC Name. You can find this in the Confluent Cloud Networking tab for your cluster.
When you are finished, the VPC peering status should display “Active” in the Confluent Cloud UI.
Import Custom Routes¶
The Import Custom Routes option enables connectivity to a Confluent Cloud cluster in GCP from customer premise or other clouds, such as AWS and Azure, through a customer VPC that is peered with Confluent Cloud in the same GCP region. This connectivity is enabled by importing static and dynamic custom routes from a customer VPC into a Confluent Cloud VPC over the VPC peering connection. The customer side VPC peering has to be configured to export custom routes.
Review the considerations mentioned by GCP in their VPC Peering documentation before enabling Import Custom Routes option.
Limitations for Import Custom Routes
- Enabling or disabling the Import Custom Routes option on an existing VPC
Peering connection is not supported.
- The Import Custom Routes option must be enabled when you set up the VPC peering connection.
- In order to enable Import Custom Routes option on an existing VPC peering connection, tear down the VPC peering connection and reestablish it with the Import Custom Routes option enabled. Allow 15 minutes between tearing down the VPC connection and reestablishing it to avoid getting an error message during recreation.
- In order to disable the Import Custom Routes option, tear down the VPC peering connection and reestablish it with the Import Custom Routes option disabled. Allow 15 minutes between tearing down the VPC connection and reestablishing it to avoid getting an error message during recreation. As an alternative, disable the Export Custom Route option in the customer VPC.
- Transitive routing to customer VPCs in same or different regions is not supported. The only exception is when cross-regional customer VPCs are interconnected using Cloud VPN. However, the customer VPC, which is peered with Confluent Cloud cluster, must be in the same region as Confluent Cloud cluster.
- Transitive routing to external networks connected through customer VPCs that require global access to be turned on for GCP Internal Load Balancing is not supported.
- Export Custom Routes support from Confluent Cloud cluster is not supported.
- Privately addressable public IP address (PUPI) are not supported with Import Custom Routes