Create a VPC Peering Connection to Confluent Cloud on Google Cloud¶
Follow this procedure to create a VPC peering connection to a Confluent Cloud cluster on Google Cloud.
- A Dedicated Kafka cluster in Google Cloud with VPC Peering enabled. The cluster must be provisioned in its own network and provide a CIDR for Confluent Cloud. For more information about how to create a dedicated cluster, see Create a Cluster in Confluent Cloud.
In the Confluent Cloud Console, go to the Cluster Settings page, click the Networking tab, and then click Add Peering.
In the Add Peering page, enter the GCP Project ID, GCP Network Name, optionally select Import custom routes for your peering connection, and click Save. Your peering connection status will transition from “Pending” to “Inactive” in the Confluent Cloud Console.
- GCP Project ID
This is a unique identifier for your Google Cloud project. To find the unique identifier for your project, see the Google Cloud Console dashboard.
- GCP Network Name
Specify the network name of the VPC that you are peering to Confluent Cloud. To find the network name, go to the VPC Networks listing in VPC network in Google Cloud Console . .
- Import Custom Routes
This is an optional parameter. Enable this option to import static and dynamic custom routes over the VPC peering connection. The custom routes have to be configured to be exported in the customer VPC.
When the connection status is “Inactive” in the Confluent Cloud Console, go to VPC network in the Google Cloud Console and select VPC network peering. Click CREATE CONNECTION to create a peering connection the Confluent Cloud.
In the Google Cloud Console, complete the form to initiate a peering connection to Confluent Cloud and click CREATE.
Specify a name for your peering connection.
- Your VPC network
Specify the name of your Google Cloud VPC network.
- Peered VPC network
Select In another project.
- Project ID
Specify your Confluent Cloud Project ID. You can find this in the Confluent Cloud Networking tab for your cluster.
- VPC network name
Specify your Confluent Cloud VPC name. You can find this in the Confluent Cloud Console Networking tab for your cluster.
When you are finished, verify that the Status under VPC Peering connections is “Active”.
Import Custom Routes¶
The Import Custom Routes option enables connectivity to a Confluent Cloud cluster in Google Cloud from customer premise or other clouds, such as AWS and Azure, through a customer VPC that is peered with Confluent Cloud in the same region. This connectivity is enabled by importing static and dynamic custom routes from a customer VPC into a Confluent Cloud VPC over the VPC peering connection. The customer side VPC peering has to be configured to export custom routes.
Review the considerations mentioned by Google Cloud in their VPC Peering documentation before enabling Import Custom Routes option.
Limitations for Import Custom Routes
- Enabling or disabling the Import Custom Routes option on an existing VPC
Peering connection is not supported.
- The Import Custom Routes option must be enabled when you set up the VPC peering connection.
- In order to enable Import Custom Routes option on an existing VPC peering connection, tear down the VPC peering connection and reestablish it with the Import Custom Routes option enabled. Allow 15 minutes between tearing down the VPC connection and reestablishing it to avoid getting an error message during recreation.
- In order to disable the Import Custom Routes option, tear down the VPC peering connection and reestablish it with the Import Custom Routes option disabled. Allow 15 minutes between tearing down the VPC connection and reestablishing it to avoid getting an error message during recreation. As an alternative, disable the Export Custom Route option in the customer VPC.
- Transitive routing to customer VPCs in same or different regions is not supported. The only exception is when cross-regional customer VPCs are interconnected using Cloud VPN. However, the customer VPC, which is peered with Confluent Cloud cluster, must be in the same region as Confluent Cloud cluster.
- Transitive routing to external networks connected through customer VPCs that require global access to be turned on for Google Cloud Internal Load Balancing is not supported.
- Export Custom Routes support from Confluent Cloud cluster is not supported.
- Privately addressable public IP address (PUPI) are not supported with Import Custom Routes