By default, a database cluster only allows connections from within the user cluster and the same project. To allow connections from workloads in another project to all database clusters in your project:
Console
- Sign in to the GDC console with an account bound to the
project-networkpolicy-adminrole to create firewall rules. - From the main menu of the GDC console, choose Firewall.
- In the User created rules section, click Create.
- In Firewall rule details, create a name for your firewall rule.
- In the Direction of traffic dialog, choose INGRESS.
- In the Target dialog, choose Service and then select dbs.
- In the From dialog, choose Another project and select the project ID from which you would like to allow connectivity.
- Click Create.
- Wait for the Status column of the new rule to show Ready.
API
Create a ProjectNetworkPolicy resource to allow connections from a client project.
apiVersion: networking.gdc.goog/v1 kind: ProjectNetworkPolicy metadata: name: dbs-allow-from-CLIENT_PROJECT namespace: USER_PROJECT spec: subject: managedServices: matchTypes: - dbs subjectType: ManagedService ingress: - from: - projects: matchNames: - CLIENT_PROJECT policyType: Ingress Replace the following:
CLIENT_PROJECT: the name of the project from which you would like to allow connectivity.USER_PROJECT: the name of the user project where the database cluster was created.