RFC 1918
VPC: one-company-vpc (10.0.0.0/16) 65,345
Subnet 1: web-frontend (10.0.1.0/24)256 -2 = 254
- Chứa các web servers
- 10.0.1.1: Load balancer
- 10.0.1.2-10.0.1.10: Web servers (8 IPs)
Subnet 2: db-subnet (10.0.2.0/24) 254 , vpn
- Chứa Cloud SQL
- 10.0.2.2: Cloud SQL primary
- 10.0.2.3: Cloud SQL replica
Tạo Cloud SQL với private IP qua GCP Console UI:
- Tạo Private Service Connection (nếu chưa có):
- Đi tới "VPC Network" > "VPC networks" > chọn "one-company-vpc"
- Tab "Private Service Connection" > "Allocate IP range":
- Name: google-managed-services-range
- IP range name: google-managed-services-range
- IP version: IPv4
- Prefix length: /16
- Click "Allocate"
- Tạo Cloud SQL instance:
- Search "Cloud SQL" > "Create Instance"
- Chọn PostgreSQL
- Instance info:
- Instance ID: primary-db
- Password: set strong password
- Database version: PostgreSQL 14
- Region: asia-southeast1
- Zonal availability: Single zone
- Customize instance:
- Machine configuration:
- Shared core: 2 vCPU, 4GB RAM
- Connections:
- Network: Chọn "Private IP"
- Network: one-company-vpc
- Allocated IP range: google-managed-services-range
- UNCHECK "Public IP" box
- Click "Create Instance"
- Tạo Firewall rules:
- VPC Network > Firewall > Create Firewall Rule
Rule 1: Deny all
- Name: deny-all-ingress
- Network: one-company-vpc
- Priority: 1000
- Direction: Ingress