The Google Cloud Platform is the latest cloud service provider to onboard itself into Couchbase Server’s Fully Managed offering, Capella. As with any Cloud provider, it produces new opportunities for many of our customers to embark on the ‘hands free’ maintainability capabilities that Capella has to offer.
Along with new technology, comes a host of new challenges for the team to overcome. In similar fashion to the release of AWS on Capella, an important topic which comes up in almost every use case is Private Networking. This will allow for a more secure and more performant approach to communicating both too and from the Capella Cluster. As it stands, VPC Peering is the recommended approach for achieving this type of networking, with upcoming releases set to expand the tools at hand, providing other options.
The documentation on the Couchbase website should suffice to get you started. However, this walkthrough may provide a bit more granularity and explanation for the first-time user. To help the walkthrough, we will go from having neither the Couchbase Cluster, or GCP infrastructure already set up. Stepping through creating, connecting and testing the Private Network.
Creating a Couchbase Capella Cluster in GCP
Ideally, people would already have experience spinning up a Couchbase Capella database at this point. If not, head to cloud.couchbase.com and either sign up for a free trial or launch a new cluster with whichever specifications you need.
There are two essential aspects to bear in mind when creating your cluster:
- Firstly, the region where you deploy your cluster should match the GCP region you are using.
- Secondly, the CIDR Block of your deployed cluster MUST be different from the GCP VPC you wish to peer. Take note of the CIDR block before you click Deploy.
- If you already have a VPC created, then you can customise the Capella input to avoid crossover.
Creating a VPC in GCP
We will create a new VPC from scratch in this walkthrough; however, as stated above, your VPC may already exist. If so, then just ensure that it follows these guidelines.
Within your project, head over to the VPC Network > VPC Networks section of the Google Cloud management console and select Create VPC Network
VPC setting requirements for Couchbase Capella on GCP
- VPC requires a subnet in the same region as your Capella Cluster
- IPv4 range must be different from your Capella Cluster
- Enable firewall rules
- Allow-SSH (Optional, and used in this example walkthrough)
For an example deployment, you can see the screenshots below.
Creating a Virtual Machine in your VPC
Before choosing an appropriate VM instance, please review the recommended specifications and best practices for server configurations in the Couchbase documentation.
Head over to the Compute Engine > Virtual Machine Instances In the Google Cloud Console, select Create Instance. In this example we complete the following:
- Instance Name
- Region: Europe West 2 (London)
- Machine Type: E2-standard-4 (4 CPU, 16GB memory)
Then we need to customise the configuration for access into the machine and ensure its deployed within the VPC and subnet created previously.
- Select your Service Account
- Select both the VPC and Subnet
- Enable both http and https traffic
Test the connection to Couchbase Cluster (public)
We can check that we have initial public access to the cluster once the VM has been deployed. Later, we compare the IP address we receive from nslookup to see that private networking has been properly configured.
In Couchbase Capella, click on the created cluster and move to the Nodes tab. From here, copy one of the hostnames from the list of machines.
Move back to Google Cloud, then SSH into the VM, with whichever method you prefer. The built in SSH console is the easiest to find and simple to use.
Call nslookup on the hostname and it should return a public IP Address.
Create the peering connection
A lot of the previous steps were precursors to preparing private networking. In reality, most people will already have clusters and VM instances up and running. In that case, follow the steps from here on. However, it is worth checking your configuration against the previous steps to ensure that everything required is set up.
- Within the Couchbase Capella Cluster, go to the Connect tab and select Manage Private Networks > Setup Private Network
- Verify that both VPC Networking and Cloud DNS Services are enabled in Google Cloud
- Check both requirements and continue.
- Fill out the information for your peering connection
- A Name for the connection
- GCP Project ID = Name of your Google Cloud Project
- GCP Network Name = Name provided to your Virtual Network
- CIDR Block = IPv4 CIDR Block of your GCP VPC
- Service Account Email = GCP Service Account with below permissions
- DNS Admin
After clicking the Link button, Capella will configure itself to allow the creation of a peering request to your GCP VPC.
Google Cloud command line
Once the link has been made, select the private network which has just been created and you will be provided with two commands.
Both need to be executed using the GCloud command line tools.
Test the Connection to Couchbase Capella (Private)
At this point, VPC Peering is successfully set up between the Couchbase Cluster and your GCP VPC. To verify that your VM is now talking privately to the cluster, rerun the nslookup command on the same hostname we had executed in the public connection test.
The response should show us that we are communicating to the machine’s private IP address instead of the public one. This validates that DNS resolution is working correctly.
To further validate this, we can check the network connectivity between the application node and the Capella cluster using traceroute.
If the response is fast and successful, we can be assured that the routing is set up correctly as we touch the encrypted Port of Couchbase.
VPC Peering Complete!
Access the following resources to learn more about Couchbase Capella and how to get the help you need: