Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GCP: Add link to the PSC process #3294

Merged
merged 5 commits into from
Jan 22, 2025
Merged

GCP: Add link to the PSC process #3294

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
815113d
GCP: Add link to the PSC process
xaf Jan 15, 2025
ea1e33e
update GCP PSC documentation
xaf Jan 15, 2025
f2ac884
Merge branch 'main' into xaf/add_link_to_gcp_psc
xaf Jan 15, 2025
c69424b
Merge branch 'main' into xaf/add_link_to_gcp_psc
xaf Jan 15, 2025
e850be8
Merge branch 'main' into xaf/add_link_to_gcp_psc
MasonEgger Jan 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 18 additions & 6 deletions docs/evaluate/temporal-cloud/gcp-private-service-connect.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,34 @@ keywords:
- security
- temporal cloud
- gcp
- google cloud
tags:
- security
- temporal-cloud
- gcp
- google cloud
- private service connect
- private-connectivity
---

#### GCP Private Service Connect
#### Google Cloud Private Service Connect

[GCP Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect) allows you to open a path to Temporal without opening a public egress.
[Google Cloud Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect) allows you to open a path to Temporal without opening a public egress.
It establishes a private connection between your Google Virtual Private Cloud (VPC) and Temporal Cloud.
This one-way connection means Temporal cannot establish a connection back to your service.
This is useful if normally you block traffic egress as part of your security protocols.
If you use a private environment that does not allow external connectivity, you will remain isolated.

:::note

If you are interested in leveraging Google Cloud Private Service Connect in your Namespaces, [create a support ticket](/cloud/support#support-ticket) that includes the following information:

- Google Cloud Region: The Region in which your connection will go through.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't require the region, because the consumer must create the endpoint within the same region as the producer (e.g. temporal cloud namespace region). To enable cross-region connectivity within their VPC, they can enable Global Access on their consumer endpoint if they have the GLOBAL routing mode configured on their VPC.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right, and AWS now has a global option too which we should add to the documentation on the AWS side. That being said, as mentioned in the GCP call, I think for now it's better to keep asking the same information no matter for which cloud as it standardizes things across. Once we get to self-service with PCv3 we won't need any of those informations anymore and can clean things up!!

- Google Cloud Project Id: The project that you will establish the private connection from, so it can be allowed on the Temporal side.
- Temporal Cloud Namespace names: The name of the Namespaces you want to enable Google Cloud Private Service Connect with.

:::

Set up Private Service Connect with Temporal Cloud with these steps:

1. Open the Google Cloud console
Expand All @@ -44,10 +56,10 @@ Set up Private Service Connect with Temporal Cloud with these steps:

- For **Target service**, fill in the **Service name** with the Private Service Connect Service Name for the region you’re trying to connect to:

| Region | Private Service Connect Service Name |
| ---------------------- | ------------------------------------------------------------------------------- |
| `us-central1` | `projects/PROJECT/regions/us-central1/serviceAttachments/temporal-api` |
| `australia-southeast1` | `projects/PROJECT/regions/australia-southeast1/serviceAttachments/temporal-api` |
| Region | Private Service Connect Service Name |
| ---------------------- | ----------------------------------------------------------------------------------------- |
| `asia-south1` | `projects/prod-d5spc2sfeshws33bg33vwdef7/regions/asia-south1/serviceAttachments/pl-7w7tw` |
MasonEgger marked this conversation as resolved.
Show resolved Hide resolved
| `us-west1 ` | `projects/prod-rbe76zxxzydz4cbdz2xt5b59q/regions/us-west1/serviceAttachments/pl-94w0x` |

- For **Endpoint name**, enter a unique identifier to use for this endpoint. It could be for instance `temporal-api` or `temporal-api-<namespace>` if you want a different endpoint per namespace.
- For **Network** and **Subnetwork**, choose the network and subnetwork where you want to publish your endpoint.
Expand Down
1 change: 1 addition & 0 deletions docs/evaluate/temporal-cloud/security.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ Temporal Cloud supports private connectivity to enable you to connects to Tempor
You can find more details per cloud:

- [AWS PrivateLink](aws-privatelink.mdx)
- [Google Cloud Private Service Connect](gcp-private-service-connect.mdx)

### Temporal Nexus

Expand Down
Loading