# Hybrid connectivity to on-premise services through PSC The sample allows to connect to an on-prem service leveraging Private Service Connect (PSC). It creates: * A [producer](./psc-producer/README.md): a VPC exposing a PSC Service Attachment (SA), connecting to an internal regional TCP proxy load balancer, using a hybrid NEG backend that connects to an on-premises service (IP address + port) * A [consumer](./psc-consumer/README.md): a VPC with a PSC endpoint pointing to the PSC SA exposed by the producer. The endpoint is accessible by clients through a local IP address on the consumer VPC. ![High-level diagram](diagram.png "High-level diagram") ## Sample modules The blueprint makes use of the modules [psc-producer](psc-producer) and [psc-consumer](psc-consumer) contained in this folder. This is done so you can build on top of these building blocks, in order to support more complex scenarios. ## Prerequisites Before applying this Terraform - On-premises - Allow ingress from ** and ** CIDRs (for HCs) - Allow ingress from the proxy-only subnet CIDR - GCP - Advertise from GCP to on-prem ** and ** CIDRs - Advertise from GCP to on-prem the proxy-only subnet CIDRs ## Relevant Links * [Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect) * [Hybrid connectivity Network Endpoint Groups](https://cloud.google.com/load-balancing/docs/negs/hybrid-neg-concepts) * [Regional TCP Proxy with Hybrid NEGs](https://cloud.google.com/load-balancing/docs/tcp/set-up-int-tcp-proxy-hybrid) * [PSC approval](https://cloud.google.com/vpc/docs/configure-private-service-connect-producer#publish-service-explicit) ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [dest_ip_address](variables.tf#L37) | On-prem service destination IP address. | string | ✓ | | | [prefix](variables.tf#L17) | Prefix to use for resource names. | string | ✓ | | | [producer](variables.tf#L88) | Producer configuration. | object({…}) | ✓ | | | [project_id](variables.tf#L22) | When referncing existing projects, the id of the project where resources will be created. | string | ✓ | | | [region](variables.tf#L27) | Region where resources will be created. | string | ✓ | | | [subnet_consumer](variables.tf#L98) | Consumer subnet CIDR. | string # CIDR | ✓ | | | [zone](variables.tf#L32) | Zone where resources will be created. | string | ✓ | | | [dest_port](variables.tf#L42) | On-prem service destination port. | string | | "80" | | [project_create](variables.tf#L48) | Whether to automatically create a project. | bool | | false | | [vpc_config](variables.tf#L60) | VPC and subnet ids, in case existing VPCs are used. | object({…}) | | {…} | | [vpc_create](variables.tf#L54) | Whether to automatically create VPCs. | bool | | true |