When we first released Hosted Dolt, every deployment that was created was reachable using the public internet. For some users, this was a non-starter. They needed to ensure that their database was only reachable from their own VPC. In July of last year we released support for private AWS deployments but GCP users were left out in the cold. Today we are happy to announce that we have added support for private GCP deployments using Private Service Connect.

Creating a Hosted Private Deployment on GCP

To begin we will need to collect either our existing GCP project IDs, or both the project IDs and the VPC network names that we want to be able to connect to our Dolt database. Once we have that we will go to https://hosted.doltdb.com and create a new deployment. We need to create a standard deployment as trial deployments are not supported on GCP.

After naming our standard Dolt deployment, we will need to select GCP on the next page and fill in where you want your deployment to be created, as well as what instance type you would like and how much storage you need. When selecting the zone to deploy to, it is recommended that you place the instance in the same zone as the VPC you will be connecting from.

Finally, on the Advanced page you will need to select "Private Deployment" and then fill in either the GCP "Allowed Project IDs" or the "Allowed VPCs" with the data you collected earlier.

Connecting to your Hosted Private Deployment

Now that you have created the deployment we will need to wait a few minutes for the cloud infrastructure to be created. Once our deployment is running we need to go to the deployment's page under the connectivity section and get the "Target Service" and the "Endpoint Name".

With these pieces of information you need to go to the GCP console and select your project. With your project selected click the search icon and type "Private Service Connect".

Once you are on the Private Service Connect page, click "Connect Endpoint".

Next Select "Published service" and then fill in the "Target Service" and "Endpoint Name" fields with the values from the Hosted Dolt deployment page of your private deployment. Once you have filled in these fields you will need to select the Network and Subnetwork you want to connect from. Then you will need to create a private internal IP address for the connection.

After creating the IP address you will create a namespace for the connection. This namespace will allow the appropriate DNS entries to be setup within your projects.

With the form filled in you can click "Add Endpoint" to create the connection.

After a few minutes the connection will be created and you can see the connection in the list of endpoints.

Connecting to the Database

Now that we have created our database, and setup our Private Service Connect connection we can connect to the database from an instance in the specified GCP project or VPC. If we ssh onto the box we can use a mysql compatible client to connect to the database using the host, username, and password displayed on the deployment's connectivity page.

Conclusion

Hosted Dolt now supports private deployments on GCP using Private Service Connect. This allows you to create a Dolt database that is only reachable from your VPC. If you have any questions or feedback please reach out to us on Discord.