GCP Setup
This guide walks you through preparing your GCP environment for EZ-CDC deployment.
Overview
EZ-CDC workers run in your GCP project and need:
- A GCP Project with required APIs enabled
- A VPC network with a subnetwork
- Network access to your source and sink databases
GCP Project Setup
Enable Required APIs
EZ-CDC requires the following APIs enabled in your project:
gcloud services enable \
compute.googleapis.com \
logging.googleapis.com \
monitoring.googleapis.com \
--project=YOUR_PROJECT_ID
| API | Purpose |
|---|---|
| Compute Engine | Worker instances (MIG, instance templates) |
| Cloud Logging | Worker and daemon log collection |
| Cloud Monitoring | Custom metrics and health checks |
Verify APIs
gcloud services list --enabled --project=YOUR_PROJECT_ID \
--filter="name:(compute.googleapis.com OR logging.googleapis.com OR monitoring.googleapis.com)"
VPC Configuration
Standard Mode
For standard connectivity, workers get ephemeral external IPs for internet access.
# VPC network
resource "google_compute_network" "main" {
name = "my-vpc"
auto_create_subnetworks = false
}
# Subnetwork in the target region
resource "google_compute_subnetwork" "workers" {
name = "ezcdc-workers"
ip_cidr_range = "10.0.1.0/24"
region = "us-central1"
network = google_compute_network.main.id
}
Cloud NAT Mode
For Cloud NAT mode, the subnetwork does not need external IPs — Cloud NAT handles all outbound traffic. Cloud NAT resources are created automatically by EZ-CDC during deployment.
# Same VPC and subnetwork setup -- Cloud NAT is added automatically
resource "google_compute_subnetwork" "workers" {
name = "ezcdc-workers"
ip_cidr_range = "10.0.1.0/24"
region = "us-central1"
network = google_compute_network.main.id
# No external IPs needed -- Cloud NAT handles egress
}
Network Access to Databases
Workers must be able to reach your databases from the subnetwork. Ensure firewall rules allow outbound traffic to:
| Database | Port | Protocol |
|---|---|---|
| PostgreSQL (source) | 5432 | TCP |
| StarRocks MySQL (sink) | 9030 | TCP |
| StarRocks HTTP (sink) | 8040 | TCP |
If your databases are in the same VPC, ensure internal firewall rules allow traffic. If they are in a different VPC or external, ensure appropriate routing and firewall rules exist.
Verification
Check APIs
gcloud services list --enabled --project=YOUR_PROJECT_ID | grep -E "compute|logging|monitoring"
Check VPC and Subnetwork
# List VPC networks
gcloud compute networks list --project=YOUR_PROJECT_ID
# List subnetworks in region
gcloud compute networks subnets list \
--network=YOUR_VPC_NAME \
--regions=us-central1 \
--project=YOUR_PROJECT_ID
Test Database Connectivity
From a test VM in the same subnetwork:
# PostgreSQL
nc -zv your-postgres-host 5432
# StarRocks
nc -zv your-starrocks-host 9030
nc -zv your-starrocks-host 8040
Next Steps
With GCP configured:
- Service Account & IAM - Understand permissions
- Create Deployment - Launch workers