Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cube.dev/llms.txt

Use this file to discover all available pages before exploring further.

This page covers backend connectivity — Cube reaching into your network to query data sources, auth providers, BI APIs targeted by Semantic Layer Sync, and other upstream services. See Backend and frontend connectivity for the full picture. For frontend connectivity (exposing Cube’s APIs to your applications, browsers, BI tools, and embedded analytics clients), see Private API Connectivity on AWS; the equivalent pattern is available on GCP on request.
VPC Peering requires Cube to be hosted on Dedicated Infrastructure. Let the Cube team know which Cube Region should host your Dedicated Infrastructure. Cube will provision the Dedicated VPC and provide the following information you can use to create the peering request:
  • GCP Project ID: cube-cloud-dedicated (the project Cube uses to host Dedicated VPCs).
  • VPC Network Name: shared with you by the Cube team once the Dedicated VPC is provisioned.

Setup

Creating the peering connection

After receiving the information above, create a VPC peering request, either through the GCP Web Console or an infrastructure-as-code tool. To send a VPC peering request through the Google Cloud Console, follow the instructions here, with the following amendments:
  • In Step 6, use the project ID cube-cloud-dedicated and the network name provided by Cube.
  • In Step 7, ensure Import custom routes and Export custom routes are selected so that the necessary routes are created.

Firewall and routing

Once the peering is established, configure your VPC firewall rules to allow inbound TCP traffic from Cube’s VPC CIDR block to your data source on the database port. Cube’s VPC CIDR is shared with you alongside the peering request and is also visible in the GCP Console on the VPC network<your VPC>VPC network peering<Cube peering> page as the Peer VPC network subnet ranges. If your data source is in a different project or subnet that transits a firewall or Cloud NAT, add a matching allow rule for Cube’s CIDR there as well.

Cloud SQL

Google Cloud SQL databases can only be peered to a VPC within the same GCP project. If you need Cube to reach a Cloud SQL instance, prefer Private Service Connect (Cloud SQL supports PSC natively), or alternatively provision a small VM in your GCP project running the Cloud SQL Auth Proxy.

Supported Regions

VPC Peering is available in all GCP commercial regions where Dedicated Infrastructure can be provisioned. GCP regions in mainland China (serviced by partner providers) are not supported.