Connect to SingleStore Helios Workspaces from Private Networks/Services via Google Private Service Connect

For inbound connections, you will receive a Service Attachment from SingleStore. You'll also need to provide your Google PSC project name to SingleStore, so that SingleStore can whitelist the project name from where you are trying to connect to the workspace.

To set up inbound connections to SingleStore Helios using private networks/services via Google Private Service Connect, perform the following tasks:

  1. Contact SingleStore Customer Support (see Support FAQ), and provide the following information:

    • Workspace ID. SingleStore can only process the connection request when your workspace is in the Active state.

    • Your Google Private Service Connect project name

    • Region details

    • In the support ticket, specify that the request is for inbound connection

    SingleStore will send you the Service Attachment.

  2. On the Google Cloud console, under Private Service Connect, select a project in the region you want to connect to the Service Attachment sent by SingleStore.

  3. Create a Private Service Connect endpoint and use the Service Attachment from step 1. SingleStore will then accept the request into the service to complete the connection.

    Note

    You need to create separate private endpoints for both DML and DDL endpoints of your workspace.

    Your workspace and Private Service Connect endpoint must be in the same region.

    Note

    SingleStore Helios does not support Certificate Authority (CA) verification for inbound connections. For information on connecting to SingleStore Helios using SSL, refer to Connect to SingleStore Helios using TLS/SSL.

Last modified: February 28, 2024

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined
  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined
  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
    cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
    --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
    --bundle undefined \
    --new-bundle-format -
    Verified OK