From e81cae61144615552e3b14113a9c7d429960b546 Mon Sep 17 00:00:00 2001 From: Thomas Gauvin Date: Mon, 23 Sep 2024 17:05:17 -0400 Subject: [PATCH] thomasgauvin: add notes for context and information, and beta label --- .../configuration/connect-to-private-database.mdx | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/content/docs/hyperdrive/configuration/connect-to-private-database.mdx b/src/content/docs/hyperdrive/configuration/connect-to-private-database.mdx index 4c70b5636207db..fe84b77e801b87 100644 --- a/src/content/docs/hyperdrive/configuration/connect-to-private-database.mdx +++ b/src/content/docs/hyperdrive/configuration/connect-to-private-database.mdx @@ -3,6 +3,8 @@ pcx_content_type: concept title: Connect to a private database using Tunnel sidebar: order: 4 + badge: + text: Beta --- import { TabItem, Tabs, Render } from "~/components"; @@ -41,6 +43,10 @@ Your tunnel must be configured to use a public hostname so that Hyperdrive can r 3. Select **Save tunnel**. +:::note +If you are setting up the tunnel through the CLI instead ([locally-managed tunnel](/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/)), you will have to complete these steps manually. Follow the Cloudflare Zero Trust documentation to [add a public hostname to your tunnel](/cloudflare-one/connections/connect-networks/routing-to-tunnel/dns/) and [configure the public hostname to route to the address of your database](/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/configuration-file/). +::: + ## 2. Create a service token The service token will be used to restrict requests to the tunnel, and is needed for the next step. @@ -104,6 +110,10 @@ This command will create a Hyperdrive configuration using the usual database inf In addition, it will also set the Access Client ID and the Access Client Secret of the Service Token. When Hyperdrive makes requests to the tunnel, requests will be intercepted by Access and validated using the credentials of the Service Token. +:::note +When creating the Hyperdrive configuration for the private database, you must enter the `access-client-id` and the `access-client-id`, and omit the `port`. Hyperdrive will route database messages to the public hostname of the tunnel, and the tunnel will rely on its service configuration (as configured in [1.2. Connect your database using a public hostname](#12-connect-your-database-using-a-public-hostname)) to route requests to the database within your private network. +::: + ## 5. Query your Hyperdrive configuration from a Worker (optional) To test your Hyperdrive configuration to the database using Tunnel and Access, use the Hyperdrive configuration ID in your Worker and deploy it.