u/gatorboi326

I’m currently dealing with a somewhat complex setup and need guidance on the correct approach.

I’ve migrated my database from Google Cloud SQL to a PostgreSQL instance running inside a Docker container on a Compute Engine VM.

My application is hosted on a separate Compute Engine VM.

Additionally, my infrastructure is provisioned using Terraform, and the VM running the PostgreSQL container:

- Does not have a public IP

- Uses Cloud NAT for outbound internet access

Now I need to connect my application (running on another VM) to this PostgreSQL database.

I’m unsure about the correct setup for:

- Network configuration between the two VMs (private VPC communication)

- Which host/IP should be used (internal vs external)

- How to correctly construct the DATABASE_URL

- Firewall rules and port exposure (e.g., PostgreSQL on 5432)

- Any edge cases or best practices (security, private networking, IAM, latency, etc.)

What is the recommended way to securely and reliably connect my app VM to the PostgreSQL container running on another private VM within the same GCP environment?

https://github.com/SridharRG/ansible-kvm-rollouts

This repo is Ansible that builds a KVM lab on Ubuntu: libvirt NAT network, four Ubuntu cloud VMs with cloud-init static IPs and SSH keys, then Docker Swarm (one manager, three workers). There's a second, optional playbook for sample Swarm workloads...overlay network, nginx replicas, the old visualizer, WordPress + MySQL. you'll need ed25519 keys and sudo for paths under /var/lib/libvirt.

It’s GPLv3 basically a homelab speedrun so you're not stuck in virt-manager forever. Netplan NIC names (enp0s3 vs ens3) are the usual boss fight. Not for production, just learning and broken labs. Run playbooks/site.yml, use --ask-become-pass if sudo asks for a password.