Skip to content

SYSTEM Cited by 1 source

GCP Private Service Connect (PSC)

What it is

Private Service Connect (PSC) is Google Cloud's private- endpoint networking primitive — GCP's equivalent of AWS PrivateLink. PSC lets a service publisher expose a service via a VPC-internal endpoint (service attachment) that consumers reach from their own VPCs without traversing the public internet, with no NAT / no cross-VPC peering required.

Why it's on this wiki

PSC surfaces on this wiki in the 2025-06-20 Redpanda GCP-outage retrospective (sources/2025-06-20-redpanda-behind-the-scenes-redpanda-clouds-response-to-the-gcp-outage) as the one critical-path exception to Redpanda Cloud's absent-externalisation design tenet. Verbatim:

"There are no additional dependencies in the critical path other than the VPC, compute nodes, and their locally attached disks — with a footnote — Except when Private Service Connect (PSC) is enabled, in this case, the PSC becomes part of the critical path for reading and writing data to Redpanda."

The canonicalisation is narrow but sharp: PSC-as-a-Redpanda- critical-path-dependency is disclosed as an opt-in trade-off Redpanda customers make when they enable PSC for private connectivity from their client VPCs to Redpanda brokers. Customers who don't enable PSC have zero cloud-provider- network-layer critical-path dependencies on their data path; customers who do enable PSC depend on PSC's availability for reads and writes.

Trade-off shape

The property PSC customers gain: no public-internet exposure for client↔broker traffic, enabling data-residency and compliance postures that require all traffic stay within GCP's private network.

The property PSC customers give up: independence of the data path from PSC's availability. If GCP's PSC substrate itself has a regional outage, PSC-enabled customers experience that as a Redpanda data-path outage — the broker and its NVMe are healthy, but the client can't reach them.

This is canonically similar to AWS PrivateLink's trade-off for AWS customers in the same shape.

Relationship to Data Plane Atomicity

The existence of the PSC carve-out is notable on the wiki because it's the one case where Redpanda publicly acknowledges that the Data Plane Atomicity tenet — "no additional dependencies in the critical path" — has a customer-elected exception. The tenet is otherwise absolute (no external consensus, secret manager, database, offset recorder, metadata lookup); PSC is the boundary case where the customer's compliance requirements introduce a critical-path dependency that the absent-externalisation design alone would have eliminated.

Seen in

  • sources/2025-06-20-redpanda-behind-the-scenes-redpanda-clouds-response-to-the-gcp-outageCanonical wiki disclosure of PSC as the single opt-in critical-path dependency on Redpanda Cloud GCP clusters' data path. The disclosure is in an asterisk footnote to Redpanda's enumeration of SLA-supporting properties, but the framing is load-bearing: customers who require private-network client- to-broker connectivity accept PSC in the critical path and consequently take on PSC's availability as part of their own.
Last updated · 470 distilled / 1,213 read