DOC-1374 one PL per connected client VPC (#314)

micheleRP · web-flow · commit 94757b21dd59 · 2025-06-02T09:19:19.000-06:00
* DOC-1374 one PL per connected client VPC

* incorporate review feedback

* how to tell if PSC v1 (deprecated) or v2

* update deprecations page for PSC v1

* return content on maintenance.adoc
diff --git a/modules/manage/pages/maintenance.adoc b/modules/manage/pages/maintenance.adoc
@@ -130,5 +130,11 @@ All existing Serverless Standard clusters will be migrated to the new xref:get-s
 
 Retirement date: August 30, 2025
 
-| February 2025 | Private Service Connect v1 | The Redpanda xref:networking:gcp-private-service-connect.adoc[GCP Private Service Connect v2] service provides the ability to allow requests from Private Service Connect endpoints to stay within the same availability zone, avoiding additional networking costs. To upgrade, contact https://support.redpanda.com/hc/en-us/requests/new[Redpanda Support^].
+| February 2025 | Private Service Connect v1 | The Redpanda xref:networking:gcp-private-service-connect.adoc[GCP Private Service Connect v2] service provides the ability to allow requests from Private Service Connect endpoints to stay within the same availability zone, avoiding additional networking costs. 
+
+To check the version of your Private Service Connect attachment, run: 
+
+`gcloud compute service-attachments list --filter="region:( ${GCP_REGION} )"`
+
+The attachment name should show the suffix `psc2`; for example, `projects/my-gcp-project/regions/us-west1/serviceAttachments/rp-d0f0mqk5ktzznib2j9g-psc2`. If the name shows the suffix `psc`, then you have the deprecated version. To upgrade, contact https://support.redpanda.com/hc/en-us/requests/new[Redpanda Support^].
 |===
diff --git a/modules/networking/pages/aws-privatelink.adoc b/modules/networking/pages/aws-privatelink.adoc
@@ -11,8 +11,10 @@ Consider using the PrivateLink endpoint service if you have multiple VPCs and co
 
 [NOTE]
 ====
-* PrivateLink allows overlapping CIDR ranges in VPC networks.
-* PrivateLink does not limit the number of VPC connections. However, VPC peering is limited to 125 connections. See https://aws.amazon.com/privatelink/faqs/[How scalable is AWS PrivateLink?^]
+* Each client VPC can have one endpoint connected to the PrivateLink service.
+* PrivateLink allows overlapping xref:networking:cidr-ranges.adoc[CIDR ranges] in VPC networks.
+* The number of connections is limited only by your Redpanda usage tier. PrivateLink does not add extra connection limits. However, VPC peering is limited to 125 connections. See https://aws.amazon.com/privatelink/faqs/[How scalable is AWS PrivateLink?^]
+* You control which AWS principals are allowed to connect to the endpoint service.
 ====
 
 After <<get-a-cloud-api-access-token,getting an access token>>, you can <<create-new-cluster-with-privatelink-endpoint-service-enabled,enable PrivateLink when creating a new cluster>>, or you can <<enable-privatelink-endpoint-service-for-existing-clusters,enable PrivateLink for existing clusters>>.
diff --git a/modules/networking/pages/azure-private-link.adoc b/modules/networking/pages/azure-private-link.adoc
@@ -5,18 +5,17 @@ include::shared:partial$feature-flag.adoc[]
 
 The Redpanda Azure Private Link service provides secure access to Redpanda Cloud from your own virtual network. Traffic over Azure Private Link does not go through the public internet, but instead through Microsoft's backbone network. While clients can initiate connections against the Redpanda Cloud cluster endpoints, Redpanda Cloud services cannot access your virtual networks directly.
 
-Consider using Private Link if you have multiple virtual networks and require more secure network management.
+Consider using Private Link if you have multiple virtual networks and require more secure network management. To learn more, see the https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview[Azure documentation].
 
 [NOTE]
 ====
+* Each client VNet can have one endpoint connected to the Private Link service.
 * Private Link allows overlapping xref:networking:cidr-ranges.adoc[CIDR ranges] in virtual networks.
-* Private Link does not limit the number of connections.
+* The number of connections is limited only by your Redpanda usage tier. Private Link does not add extra connection limits. 
 ====
 
 After <<get-a-cloud-api-access-token,getting an access token>>, you can <<create-new-cluster-with-private-link-service-enabled,enable Private Link when creating a new cluster>>, or you can <<enable-private-link-service-for-existing-clusters,enable Private Link for existing clusters>>.
 
-To learn more about Azure Private Link, see the https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview[Azure documentation].
-
 == Requirements
 
 * Install xref:manage:rpk/rpk-install.adoc[`rpk`].
diff --git a/modules/networking/pages/configure-private-service-connect-in-cloud-ui.adoc b/modules/networking/pages/configure-private-service-connect-in-cloud-ui.adoc
@@ -6,22 +6,26 @@
 ====
 
 * This guide is for configuring GCP Private Service Connect using the Redpanda Cloud UI. To configure and manage Private Service on an existing public cluster, you must use the xref:networking:gcp-private-service-connect.adoc[Redpanda Cloud API].
-* The latest version of the Redpanda GCP Private Service Connect service (available March, 2025) supports AZ affinity. This allows requests from Private Service Connect endpoints to stay within the same availability zone, avoiding additional networking costs. To upgrade, contact https://support.redpanda.com/hc/en-us/requests/new[Redpanda Support^]. NOTE: The original GCP Private Service Connect service is deprecated and will be removed in a future release.
+* The latest version of Redpanda GCP Private Service Connect (available March, 2025) supports AZ affinity. This allows requests from Private Service Connect endpoints to stay within the same availability zone, avoiding additional networking costs. 
+* DEPRECATION: The original Redpanda GCP Private Service Connect is deprecated and will be removed in a future release. For more information, see xref:manage:maintenance.adoc#deprecated-features[Deprecated features].
 ==== 
 
 
-
 The Redpanda GCP Private Service Connect service provides secure access to Redpanda Cloud from your own VPC. Traffic over Private Service Connect does not go through the public internet because these connections are treated as their own private GCP service. While your VPC has access to the Redpanda VPC, Redpanda cannot access your VPC.
 
-Consider using the endpoint services if you have multiple VPCs and could benefit from a more simplified approach to network management:
+Consider using the endpoint services if you have multiple VPCs and could benefit from a more simplified approach to network management.
 
+[NOTE]
+====
+* Each client VPC can have one endpoint connected to Private Service Connect.
 * Private Service Connect allows overlapping xref:networking:cidr-ranges.adoc[CIDR ranges] in VPC networks.
-* Private Service Connect does not limit the number of connections using the service.
-* You control which GCP projects are allowed to connect to the service.
+* The number of connections is limited only by your Redpanda usage tier. Private Service Connect does not add extra connection limits. 
+* You control from which GCP projects connections are allowed.
+====
 
 == Requirements
 
-* Use the https://cloud.google.com/sdk/docs/install[gcloud^] command-line interface (CLI) to create the consumer-side resources, such as a client VPC and forwarding rule, or to modify existing resources to use the Private Service Connect service attachment created for your cluster.
+* Use the https://cloud.google.com/sdk/docs/install[gcloud^] command-line interface (CLI) to create the consumer-side resources, such as a client VPC and forwarding rule, or to modify existing resources to use the Private Service Connect attachment created for your cluster.
 * The client VPC must be in the same region as your Redpanda cluster.
 
 == Enable endpoint service for existing clusters
diff --git a/modules/networking/pages/configure-privatelink-in-cloud-ui.adoc b/modules/networking/pages/configure-privatelink-in-cloud-ui.adoc
@@ -6,11 +6,15 @@ NOTE: This guide is for configuring AWS PrivateLink using the Redpanda Cloud UI.
 
 The Redpanda AWS PrivateLink endpoint service provides secure access to Redpanda Cloud from your own VPC. Traffic over PrivateLink does not go through the public internet because these connections are treated as their own private AWS service. While your VPC has access to the Redpanda VPC, Redpanda cannot access your VPC.
 
-Consider using the endpoint service if you have multiple VPCs and could benefit from a more simplified approach to network management:
+Consider using the endpoint service if you have multiple VPCs and could benefit from a more simplified approach to network management.
 
+[NOTE]
+====
+* Each client VPC can have one endpoint connected to the PrivateLink service.
 * PrivateLink allows overlapping xref:networking:cidr-ranges.adoc[CIDR ranges] in VPC networks.
-* PrivateLink does not limit the number of connections that use the endpoint service.
+* The number of connections is limited only by your Redpanda usage tier. PrivateLink does not add extra connection limits. However, VPC peering is limited to 125 connections. See https://aws.amazon.com/privatelink/faqs/[How scalable is AWS PrivateLink?^]
 * You control which AWS principals are allowed to connect to the endpoint service.
+====
 
 == Requirements
 
diff --git a/modules/networking/pages/gcp-private-service-connect.adoc b/modules/networking/pages/gcp-private-service-connect.adoc
@@ -6,7 +6,8 @@
 ====
 
 * This guide is for configuring GCP Private Service Connect using the Redpanda Cloud API. To configure and manage Private Service Connect on an existing public cluster, you must use the Cloud API. See xref:networking:configure-private-service-connect-in-cloud-ui.adoc[Configure Private Service Connect in the Cloud UI] to set up the endpoint service using the Redpanda Cloud UI.
-* The latest version of the Redpanda GCP Private Service Connect service (available March, 2025) supports AZ affinity. This allows requests from Private Service Connect endpoints to stay within the same availability zone, avoiding additional networking costs. To upgrade, contact https://support.redpanda.com/hc/en-us/requests/new[Redpanda Support^]. NOTE: The original GCP Private Service Connect service is deprecated and will be removed in a future release.
+* The latest version of Redpanda GCP Private Service Connect (available March, 2025) supports AZ affinity. This allows requests from Private Service Connect endpoints to stay within the same availability zone, avoiding additional networking costs. 
+* DEPRECATION: The original Redpanda GCP Private Service Connect is deprecated and will be removed in a future release. For more information, see xref:manage:maintenance.adoc#deprecated-features[Deprecated features].
 ==== 
 
 The Redpanda GCP Private Service Connect service provides secure access to Redpanda Cloud from your own VPC. Traffic over Private Service Connect does not go through the public internet because a Private Service Connect connection is treated as its own private GCP service. While your VPC has access to the Redpanda VPC, Redpanda cannot access your VPC.
@@ -17,8 +18,9 @@ Consider using Private Service Connect if you have multiple VPCs and could benef
 
 [NOTE]
 ====
+* Each client VPC can have one endpoint connected to Private Service Connect.
 * Private Service Connect allows overlapping xref:networking:cidr-ranges.adoc[CIDR ranges] in VPC networks.
-* Private Service Connect does not limit the number of connections.
+* The number of connections is limited only by your Redpanda usage tier. Private Service Connect does not add extra connection limits. 
 * You control from which GCP projects connections are allowed.
 ====
 
@@ -27,7 +29,7 @@ After <<get-a-cloud-api-access-token,getting an access token>>, you can <<create
 == Requirements
 
 * In this guide, you use the xref:manage:api/cloud-api-overview.adoc[Redpanda Cloud API] to enable the Redpanda endpoint service for your clusters. Follow the steps on this page to <<get-a-cloud-api-access-token, get an access token>>.
-* Use the https://cloud.google.com/sdk/docs/install[gcloud^] command-line interface (CLI) to create the consumer-side resources, such as a VPC and forwarding rule, or to modify existing resources to use the Private Service Connect service attachment created for your cluster.
+* Use the https://cloud.google.com/sdk/docs/install[gcloud^] command-line interface (CLI) to create the consumer-side resources, such as a VPC and forwarding rule, or to modify existing resources to use the Private Service Connect attachment created for your cluster.
 
 == Get a Cloud API access token
 
@@ -279,7 +281,7 @@ Replace the following placeholder:
 +
 `<accept-list>`: a JSON list specifying the projects from which incoming connections will be accepted. All other sources. For example, `[{"source": "consumer-project-ID-1"},{"source": "consumer-project-ID-2"}]`.
 +
-Wait for the cluster to apply the new configuration (around 15 minutes). The Private Service Connect service attachment is available when the cluster update is complete. To monitor the service attachment creation, run the following `gcloud` command with the project ID:
+Wait for the cluster to apply the new configuration (around 15 minutes). The Private Service Connect attachment is available when the cluster update is complete. To monitor the service attachment creation, run the following `gcloud` command with the project ID:
 +
 [,bash]
 ----
