-
Notifications
You must be signed in to change notification settings - Fork 140
/
gcp-shared-vpc.html.md.erb
129 lines (78 loc) · 6.37 KB
/
gcp-shared-vpc.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
---
title: Configuring a Shared VPC on GCP
owner: Ops Manager
---
This topic describes the preparation steps required to configure and integrate a shared Virtual Private Cloud (VPC) on Google Cloud Platform (GCP) with <%= vars.platform_name %>.
GCP Shared VPC, formerly known as Google Cross-Project Networking (XPN), enables you to assign GCP resources to individual projects within an organization but allows communication and shared services between projects. For more information about shared VPCs, see [Shared VPC Overview](https://cloud.google.com/compute/docs/shared-vpc/) in the GCP documentation.
## <a id="prerequisites"></a> Prerequisites
To configure a shared VPC, you must assign your project to a Cloud Organization. Confirm that you have a Cloud Organization associated with your GCP account using one of these methods:
* **GCP Console:** From the [GCP console](https://console.cloud.google.com/), click the **Organization** dropdown at the top of the page to display all organizations you belong to.
* **gcloud Command Line Interface (CLI):** From the command line, run `gcloud organizations list` to display all organizations you belong to. To install the gcloud CLI, see [gcloud Overview](https://cloud.google.com/sdk/gcloud/) in the Google documentation.
For more information, see [Creating and Managing Organizations](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id) in the GCP documentation. If you do not have a Cloud Organization, contact GCP support.
## <a id="provision"></a> Step 1: Provision the Shared VPC
Follow the procedure in [Enabling a shared VPC host project](https://cloud.google.com/compute/docs/shared-vpc/provisioning-shared-vpc#enable-shared-vpc-host) in the GCP documentation. This procedure requires shared VPC admin permissions.
## <a id="network"></a> Step 2: Create a Shared VPC Network
Follow the procedures in [Preparing to Deploy <%= vars.ops_manager %> on GCP Manually](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/gcp/prepare-env-manual.html) to create a new network with firewall rules. Then follow the procedures in:
* [Step 3: Create a GCP Network with Subnet](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/gcp/prepare-env-manual.html#create_network)
* [Step 5: Create Firewall Rules for the Network](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/gcp/prepare-env-manual.html#firewall_rules)
## <a id="shared"></a> Step 3: Connect the Shared VPC to <%= vars.ops_manager %>
You can use the [GCP console](https://console.cloud.google.com/) or the gcloud CLI to connect the shared VPC host project with <%= vars.ops_manager %>.
For more information, see [VPC Network Peering](https://cloud.google.com/compute/docs/peering-networks) in the GCP documentation.
<p class="note warning"><strong>Warning:</strong> VPC Network Peering is currently in beta and intended for evaluation and test purposes only.</p>
### <a id="shared-gui"></a> Set Up VPC Network Peering with GCP Console
To set up VPC network peering with the GCP console:
1. From the GCP console, click **Networking**, then **VPC network peering**.
<%= image_tag("vpc-networks.png") %>
1. Click **Create Connection**.
1. Enter a name for the network connection from the <%= vars.ops_manager %> project to the new shared network, such as `opsmanager-to-xpn`.
<%= image_tag("om-to-vpc.png") %>
1. Click **Save**.
1. Click **Create Connection**.
1. Enter a name for the network connection from the new shared network to the <%= vars.ops_manager %> project, such as `xpn-to-opsmanager`.
<%= image_tag("vpc-to-om.png") %>
1. Click **Save**.
### <a id="shared-cli"></a> Set Up VPC Network Peering with gcloud CLI
To set up VPC network peering with the gcloud CLI:
1. Run:
```
gcloud config set project OPSMANAGER-PROJECT
```
Where `OPSMANAGER-PROJECT` is the name of the project that contains your <%= vars.ops_manager %> installation.
1. To create a connection from the <%= vars.ops_manager %> project to the new shared VPC project, run:
```
gcloud beta compute networks peerings create OPSMANAGER-TO-VPC \
--network OPSMANAGER-NETWORK \
--peer-project VPC-HOST-PROJECT \
--peer-network VPC-NETWORK \
--auto-create-routes
```
Where:
* `OPSMANAGER-TO-VPC` is a name you choose for the connection, such as `om-to-vpc`.
* `OPSMANAGER-NETWORK` is the name of the network assigned to the <%= vars.ops_manager %> project in GCP, such as `my-om-project`.
* `VPC-HOST-PROJECT` is the name you gave the shared VPC project in [Step 1: Provision the Shared VPC](#provision).
* `VPC-NETWORK` is the name of the network you gave the shared VPC project in [Step 2: Create Shared VPC Networks](#network).
1. Run:
```
gcloud config set project VPC-HOST-PROJECT
```
Where `VPC-HOST-PROJECT` is the new shared VPC project you created in [Step 1: Provision the Shared VPC](#provision).
1. To create a connection from the new shared VPC project to the <%= vars.ops_manager %> project, run:
```
gcloud beta compute networks peerings create VPC-TO-OPSMANAGER \
--network VPC-NETWORK \
--peer-project OPSMANAGER-PROJECT \
--peer-network OPSMANAGER-NETWORK \
--auto-create-routes
```
Where:
* `VPC-TO-OPSMANAGER` is a name you choose for the connection, such as `vpc-to-om`.
* `VPC-NETWORK` is the name of the network you gave the shared VPC project in [Step 2: Create Shared VPC Networks](#network).
* `OPSMANAGER-PROJECT` is the name of the project that contains your <%= vars.ops_manager %> installation.
* `OPSMANAGER-NETWORK` is the name of the network assigned to the <%= vars.ops_manager %> project in GCP.
## <a id="verify"></a> Step 4: Verify the Shared VPC Configuration
After configuring a shared VPC, use the following procedure to verify that the shared VPC host project VM appears in the <%= vars.ops_manager %> project.
1. From the GCP console, select the <%= vars.ops_manager %> project from the dropdown at the top of the page.
1. Click **Networking**, then **VPC networks**.
<%= image_tag("vpc-networks.png") %>
1. Confirm that the shared VPC network name appears in the **Subnets** list.
1. Confirm that the shared VPC network **IP address ranges** match what you set for the new VPC project in [Step 2: Create a Shared VPC Network](#network).