Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support user tags, a different project for the network (shared VPC), and removing external IPs #156

Closed

Conversation

@bpodgursky
Copy link
Contributor

commented Oct 16, 2018

This may be niche, but was necessary for our setup. We're spinning up VMs in a shared VPC (https://cloud.google.com/vpc/docs/shared-vpc), so we needed to specify a subnetwork from a different project from the created compute resources.

We also want to tag provisioned instances with labels, for automatic application of firewall rules (mostly to expose UIs).

Disabling external IPs is good security practice. This will initially break director spin-up since it installs centos packages, but is fixed by setting up Cloud NAT over the subnet to enable egress.

This is working for us, but I haven't aggressively tested it with different combinations of defaults/custom values.

@bpodgursky bpodgursky force-pushed the bpodgursky:support_user_tags_network_project branch from 28d5846 to d32cff6 Oct 31, 2018

@bpodgursky bpodgursky changed the title Support user tags and a different project for the network (shared VPC) Support user tags, a different project for the network (shared VPC), and removing external IPs Oct 31, 2018

bpodgursky added some commits Feb 11, 2019

@bpodgursky bpodgursky force-pushed the bpodgursky:support_user_tags_network_project branch from b2f4f41 to 45e4d7d Feb 11, 2019

@bhavanki

This comment has been minimized.

Copy link
Contributor

commented Jul 19, 2019

This work was updated and merged under PR #161 , with credit to @bpodgursky preserved. Thank you!

@bhavanki bhavanki closed this Jul 19, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.