Virtual Private Cloud
Virtual Private Cloud (VPC) is the virtual instance of the network within Google Cloud that provides connectivity for compute and other resources. Unlike AWS, VPC is global in Google cloud so any compute resources created irrespective of the region or Availability Zone (AZ) can be part of the same VPC can communicate among themselves by default. The subnets are regional resources and so cannot span across different regions. Each region can be assigned with one or more subnet from within the VPC.
In this article, we will discuss about 4 different ways of creating a VPC in Google Cloud as below:
- Google Cloud Console
- gcloud CLI
- Terraform
Google Cloud Console
Below is a quick one-minute video showing the steps to create the VPC.
This section explains the use of the Google Cloud console to create a new VPC using the below simple steps:
- Go to console.cloud.google.com/networking to create a new VPC network. It could be noted that for each project, a default VPC will be created with subnets assigned for each, and this “default” VPC can be deleted by the admin to avoid creating any confusion.
- Use the CREATE VPC NETWORK button to create a new VPC for this project. It takes the user to the VPC creation page.
- Configure a unique name for the VPC and set the MTU value based on the requirement.
- Select the relevant subnet creation mode.
- Custom will let the user manually create the subnets on a per-region basis.
- Automatic will assign subnets for all the regions automatically.
- Configure the relevant firewall rules that the user would like to apply to the VPC. Any instances connected/using this VPC will be assigned to these firewall rules.
- Select the relevant Dynamic routing mode based on the requirement which influences how the prefixes/routes learned from external networks using Cloud router will be propagated within the VPC. This can be changed even after creating the VPC.
- Regional will instruct the cloud router to make the externally learned routes available only to the instances within the same region.
- Global will instruct the cloud router to make the externally learned routes available for all the instances irrespective of the region.
Gcloud CLI
Gcloud command line is another approach to configure the VPC using CLI. Below is an example way of configuring a new VPC with the following parameters:
- Name – nyacorp-vpc1
- Project – nyacorp
- Description – “VPC1 for NYACORP”
- Subnet Creation Mode – Automatic
- MTU – 1500
- Dynamic Routing Mode – Regional.
gcloud compute networks create nyacorp-vpc1 --project=nyacorp --description=VPC1\ for\ NYACORP --subnet-mode=auto --mtu=1500 --bgp-routing-mode=regional
Any additional Firewall rules can be created using the below CLI:
gcloud compute firewall-rules create nyacorp-vpc1-allow-custom --project=nyacorp --network=projects/nyacorp/global/networks/nyacorp-vpc1 --description=Allows\ connection\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ custom\ protocols. --direction=INGRESS --priority=65534 --source-ranges=10.128.0.0/9 --action=ALLOW --rules=all
VPC Configuration using Terraform
The basic terraform configuration involves the below steps:
- Define the provider as google with the project and credentials details. Optionally include the region if the configuration is specific to the region.
- Define the google_compute_network resource where the VPC specific details such as below are configured:
- Name (Mandatory)
- Description (Optional)
- Auto_subnet_create mode defining the subnets
- Routing_mode defining the Dynamic Routing mode.
- When the auto_subnet_create is disabled (using false as the configuration option), subnets are configured using google_compute_subnetwork resource.
The sample terraform configuration is as below:
provider "google" {
project="Terraform-Project"
credentials = "${file("credentials.json")}"
}
resource "google_compute_network" "nyacorp-vpc1" {
# Ref - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network
name = "nyacorp-vpc1"
description = "VPC1 for NYACORP"
auto_create_subnetworks = false
routing_mode = "REGIONAL"
}
resource "google_compute_subnetwork" "public" {
# Ref - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork
name = "public-subnet"
ip_cidr_range = "10.1.0.0/20"
region = "us-east1"
network = google_compute_network.nyacorp-vpc1.id
}
Once the terraform configuration is applied using “terraform apply”, the relevant VPC and the subnet will be configured.s
No comments:
Post a Comment