forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gcp-shared-vpc.html.md.erb
127 lines (79 loc) · 6.74 KB
/
gcp-shared-vpc.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
---
title: Configuring a Shared VPC on GCP
owner: Ops Manager
---
This guide describes the preparation steps required to configure and integrate a shared Virtual Private Cloud (VPC) on Google Cloud Platform (GCP) with <%= vars.product_name %>.
GCP Shared VPC, formerly known as Google Cross-Project Networking (XPN), enables you to assign GCP resources to individual projects within an organization but allows communication and shared services between projects.
For more information about shared VPCs, see [Shared VPC Overview](https://cloud.google.com/compute/docs/shared-vpc/) in the GCP documentation.
## <a id="prerequisites"></a>Prerequisites
To configure a shared VPC, you must assign your project to a Cloud Organization. Confirm that you have a Cloud Organization associated with your GCP account using one of the following methods:
* **GCP Console**: From [https://console.cloud.google.com](https://console.cloud.google.com/), click the **Organization** dropdown at the top of the page to display
all organizations you belong to.
* **gcloud Command Line Interface (CLI)**: From the command line, run `gcloud organizations list` to display all organizations you belong to. See [gcloud Overview](https://cloud.google.com/sdk/gcloud/) in the Google documentation to install the gcloud CLI.
For more information, see [Creating and Managing Organizations](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id) in the GCP documentation. If you do not have a Cloud Organization, contact GCP support.
## <a id="provision"></a> Step 1: Provision the Shared VPC
Follow the [Enabling a shared VPC host project](https://cloud.google.com/compute/docs/shared-vpc/provisioning-shared-vpc#enable-shared-vpc-host) procedure in the GCP documentation.
This procedure requires shared VPC admin permissions.
## <a id="network"></a> Step 2: Create a Shared VPC Network
Use the procedures in the [Preparing to Deploy Ops Manager on GCP Manually](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/gcp/prepare-env-manual.html) topic to create a new network with firewall rules. Do the following:
* [Step 3: Create a GCP Network with Subnet](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/gcp/prepare-env-manual.html#create_network)
* [Step 5: Create Firewall Rules for the Network](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/gcp/prepare-env-manual.html#firewall_rules)
## <a id="shared"></a> Step 3: Connect the Shared VPC to Pivotal Operations Manager
You can use the [GCP console](https://console.cloud.google.com/) or the gcloud CLI to connect the shared VPC host project with Ops Manager.
For more information, see [VPC Network Peering](https://cloud.google.com/compute/docs/peering-networks) in the GCP documentation.
<p class="note warning"><strong>WARNING:</strong> VPC Network Peering is currently in beta and intended for evaluation and test purposes only.</p>
### <a id="shared-gui"></a> Set Up VPC Network Peering with GCP Console
To set up VPC network peering with the GCP console, do the following:
1. From the GCP console, click **Networking**, then **VPC network peering**.
<%= image_tag("vpc-networks.png") %>
1. Click **Create Connection**.
1. Enter a name for the network connection from the Ops Manager project to the new shared network, such as `opsmanager-to-xpn`.
<%= image_tag("om-to-vpc.png") %>
1. Click **Save**.
1. Click **Create Connection**.
1. Enter a name for the network connection from the new shared network to the Ops Manager project, such as `xpn-to-opsmanager`.
<%= image_tag("vpc-to-om.png") %>
1. Click **Save**.
### <a id="shared-cli"></a> Set Up VPC Network Peering with gcloud CLI
To set up VPC network peering with the gcloud CLI, do the following:
1. Enter the following command, replacing `OPSMANAGER-PROJECT` with the name of the project that contains your Ops Manager installation:
<pre class="terminal">
$ gcloud config set project OPSMANAGER-PROJECT
</pre>
1. Enter the following command to create a connection from the Ops Manager project to the new shared VPC project:
<pre class="terminal">
$ gcloud beta compute networks peerings create OPSMANAGER-TO-VPC \
--network OPSMANAGER-NETWORK \
--peer-project VPC-HOST-PROJECT \
--peer-network VPC-NETWORK \
--auto-create-routes
</pre>
Replace the following text in the command above:
* <code>OPSMANAGER-TO-VPC</code>: Choose a name for the connection, such as `om-to-vpc`.
* <code>OPSMANAGER-NETWORK</code>: Enter the name of the network assigned to the Ops Manager project in GCP, such as `my-om-project`.
* <code>VPC-HOST-PROJECT</code>: Enter the name you gave the shared VPC project in [Step 1: Provision the Shared VPC](#provision).
* <code>VPC-NETWORK</code>: Enter the name of the network you gave the shared VPC project in [Step 2: Create Shared VPC Networks](#network).
1. Enter the following command, replacing `VPC-HOST-PROJECT` with the new shared VPC project you created in [Step 1: Provision the Shared VPC](#provision):
<pre class="terminal">
$ gcloud config set project VPC-HOST-PROJECT
</pre>
1. Enter the following command to create a connection from the new shared VPC project to the Ops Manager project:
<pre class="terminal">
$ gcloud beta compute networks peerings create VPC-TO-OPSMANAGER \
--network VPC-NETWORK \
--peer-project OPSMANAGER-PROJECT \
--peer-network OPSMANAGER-NETWORK \
--auto-create-routes
</pre>
Replace the following text and run the following command:
* <code>VPC-TO-OPSMANAGER</code>: Choose a name for the connection, such as `vpc-to-om`.
* <code>VPC-NETWORK</code>: Enter the name of the network you gave the shared VPC project in [Step 2: Create Shared VPC Networks](#network).
* <code>OPSMANAGER-PROJECT</code>: Enter the name of the project that contains your Ops Manager installation.
* <code>OPSMANAGER-NETWORK</code>: Enter the name of the network assigned to the Ops Manager project in GCP.
## <a id="verify"></a> Step 4: Verify the Shared VPC Configuration
After configuring a shared VPC, use the following procedure to verify that the shared VPC host project VM appears in the Ops Manager project.
1. From [https://console.cloud.google.com](https://console.cloud.google.com/), select the Ops Manager project from the drop-down menu at the top of the page.
1. Click **Networking**, then **VPC networks**.
<%= image_tag("vpc-networks.png") %>
1. Confirm that the shared VPC network name appears in the **Subnets** list.
1. Confirm that the shared VPC network **IP address ranges** match what you set for the new VPC project in [Step 2: Create a Shared VPC Network](#network).