Configuring a Shared VPC on GCP

Page last updated:

Note: Ops Manager 1.11.4+ supports Google Shared VPC.

This guide describes the preparation steps required to configure and integrate a shared Virtual Private Cloud (VPC) on Google Cloud Platform (GCP) with Pivotal Cloud Foundry (PCF).

GCP Shared VPC, formerly known as Google Cross-Project Networking (XPN), enables you to assign GCP resources to individual projects within an organization but allows communication and shared services between projects. For more information about shared VPCs, see Shared VPC Overview in the GCP documentation.

Prerequisites

To configure a shared VPC, you must assign your project to a Cloud Organization. Confirm that you have a Cloud Organization associated with your GCP account using one of the following methods:

  • GCP Console: From https://console.cloud.google.com, click the Organization drop-down menu at the top of the page to display all organizations you belong to.
  • gcloud Command Line Interface (CLI): From the command line, run gcloud organizations list to display all organizations you belong to. See gcloud Overview in the Google documentation to install the gcloud CLI.

For more information, see Creating and Managing Organizations in the GCP documentation. If you do not have a Cloud Organization, contact GCP support.

Step 1: Provision the Shared VPC

Follow the Enabling a shared VPC host project procedure in the GCP documentation. This procedure requires shared VPC admin permissions.

Step 2: Create a Shared VPC Network

Use the procedures in the Preparing to Deploy PCF on GCP topic to create a new network with firewall rules. Complete the following steps:

Step 3: Connect the Shared VPC to Ops Manager

You can use the GCP console or the gcloud CLI to connect the shared VPC host project with Ops Manager.

For more information, see VPC Network Peering in the GCP documentation.

WARNING: VPC Network Peering is currently in beta and intended for evaluation and test purposes only.

Set Up VPC Network Peering with GCP Console

To set up VPC network peering with the GCP console, perform the following steps:

  1. From https://console.cloud.google.com, click Networking, then VPC networks.

    Vpc networks

  2. Click Create Peering Connection.

  3. Enter a name for the network connection from the Ops Manager project to the new shared network, such as opsmanager-to-xpn.

    Om to vpc

  4. Click Save.

  5. Click Create Peering Connection.

  6. Enter a name for the network connection from the new shared network to the Ops Manager project, such as xpn-to-opsmanager.

    Vpc to om

  7. Click Save.

Set Up VPC Network Peering with gcloud CLI

To set up VPC network peering with the gcloud CLI, perform the following steps:

  1. Enter the following command, replacing OPSMANAGER-PROJECT with the name of the project that contains your Ops Manager installation:
    $ gcloud config set project OPSMANAGER-PROJECT
    
  2. Enter the following command to create a connection from the Ops Manager project to the new shared VPC project:

    $ gcloud beta compute networks peerings create OPSMANAGER-TO-VPC \
           --network OPSMANAGER-NETWORK \
           --peer-project VPC-HOST-PROJECT \
           --peer-network VPC-NETWORK \
           --auto-create-routes
    
    Replace the following text in the command above:

    • OPSMANAGER-TO-VPC: Choose a name for the connection, such as om-to-vpc.
    • OPSMANAGER-NETWORK: Enter the name of the network assigned to the Ops Manager project in GCP, such as my-om-project.
    • VPC-HOST-PROJECT: Enter the name you gave the shared VPC project in Step 1: Provision the Shared VPC.
    • VPC-NETWORK: Enter the name of the network you gave the shared VPC project in Step 2: Create Shared VPC Networks.
  3. Enter the following command, replacing VPC-HOST-PROJECT with the new shared VPC project you created in Step 1: Provision the Shared VPC:

    $ gcloud config set project VPC-HOST-PROJECT
    

  4. Enter the following command to create a connection from the new shared VPC project to the Ops Manager project:

    $ gcloud beta compute networks peerings create VPC-TO-OPSMANAGER \
           --network VPC-NETWORK \
           --peer-project OPSMANAGER-PROJECT \
           --peer-network OPSMANAGER-NETWORK \
           --auto-create-routes
    
    Replace the following text and run the following command:

    • VPC-TO-OPSMANAGER: Choose a name for the connection, such as vpc-to-om.
    • VPC-NETWORK: Enter the name of the network you gave the shared VPC project in Step 2: Create Shared VPC Networks.
    • OPSMANAGER-PROJECT: Enter the name of the project that contains your Ops Manager installation.
    • OPSMANAGER-NETWORK: Enter the name of the network assigned to the Ops Manager project in GCP.

Step 4: Verify the Shared VPC Configuration

After configuring a shared VPC, use the following procedure to verify that the shared VPC host project VM appears in the Ops Manager project.

  1. From https://console.cloud.google.com, select the Ops Manager project from the drop-down menu at the top of the page.

  2. Click Networking, then VPC networks.

    Vpc networks

  3. Confirm that the shared VPC network name appears in the Subnets list.

  4. Confirm that the shared VPC network IP address ranges match what you set for the new VPC project in Step 2: Create a Shared VPC Network.

Create a pull request or raise an issue on the source for this page in GitHub