Shared VPCs – for Production and Non Production Dileneation
Also read - Shared VPCs Best Practices
Shared VPCs - What gets shared out?
When a host project is enabled, you have two options for sharing networks:
- You can share all host project subnets. If you select this option, then any new subnets created in the host project, including subnets in new networks, will also be shared.
- You can specify individual subnets to share. If you share subnets individually, then only those subnets are shared unless you manually change the list.
Multiple Shared VPCs (One Per Environment) - GCP Calls this 'Hybrid Shared VPC'
For this case, an organization has decided to use two separate host projects, a Test Environment and a Production Environment. Combine this with the Hybrid Shared VPC Pattern to accommodate almost any organizational use case.
- A Shared VPC Admin has attached two service projects to a PROD HOST project and a TEST HOST project.
- Both host projects have one Shared VPC network with subnets configured to use the same CIDR ranges. In both the
Testing Network
andProduction Network
, the two subnets are: -
10.0.1.0/24 Subnet
in theus-west1
region10.15.2.0/24 Subnet
in theus-east1
region
- Consider
Instance AT
in theApps Testing
service project andInstance AP
in theApps Production
service project:- Notice that both instances use the IP address
10.0.1.3
. This is acceptable because each instance exists in a service project attached to a unique host project containing its own Shared VPC network. - Both the testing and production networks have been purposefully configured in the same way.
- Instances using the
10.0.1.0/24 Subnet
must be located in a zone in the same region as the subnet, even though the subnet and instances are defined in separate projects. Because the10.0.1.0/24 Subnet
is located in theus-west1
region, Service Project Admins who create instances using that subnet must choose a zone in the same region, such asus-west1-a
.
- Notice that both instances use the IP address
Need a hands-on, GCP Consultant?
Need help with your GCP journey? Start the conversation today.
Need an experienced Data Protection Expert? Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.
Leave a Reply