Shared VPC Networks in GCP – Basics
Sharing Subnets, Sharing Administration of Subnets and Instances within
The key idea behind shared networking is to allow shared administration of resources - especially subnetworks and instances within those sub networks. For example, network administrators, security administrators and compute administrators can all operate in the same VPC, but with limited privileges.
Some nuances around shared VPCs (and host projects), that may not be obvious, include:
- A Shared VPC network is a VPC network defined in a host project and made available as a centrally shared network for eligible resources in service projects.
- Shared VPC networks can be either auto or custom mode, but legacy networks are not supported.
- When a host project is enabled, all of its existing VPC networks become Shared VPC networks, and any new network created in it will automatically be a Shared VPC network as well.
- A single host project can have more than one Shared VPC network.
- Host and service projects are connected by attachments at the project level.
An example please?
Say you have DEV, TEST and STAGING projects - and also a SERVICES project. The SErvices project has subnetworks defined with CIDR ranges. Now, you want to ensure that any instances created in the DEV, TEST or STAGING projects belong to these pre-created subnets. Simply, turn that Services Project into a HOST project. And manually share out subnets with the DEV, TEST, STAGING projects.
Need a hands-on, GCP Consultant?
Need help with your GCP journey? Start the conversation today.
Leave a Reply