GCP Global Network

A global private isolated virtual network that provides managed networking functionality for your Google Cloud Platform (GCP) resources.

View Source Code
Deployments

106

Made by

Massdriver

Official

Yes

No

Compliance
No compliance
Clouds
GCP
Text Link
Tags
Networking
Text Link
Read me
Variables

Operator Guide for gcp-global-network

Google Cloud Virtual Private Cloud (VPC) creates a private cloud as an abstraction on Google Cloud’s physical infrastructure. VPC provides secure network isolation across regions along with the ability to adjust the IP space on the fly.

Use Cases

General Compute

VPC is vital to running almost anything on Google Cloud.

Configuration Presets

Private

This is our only guided configuration for the global network. It sets Classless Inter-Domain Routing (CIDR) blocks for Private Service Connect and Private services access.

Design

The gcp-global-network bundle creates a VPC. It is the global parent for everything that needs network access. You will end up connecting bundles to gcp-subnetwork most of the time, with that subnetwork connected to the global network (cluster → subnetwork → global-network). You cannot run anything in a VPC without a subnetwork. The subnetwork defines the IP range.

Private Service Connect

Private Service Connect improves security by allowing you to access GCP APIs across VPCs without traversing the public Internet.

Private Services Access

Private services access allows GCP services (such as CloudSQL and Memorystore) to be offered through a single peering connection with an internal IP address so that each instance does not consume its own peering connection. This is important since GCP global networks have a peering limit of only 25 connections. You may choose the CIDR blocks for Private Service Connect and private services access, but we do not allow you to turn them off.

Best Practices

Security

Massdriver allocates a range for private services access so that you can launch private Google Cloud Platform (GCP) services without individual peering connections. See documentation here for more information.

Private Service Connect

Private Service Connect lowers network egress costs and latency. You also benefit from the improved security of private networking.

Private Services Access

The peering limit of 25 often becomes a major issue for companies because it limits service scaling. Because private services access routes GCP services through a single peering connection, you can scale larger without hitting the peering limit.

Trade-offs

VPC Flow Logs are not turned on or configurable by this bundle. Even on medium-sized networks, they incur a large cost.

VariableTypeDescription
private_service_connect_ipstringInternal IP address to use for accessing Google APIs, such as CloudFunctions, GCR or Cloud Storage, privately instead of over the internet via public IPs. This IP cannot conflict with any existing subnets or peered networks. More info: https://cloud.google.com/vpc/docs/configure-private-service-connect-apis
private_services_access_cidrstringCIDR range to deploy GCP services to. This range cannot be used for any other purpose and cannot conflict with existing subnets or peered networks. This range is used by Google to deploy services like MemoryStore and CloudSQL without requiring individual peering connections per instance. More info: https://cloud.google.com/vpc/docs/private-services-access
System Operational

Marketplace

AWSGCPAzure

Solutions

Healthcare
Internal Developer Platform
Cost Management
DevOps Advisor
Platform Engineering Accelerator

Company

About UsJobsNewsContact UsNews

Resources

PricingBlogDocsWebinars
Get Started
Massdriver Reviews
Massdriver Reviews
© Massdriver, Inc. 2024
Terms of Service
Privacy Policy
Security
Healthcare
Internal Developer Platform
Cost Management
DevOps Advisor
Platform Engineering Accelerator
GameStake Achieves Zero-Downtime Deployments with a 25% Reduction in Cloud Costs
How AMD Global Telemedicine Reduced Software Release Effort by 89% With Massdriver
Writing Maintainable IaC: Use Case Specific OpenTofu / Terraform Modules
Open Office Hours
Airlock: Massdriver's New Open-Source Project
How to enable API endpoints with Massdriver apps
Open Office Hours
Generating OpenTofu / Terraform from Existing Cloud Resources
Running KubeVirt on AWS EKS
Scripting with Massdriver
Open Office Hours
Observability in Kubernetes using Jaeger
Debugging applications in Kubernetes
Observability in Kubernetes using Prometheus
Scaling Ops: Embracing platform engineering’s potential
Open Office Hours
AI Made Simple: Deploying Stable Diffusion with Massdriver and SageMaker
Test driven development with OpenTelemetry
Zero Down Time Deployments in Kubernetes
Writing Maintainable Infrastructure as Code
Massdriver Feature Showcase: Bundle Building
Massdriver Feature Showcase: Environmental Parity
AKS Made Easy on Massdriver
Best Practices for Containerizing Web Apps with Docker
Debugging Applications in Kubernetes
Best Practices for Containerizing Web Apps with Docker
Load Testing with Grafana K6
Debugging Applications in Kubernetes
Running Azure OpenAI with Massdriver
Best Practices for Containerizing Web Apps with Docker
Upgrading PostgreSQL Versions with Minimal Downtime
Deploying 3-tier Web Applications on Kubernetes with Massdriver
Massdriver Feature Showcase: Bundle Building
Massdriver Feature Showcase: Diffing Environments & Deployments
Networking
GCP