GCP Subnetwork

GCP Subnetwork includes best-practice GCP reference architecture for networks, IAM management, and observability integrations.

View Source Code


Made by







Each Google Cloud Virtual Private Cloud (VPC) network consists of one or more IP address ranges called subnets. Subnets are regional resources, and have IP address ranges associated with them.

Use Cases

The Google Cloud Platform (GCP) subnetwork will act as a private network for regional resources which require network access.

Run Workloads across Multiple Regions

Massdriver enables you to run workloads easily in different regions, which is particularly helpful if your organization is geographically distributed. With Massdriver, you can create multiple gcp-subnetworks, one per region. Each subnetwork would then contain whatever compute (GKE, VMs) or storage (Cloud SQL, Memorystore) resources are needed within that region..

Configuration Presets


The default configuration will work for both development and production environments. We use a large CIDR block (/16) so that your clusters and other network-dependant bundles have plenty of IP space available.


This bundle takes a CIDR block, the IP range for that subnetwork, as a parameter. We also create a Cloud Router and a NAT service for that router. This ensures that external (NAT) IPs can be allocated and managed only by Google Cloud Platform. User-defined external IPs are not allowed. Fundamentally, a gcp-subnetwork is a subnet of the Google VPC. The gcp-global-network bundle creates and manages the Google VPC, and this bundle manages one subnetwork inside of that VPC.

Best Practices

Private Services

We enable private services access by default, and it cannot be turned off. Private services access ensures access to Google APIs via private networking allowing resources in the subnet to communicate with services like GCS or PubSub without having to leave the private network and traverse the internet.

cidrstringCIDR range for the subnetwork.
gcp_regionstringGCP region to create the subnetwork in.