-
Notifications
You must be signed in to change notification settings - Fork 57
Design Issues
Michael O'Brien edited this page May 20, 2024
·
6 revisions
- billing - 5 default - need 55
- project - 20 default - need 55
- VPCs per project - 8
For example use different billing accounts across dev/prod/non-prod
- ref: https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/396
- Look at NCC but it is not available in the 2 nane regions yet.
- https://cloud.google.com/network-connectivity/docs/network-connectivity-center/concepts/overview
- Note: certain managed services like Dataproc will use up a peering connection under the hood
- Note: PSA will implement the private connection as a peering connection
- Discussion with Marian "apply_security_profile_group transparently intercepts the traffic and sends it to the configured firewall endpoint for Layer 7 inspection."
- https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network_firewall_policy_rule
- https://cloud.google.com/firewall/docs/firewall-policies-rule-details
- https://registry.terraform.io/providers/hashicorp/google/5.22.0/docs/resources/network_security_security_profile_group
There are several access methods partitioned by API or VPC access internal and external to GCP like PGA, PSC and PSA - here we detail each scenario and requirement
- PSA will be implemented as a peering connection - using up one of the 25 quota - https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/wiki/Design-Issues#di4-20240506-25-peering-limit