0

The use case is the following:

  • a Compute Engine instance with a private IP only ( no external IP)
  • The project has policies to not create external IPs
  • The goal is to be able to send HTTP requests to the Private Compute Engine Instance from Cloud Build

What are the best practices in Networking to ensure that communication?

Thank you

Arrajj
  • 167
  • 2
  • 12
  • only two ways come to my mind: 1. Make compute engine to call GCP instead 2. Create VPN between private resource & GCP – Facty Apr 25 '21 at 10:20

2 Answers2

1

For now, you can't plug Cloud Build in your VPC and thus connect private resources from there.

A new feature is coming and named Worker Pool. The principle is to provision Compute Engine instances in your project, and thus in your VPC to run Cloud Build pipeline. Because the pipeline will run in your VM in your VPC, you will be able to reach the private IPs of your VPC.

guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76
  • 1
    I will be looking forward this new feature thank you ! but I saw an interesting answer elsewhere on CloudBuild for GKE, where we use port forwarding in a detached container in the steps like if we are connecting to a private SQL Instance, I think I can do the same thing here for GCE, I will try this and update the answer here Here is the link for the answer: https://stackoverflow.com/a/65747408/4416877 – Arrajj Apr 25 '21 at 18:50
0

Have you explored Private Google Access? It allows resources that do not have external IP to access Google's APIs and Services. Private Google Access is enabled on a subnet by subnet basis.

https://cloud.google.com/vpc/docs/private-access-options

PlainH2O
  • 146
  • 2
  • 14