堆栈内存溢出
  简体   繁体   English

如何让 Google Cloud Build 在 VPC 边界内工作?

[英]How to get Google Cloud Build working inside VPC Perimeter?

 原文  2019-11-20 16:41:22       google-cloud-platform/ terraform/ vpc/ google-cloud-build

问题描述

I have a question that is confusing me a little.我有一个让我有点困惑的问题。 I have a project locked down at the org level through a perimeter fence.我通过外围围栏在组织级别锁定了一个项目。 This is to whitelist ip ranges to access a cloud storage bucket as the user has no ability to authenticate through service accounts or api's and requires a streaming of data.这是为了将 ip 范围列入白名单以访问云存储桶,因为用户无法通过服务帐户或 api 进行身份验证,并且需要数据流。

This is fine and working however I am confused about how to open up access to serverless enviroments aswell inside gcp.这很好并且可以工作,但是我对如何在 gcp 内部打开对无服务器环境的访问感到困惑。 The issue in question is cloud build.有问题的问题是云构建。 Since introduction of the perimeter I can no longer run cloud build due to violation of vpc controls.自从引入边界以来,由于违反 vpc 控制,我无法再运行云构建。 Wondering can anyone point me in the direction of how to enable this as obviously white listing the entire cloud build ip range is not an option?想知道任何人都可以指出如何启用它的方向,因为显然白名单整个云构建 ip 范围不是一个选项?

4 个解决方案

解决方案1
 1  2019-11-20 17:26:27

You want to create a Perimeter Bridge between the resources that you want to be able to access each other.您希望在希望能够相互访问的资源之间创建一个外围网桥 You can do this in the console or using gcloud as noted in the docs that I linked.您可以在控制台中执行此操作,也可以按照我链接的文档中的说明使用gcloud

解决方案2
 1  2019-11-21 14:39:15

The official documentation mention that if you use VPC service controls , some services are not supported , for example, Cloud Build, for this reason the problem started right after you deployed the perimeter.官方文档中提到,如果你使用VPC 服务控制,有些服务是不支持的,例如 Cloud Build,因此问题在你部署边界后就开始了。

解决方案3
 1 已采纳  2019-11-22 13:30:27

Hi all so the answer is this.大家好,所以答案是这样的。

What you want to do is set up one project that is locked down by vpc and has no api's available for ingestion of the ip white listed storage bucket.您要做的是设置一个被 vpc 锁定并且没有可用于摄取 ip 白名单存储桶的 api 的项目。 Then you create a 2nd project that has a vpc but does not disable cloud storage api's etc. Now from here you can read directly from the ip whitelisted cloud storage bucket in the other project.然后创建第二个项目,该项目具有 vpc 但不禁用云存储 API 等。现在,您可以从此处直接读取另一个项目中的 ip 白名单云存储桶。

Hope this makes sense as I wanted to share back to the awesome guys above who put me on the right track.希望这是有道理的,因为我想与上面那些让我走上正轨的好人分享。

Thanks again再次感谢

解决方案4
 0  2022-04-22 00:45:10

Cloud Build is now supported by VPC Service Controls VPC Supported products and limitations VPC Service Controls 现在支持 Cloud Build VPC 支持的产品和限制

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 VPC 内部的谷歌云功能? - Google cloud functions inside VPC? 如何让 puppeteer 在 Google Cloud Run/Cloud Build 中工作? - How to get puppeteer working in Google Cloud Run/Cloud Build? 私有 VPC 网络上的 Google Cloud Build - Google Cloud Build on private VPC network MongoDB 到 Google Cloud Platform VPC 不工作 - MongoDB to Google Cloud Platform VPC not working 带有 VPC 无服务器连接器出口的 Google Cloud Functions 与 Cloud NAT 不工作 - Google Cloud Functions with VPC Serverless Connector Egress with Cloud NAT not working 如何让我的 Google-service.json 在 Google Cloud Plataform 中与 Firestore 一起使用? - How do I get my Google-service.json working with Firestore inside Google Cloud Plataform? 谷歌云 VPC 与 AWS VPC - Google Cloud VPC vs AWS VPC Google Cloud VPC Internet网关 - Google Cloud VPC Internet Gateway 谷歌云平台如何限制用户使用单个VPC? - How to restrict users to single VPC in Google cloud platform? 如何从本地机器连接到谷歌云 VPC - How to connect to Google cloud VPC from on-premise machine
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM