Guides

Steps to create a Shared VPC (GCP)

This doc will explain you all that are required for customers to create a shared vpc and provided it to facets.

Suggest Edits

1. Prerequisites

a. GCP organizational account

b. Host project with permissions like :

  • Compute Network Admin
  • Compute Network User
  • Organization Administrator
  • Owner

c. Other custom permissions

  • compute.organizations.disableXpnHost
  • compute.organizations.disableXpnResource
  • compute.organizations.enableXpnHost
  • compute.organizations.enableXpnResource
  • compute.projects.get
  • resourcemanager.projects.get
  • resourcemanager.projects.getIamPolicy
  • resourcemanager.projects.list

2. Key Steps:

  1. Create the required (2 or 3 subnets ) VPC subnets with /16 CIDR ranges in your host project and also add 2 secondary CIDR ranges (also with /16 CIDR range) for the subnet created ➝ this is required for the creation of kubernetes clusters from facets end

  2. Now we can go ahead and create the shared VPC and attach the projects that we want to share the subnets with.


  1. Once this is enabled, you can provide the appropriate details via the Facets UI

Note: You can’t specify which subnet can be used by which service project. When you shared a subnet, it is shared with each of your service projects. If you want to specify the subnet and project together, you need to configure user permissions per subnet by giving permissions to accounts or service accounts used by the particular project(s).

  1. Enable the "private Google Access" for Kubernetes Nodes to access private Google resources.
    Settings available in Host VPC > subnet details > private google access ➝ true

Updated 11 days ago