はじめに
基本的なところだけど、意外と漏れていることが多かったのでメモ
リソースの適用範囲
VPCの設定にはグローバルリソースとリージョンリソースがある。
| 項目 | 内容 |
| グローバルリソース | どのリージョンからもアクセス可能 |
| リージョンリソース | そのリージョンからしかアクセスできない。 |
VPCは設定毎にリソースのアクセス可能な範囲が異なっているので注意。
| 項目 | 内容 |
| VPCネットワーク | グローバルリソース。 リージョンをまたがってアクセス可能 |
| Firewall | グローバルリソース |
| サブネット | リージョンリソース。 同一リージョンからしかアクセスができない |
ネットワーク間のVMの移行
できるのはあくまでも、同一リージョンのサブネットを持つ、別VPCネットワーク
VPCのgcloudコマンド
超重要
VPCのコマンドはcomputeのサブコマンドとなっている。
VPCネットワーク、ファイアウォール、どちらもスラスラとそらで言えるようにしておく。
### list, create, and delete Compute Engine networks
gcloud compute networks GROUP | COMMAND [GCLOUD_WIDE_FLAG …]
### list, create, update, and delete Compute Engine firewall rules
gcloud compute firewall-rules COMMAND [GCLOUD_WIDE_FLAG …]VPCネットワーク関連
### 作成
gcloud compute networks create NAME \
[--bgp-routing-mode=MODE; default="regional"] \
[--description=DESCRIPTION] \
[--mtu=MTU] \
[--range=RANGE] \
[--subnet-mode=MODE] \
[GCLOUD_WIDE_FLAG …]
### 表示
gcloud compute networks list
### 詳細表示
gcloud compute networks list ネットワーク名例.ネットワークリスト
$ gcloud compute networks list
NAME SUBNET_MODE BGP_ROUTING_MODE IPV4_RANGE GATEWAY_IPV4
default AUTO REGIONAL例.ネットワークの情報詳細
$ gcloud compute networks describe default
autoCreateSubnetworks: true
creationTimestamp: '2021-03-01T17:54:38.568-08:00'
description: Default network for the project
id: '5224758707246605361'
kind: compute#network
name: default
routingConfig:
routingMode: REGIONAL
selfLink: https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/global/networks/default
subnetworks:
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/europe-west1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/asia-northeast3/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/europe-west4/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/us-central1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/europe-west2/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/europe-west6/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/europe-west3/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/southamerica-east1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/us-west4/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/asia-northeast2/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/australia-southeast1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/asia-south1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/europe-north1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/us-west3/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/asia-southeast1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/northamerica-northeast1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/us-east1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/us-east1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/asia-east1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/asia-northeast1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/us-west1/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/us-east4/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/asia-east2/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/us-west2/subnetworks/default
- https://www.googleapis.com/compute/v1/projects/sylvan-airship-306401/regions/asia-southeast2/subnetworks/default
x_gcloud_bgp_routing_mode: REGIONAL
x_gcloud_subnet_mode: AUTOサブネット関連
サブネットの設定関連はgcloud compute networks subnetsからはじまる。
gcloud compute networks subnets COMMAND [GCLOUD_WIDE_FLAG …]色々。
### 作成
gcloud compute networks subnets create NAME --network=NETWORK --range=RANGE \
[--description=DESCRIPTION] \
[--enable-flow-logs] \
[--enable-private-ip-google-access] \
[--logging-aggregation-interval=LOGGING_AGGREGATION_INTERVAL] \
[--logging-filter-expr=LOGGING_FILTER_EXPR] \
[--logging-flow-sampling=LOGGING_FLOW_SAMPLING] \
[--logging-metadata=LOGGING_METADATA] \
[--logging-metadata-fields=[METADATA_FIELD,…]] \
[--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE] \
[--purpose=PURPOSE] \
[--region=REGION] \
[--role=ROLE] \
[--secondary-range=PROPERTY=VALUE,[…]] \
[GCLOUD_WIDE_FLAG …]
### 表示
gcloud compute networks subnets list \
[NAME …] \
[--network=NETWORK] \
[--regexp=REGEXP, -r REGEXP] \
[--regions=REGION,[REGION,…]] \
[--filter=EXPRESSION] \
[--limit=LIMIT] \
[--page-size=PAGE_SIZE] \
[--sort-by=[FIELD,…]] \
[--uri] \
[GCLOUD_WIDE_FLAG …]Firewall関連
### 作成
gcloud compute firewall-rules create NAME (--action=ACTION | --allow=PROTOCOL[:PORT[-PORT]],[…]) \
[--description=DESCRIPTION] \
[--destination-ranges=CIDR_RANGE,[CIDR_RANGE,…]] \
[--direction=DIRECTION] \
[--disabled] \
[--[no-]enable-logging] \
[--logging-metadata=LOGGING_METADATA] \
[--network=NETWORK; default="default"] \
[--priority=PRIORITY] \
[--rules=PROTOCOL[:PORT[-PORT]],[…]] \
[--source-ranges=CIDR_RANGE,[CIDR_RANGE,…]] \
[--source-service-accounts=EMAIL,[EMAIL,…]] \
[--source-tags=TAG,[TAG,…]] \
[--target-service-accounts=EMAIL,[EMAIL,…]] \
[--target-tags=TAG,[TAG,…]] [GCLOUD_WIDE_FLAG …]
コメント