search

GoogleCloudPlatform / gcpdiag

gcpdiag is a command-line diagnostics tool for GCP customers.
https://gcpdiag.dev/
Apache License 2.0
288 stars 67 forks source link

Add shared VPC property to GKE model #22

Closed eyalzek closed 2 years ago

eyalzek commented 2 years ago

And update private_google_access GKE test to take a shared VPC scenario into consideration.

Currently this fails for a private cluster deployed in a shared VPC (if the VPC is not in the same project):

🔎 gke/ERR/2022_002: GKE nodes of private clusters can access Google APIs and services.
   - foo-bar/europe-west4/foo                    [FAIL]
      subnet bar has Private Google Access disabled and Cloud NAT is not available

   Private GKE clusters must have Private Google Access enabled on the subnet
   where cluster is deployed.

   https://gcpdiag.dev/rules/gke/ERR/2022_002
schweikert commented 2 years ago

Opened #23 to track the underlying issue.