search

GoogleCloudPlatform / k8s-config-connector

GCP Config Connector, a Kubernetes add-on for managing GCP resources
https://cloud.google.com/config-connector/docs/overview
Apache License 2.0
866 stars 205 forks source link

Add support for creating Service Networking DNS Peers #782

Open tedelwartowski-bestbuy opened 1 year ago

tedelwartowski-bestbuy commented 1 year ago

Checklist

Describe the feature or resource

Due to organizational security policies, we are working to establish a deployment method for Vertex managed notebooks to be attached to a project VPC. However, config connector is currently not able to support creating a DNS peering for the service networking connection and thus we are not able to provide name resolution for custom DNS zones. We would like to have the following functionality added to config connector:

resource "google_service_networking_peered_dns_domain" "name" {
  project    = 10000000
  name       = "example-com"
  network    = "default"
  dns_suffix = "example.com."
  service    = "peering-service"
}

Additional information

gcloud services peered-dns-domains create testpeer \
    --network=net1 \
    --dns-suffix=test.com. \
    --project=project_12345

Importance

This is currently a blocker as we need the ability to provide name resolution for managed notebooks which are connected to the project VPC via a service connection; per organizational security policy, managed notebook connections must be routed via our project VPC.

Additionally, the following organization policy is driving the need to connect a managed notebook to the project VPC as our security policies prohibit resources from having public IP:

diviner524 commented 1 year ago

@tedelwartowski-bestbuy Thank you for providing all the details!

Since this is a blocking issue for you, could you please also file a customer issue via GCP support?

We will work with internal partner teams and see if this request can be expedited.