Open dylan-tock opened 1 year ago
b/280101071
You can configure a VM to work as a NAT with a static IP for Cloud Build worker pools. Hopefully that works to solve your problem for now though I would also second that it would be good it I could use a standard cloud NAT for this.
https://cloud.google.com/build/docs/private-pools/use-in-private-network#running_behind_a_nat
Access external resource from a static source IP address using Cloud Build
Community Note
Description
The provider documentation for the
google_cloudbuild_worker_pool
resource says settingno_external_ip
totrue
will prevent network egress to Public IPs. We have many VMs configured without Public IPs and they use Cloud NAT for egress.It would be highly desirable from a security perspective to avoid Cloud Build hosts having external IP address and be able to specify an existing Cloud NAT for any egress.
New or Affected Resource(s)
Potential Terraform Configuration
References
google_compute_router_nat
resource documentation.