The target of the forwarding rule should be the name of a service bundle (e.g., "all-apis")
The IP address used for the endpoint cannot overlap with any address space local to the VPC (**)
The subnet must have private google access enabled
The forwarding rule must be global
The main problem here is (**). Supporting this will require getting a new address from the orchestrator for the endpoint and labeling it as a paraglider resource. Then, in GetUsedAddressSpaces, the plugin should look for these labeled addresses and return them as well. This is a workaround since the address can't be associated with the VPC subnets at all (cannot even be in the secondary ranges).
Right now, the implementation in #417 assumes that the user supplies a URI of a service attachment. This is not how one connects to Google services (https://cloud.google.com/vpc/docs/about-accessing-google-apis-endpoints#supported-apis).
The important differences are:
The main problem here is (**). Supporting this will require getting a new address from the orchestrator for the endpoint and labeling it as a paraglider resource. Then, in
GetUsedAddressSpaces
, the plugin should look for these labeled addresses and return them as well. This is a workaround since the address can't be associated with the VPC subnets at all (cannot even be in the secondary ranges).