Cloud NAT is created in wrong VPC

wwce / google-cloud-vmseries-builds

A collection of VM-Series builds for Google Cloud.

MIT License

6 stars 7 forks source link

Cloud NAT is created in wrong VPC #1

Closed yingjie-wang-mpf closed 2 years ago

yingjie-wang-mpf commented 2 years ago

for /blueprints/vmseries-hub-spoke-autoscale, you've assigned public IP on mgmt interface, so by default, all the outbound traffic will go through that IP instead of cloud NAT on the mgmt vpc, making it redundant. However, in the same time, you didn't create either cloud NAT in untrust vpc or public IP on untrust interface, so there's no way for spoke assets to access internet

mattmclimans commented 2 years ago

Thank you for reporting this. The blueprints/vmseries-hub-spoke-autoscale has been modified to include a Cloud NAT in the untrust VPC and management VPC networks. The external IP addresses on the management interfaces and on the untrust interfaces have been removed.