This topic describes how you can configure and integrate a shared Virtual Private Cloud (VPC) on Google Cloud Platform (GCP) with VMware Tanzu Operations Manager.

GCP Shared VPC, formerly known as Google Cross-Project Networking (XPN), enables you to assign GCP resources to individual projects within an organization but allows communication and shared services between projects. For more information about shared VPCs, see the GCP documentation.

Prerequisites

To configure a shared VPC, you must assign your project to a Cloud Organization. Confirm that you have a Cloud Organization associated with your GCP account using one of these methods:

  • GCP Console: From the GCP console, click the Organization drop-down menu at the top of the page to display all organizations you belong to.

  • gcloud Command Line Interface (CLI): From the command line, run gcloud organizations list to display all organizations you belong to. To install the gcloud CLI, see gcloud Overview in the Google documentation.

For more information, see Creating and Managing Organizations in the GCP documentation. If you do not have a Cloud Organization, contact GCP support.

Step 1: Provision the shared VPC

Follow the procedure in Enabling a shared VPC host project in the GCP documentation. This procedure requires shared VPC admin permissions.

Step 2: Create a shared VPC network

Follow the procedures in Preparing to Deploy Tanzu Operations Manager on GCP to create a new network with firewall rules. Then follow the procedures in:

Step 3: Connect the shared VPC to Tanzu Operations Manager

You can use the GCP console or the gcloud CLI to connect the shared VPC host project with Tanzu Operations Manager.

For more information, see VPC Network Peering in the GCP documentation.

Caution VPC Network Peering is currently in beta and intended for evaluation and test purposes only.

Set up VPC network peering with the GCP console

To set up VPC network peering with the GCP console:

  1. From the GCP console, click Networking, then VPC network peering.

    GCP console, VPC network peering screen with Create connection button.

  2. Click Create Connection.

  3. Enter a name for the network connection from the Tanzu Operations Manager project to the new shared network, such as opsmanager-to-xpn.

    GCP console, VPC network peering screen with table of peering connections.

  4. Click Save.

  5. Click Create Connection.

  6. Enter a name for the network connection from the new shared network to the Tanzu Operations Manager project, such as xpn-to-opsmanager.

  7. Click Save.

Set up VPC network peering with the gcloud CLI

To set up VPC network peering with the gcloud CLI:

  1. Run:

    gcloud config set project OPSMANAGER-PROJECT

    Where OPSMANAGER-PROJECT is the name of the project that contains your Tanzu Operations Manager installation.

  2. To create a connection from the Tanzu Operations Manager project to the new shared VPC project, run:

    gcloud beta compute networks peerings create OPSMANAGER-TO-VPC \
       --network OPSMANAGER-NETWORK \
       --peer-project VPC-HOST-PROJECT \
       --peer-network VPC-NETWORK \
       --auto-create-routes

    Where:

    • OPSMANAGER-TO-VPC is a name you choose for the connection, such as om-to-vpc.
    • OPSMANAGER-NETWORK is the name of the network assigned to the Tanzu Operations Manager project in GCP, such as my-om-project.
    • VPC-HOST-PROJECT is the name you gave the shared VPC project in Step 1: Provision the Shared VPC.
    • VPC-NETWORK is the name of the network you gave the shared VPC project in Step 2: Create shared VPC networks.

  3. Run:

    gcloud config set project VPC-HOST-PROJECT

    Where VPC-HOST-PROJECT is the new shared VPC project you created in Step 1: Provision the Shared VPC.

  4. To create a connection from the new shared VPC project to the Tanzu Operations Manager project, run:

    gcloud beta compute networks peerings create VPC-TO-OPSMANAGER \
       --network VPC-NETWORK \
       --peer-project OPSMANAGER-PROJECT \
       --peer-network OPSMANAGER-NETWORK \
       --auto-create-routes

    Where:

    • VPC-TO-OPSMANAGER is a name you choose for the connection, such as vpc-to-om.
    • VPC-NETWORK is the name of the network you gave the shared VPC project in Step 2: Create shared VPC network.
    • OPSMANAGER-PROJECT is the name of the project that contains your Tanzu Operations Manager installation.
    • OPSMANAGER-NETWORK is the name of the network assigned to the Tanzu Operations Manager project in GCP.

Step 4: Verify the shared VPC configuration

After configuring a shared VPC, use the following procedure to verify that the shared VPC host project VM appears in the Tanzu Operations Manager project.

  1. From the GCP console, select the Tanzu Operations Manager project from the drop-down menu at the top of the page.

  2. Click Networking, then VPC networks.

  3. Confirm that the shared VPC network name appears in the Subnets list.

  4. Confirm that the shared VPC network IP address ranges match what you set for the new VPC project in Step 2: Create a shared VPC network.

check-circle-line exclamation-circle-line close-line
Scroll to top icon