Skip to content

Latest commit

 

History

History
78 lines (64 loc) · 3.57 KB

gcp.md

File metadata and controls

78 lines (64 loc) · 3.57 KB

Table of Contents

Current functional egress flags for GCP are subnet-id, instance-type, region, cloud-tags, debug, timeout

TODO Add features - egress flags - image-id, kms-key-id for GCP

Setup

GCP Environment

Set up your environment to use the correct VPC name, project ID, credentials of the GCP account for the target cluster.

IAM permissions

Ensure that the GCP credentials being used have the following permissions: image

Available Tools

1. Egress Verification

1.1 Usage

The processes below describe different ways of using egress verifier on a single subnet. In order to verify entire VPC, repeat the verification process for each subnet ID.

1.1.1 CLI Executable
  1. Ensure correct environment setup.

  2. Clone the source:

    git clone https://github.com/openshift/osd-network-verifier.git
  3. Build the cli:

    make build

    This generates osd-network-verifier executable in project root directory.

  4. Obtain params:

    1. subnet-id: Obtain the subnet id to be verified.
    2. vpc-name: Obtain the VPC name that the subnet belongs to
  5. Execute:

    # GCP
    ./osd-network-verifier egress --platform gcp-classic --subnet-id $SUBNET_ID --vpc-name $VPC_NAME
    
     Additional optional flags for overriding defaults (image-id, kms-key will be added in the future):
    ```shell
    --cloud-tags stringToString   (optional) comma-seperated list of tags to assign to cloud resources e.g. --cloud-tags key1=value1,key2=value2 (default [osd-network-verifier=owned,red-hat-managed=true,Name=osd-network-verifier])
    --debug                       (optional) if true, enable additional debug-level logging
    -- TODO image-id string             (optional) cloud image for the compute instance
    --instance-type string        (optional) compute instance type (default "e2-micro")
    -- TODO kms-key-id string           (optional) ID of KMS key used to encrypt root volumes of compute instances. Defaults to cloud account default key
    --region string               (optional) compute instance region. If absent, environment var GCP_REGION will be used, if set (default "us-east1")
    --subnet-id string            source subnet ID
    --timeout duration            (optional) timeout for individual egress verification requests (default 5s). 

    Get cli help:

    ./osd-network-verifier egress --help