Manage IP resources in your organization's Data Network Segment to support external networking requirements. To ensure that external services like egress network address translation (NAT) and external load balancers have enough IP addresses to connect to networks outside your organization, you must add external subnets.
If the Data Network Segment IP addresses are used up, reach out to your infrastructure operator (IO) to scale up your IP addresses.
For an overview of subnets and their concepts, see Subnets and IP addresses.
This document is for platform administrators and application operators who are responsible for managing network traffic for their organization. For more information, see Audiences for GDC air-gapped documentation.
Before you begin
To get the permission that you need to create subnets, ask your Organization IAM
Admin to grant you the Subnet Org Admin (subnet-org-admin)
IAM role. This role is not bound to a namespace.
Create a leaf subnet for an individual service
To allocate a single IP address for your service, you must create a leaf subnet.
This leaf subnet must have the field value type: Leaf and must reside in the
same project namespace as your external service.
Your leaf subnet must be configured with a prefixLength value of 32, because it's
intended to allocate a single IP address. The parentReference value references
a previously allocated subnet.
In a terminal window, create the leaf subnet in the management API server:
kubectl --kubeconfig MANAGEMENT_API_SERVER_KUBECONFIG apply -f - <<EOF apiVersion: ipam.gdc.goog/v1 kind: Subnet metadata: labels: ipam.gdc.goog/allocation-preference: default ipam.gdc.goog/network-segment: data name: SUBNET_NAME namespace: PROJECT_NAMESPACE spec: ipv4Request: prefixLength: 32 parentReference: name: PARENT_SUBNET namespace: platform type: Leaf EOFReplace the following:
MANAGEMENT_API_SERVER_KUBECONFIG: the path to the kubeconfig file of your management API server. For more information, see Zonal management API server resources.SUBNET_NAME: the name for the leaf subnet.PROJECT_NAMESPACE: the project namespace corresponding to your project where your services are located.PARENT_SUBNET: the name of the parent subnet that this leaf subnet will source its IP address from.
Your individual IP address is now available for use by your external service. For more information about how to configure the IP address for your service, see the corresponding service documentation, such as Configure external load balancers.