This page describes how to manage IP resources in your organization's Data Network Segment to support your external networking requirements. You must add subnets to ensure that external services like egress network address translation (NAT) and external load balancers have enough IP addresses to connect to networks outside your organization. If the data network segment IPs are used up, reach out to IO for upscaling the data network segment.
There are several possible IP management operations outlined on this page, which are not intended to be completed in order:
- Create a leaf subnet for an individual service: This task is useful when you have a new service that doesn't yet have an IP address to use.
For an overview of subnets and their concepts before you complete the tasks in this page, see Subnets and IP addresses.
This page is for network administrators within the platform administrator group and application developers within the application operator group, who are responsible for managing network traffic for their organization. For more information, see Audiences for GDC air-gapped documentation.
Before you begin
To get the permission that you need to create subnets, ask your Organization IAM
Admin to grant you the Subnet Organization Admin (subnet-org-admin)
IAM role. This role is not bound to a namespace.
Create a leaf subnet for an individual service
You must create a leaf subnet to allocate a single IP address for your service.
This leaf subnet must have the field value type: Leaf and must reside in the
same project namespace as your external service, such as an external load
balancer or egress NAT.
Your leaf subnet must be configured with a prefixLength value of 32, because it's
intended to allocate a single IP address. The parentReference value references
a previously allocated subnet, such as the parent zonal subnet you created in
Create a zonal branch subnet for workloads.
In a terminal window, create the leaf subnet in the management API server:
kubectl --kubeconfig MANAGEMENT_API_SERVER_KUBECONFIG apply -f - <<EOF apiVersion: ipam.gdc.goog/v1 kind: Subnet metadata: labels: ipam.gdc.goog/allocation-preference: default ipam.gdc.goog/network-segment: data name: SUBNET_NAME namespace: PROJECT_NAMESPACE spec: ipv4Request: prefixLength: 32 parentReference: name: PARENT_SUBNET namespace: platform type: Leaf EOFReplace the following:
MANAGEMENT_API_SERVER_KUBECONFIG: the path to the kubeconfig file of your management API server. For more information, see Zonal management API server resources.SUBNET_NAME: the name for the leaf subnet.PROJECT_NAMESPACE: the project namespace corresponding to your project where your services are located.PARENT_SUBNET: the name of the parent subnet that this leaf subnet will source its IP address from.
Your individual IP address is now available to be used by your external service. For more information about how to configure the IP address for your service, see the corresponding service documentation, such as Configure external load balancers.