https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master

AKS networking

https://cloud.google.com/blog/products/containers-kubernetes/best-practices-for-kubernetes-pod-ip-allocation-in-gke

GCP new stuff

Google, from Agentic AI to Google Unified Security, over Cloud Run and BigQuery, as well as Post Quantum Cryptography.

Gcp networking

https://medium.com/google-cloud/symmetric-multi-region-routing-with-gcp-bgp-route-policies-c74f47765429

🌐 𝙊𝙥𝙩𝙞𝙢𝙞𝙯𝙞𝙣𝙜 𝙃𝙮𝙗𝙧𝙞𝙙 𝘿𝙉𝙎 𝙧𝙚𝙨𝙤𝙡𝙪𝙩𝙞𝙤𝙣 𝙬𝙞𝙩𝙝 𝙂𝙤𝙤𝙜𝙡𝙚 𝘾𝙡𝙤𝙪𝙙 𝘼𝙧𝙘𝙝𝙞𝙩𝙚𝙘𝙩𝙪𝙧𝙚 🌐

#did_you_know_that For DNS resolution between Google Cloud and on-premises environments, Google recommends that you use a hybrid approach with two authoritative DNS systems.

📐 𝘾𝙚𝙣𝙩𝙧𝙖𝙡𝙞𝙯𝙚𝙙 𝘿𝙉𝙎 𝙃𝙪𝙗: 𝘼 𝙎𝙮𝙣𝙘𝙝𝙧𝙤𝙣𝙞𝙯𝙚𝙙 𝙉𝙚𝙩𝙬𝙤𝙧𝙠 𝘽𝙧𝙞𝙙𝙜𝙚 - 🔄 𝘿𝙉𝙎 𝙁𝙤𝙧𝙬𝙖𝙧𝙙𝙞𝙣𝙜: Enables seamless DNS queries between Google Cloud and on-premises through a harmonized setup. - 🌐 𝙎𝙝𝙖𝙧𝙚𝙙 𝙑𝙋𝘾 𝙄𝙣𝙩𝙚𝙜𝙧𝙖𝙩𝙞𝙤𝙣: Leverages the DNS hub within Shared VPC networks to centralize DNS operations.

🔐 𝙃𝙞𝙚𝙧𝙖𝙧𝙘𝙝𝙞𝙘𝙖𝙡 𝙁𝙞𝙧𝙚𝙬𝙖𝙡𝙡 𝙎𝙩𝙧𝙖𝙩𝙚𝙜𝙮: 𝘼𝙙𝙫𝙖𝙣𝙘𝙚𝙙 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙊𝙫𝙚𝙧𝙨𝙞𝙜𝙝𝙩 - 🛡️ 𝙊𝙧𝙜𝙖𝙣𝙞𝙯𝙖𝙩𝙞𝙤𝙣-𝙇𝙚𝙫𝙚𝙡 𝙍𝙪𝙡𝙚𝙨: Deploys organization-wide firewall rules for consistent and comprehensive security coverage. - 🔒 𝙑𝙋𝘾-𝙎𝙥𝙚𝙘𝙞𝙛𝙞𝙘 𝙋𝙤𝙡𝙞𝙘𝙞𝙚𝙨: Tailors firewall policies to each VPC network, addressing unique security needs.

🛑 𝙍𝙪𝙡𝙚 𝙀𝙣𝙛𝙤𝙧𝙘𝙚𝙢𝙚𝙣𝙩: 𝙏𝙖𝙧𝙜𝙚𝙩𝙚𝙙 𝙏𝙧𝙖𝙛𝙛𝙞𝙘 𝘾𝙤𝙣𝙩𝙧𝙤𝙡 - 🚫 𝙊𝙪𝙩𝙗𝙤𝙪𝙣𝙙 𝙏𝙧𝙖𝙛𝙛𝙞𝙘 𝙍𝙚𝙨𝙩𝙧𝙞𝙘𝙩𝙞𝙤𝙣𝙨: Enforces strict rules to deny non-compliant outbound traffic. - ✅ 𝙄𝙣𝙩𝙚𝙧-𝙑𝙋𝘾 𝘼𝙡𝙡𝙤𝙬𝙡𝙞𝙨𝙩𝙞𝙣𝙜: Permits necessary communications within the hybrid network infrastructure.

🏷️ 𝙏𝙖𝙜-𝘽𝙖𝙨𝙚𝙙 𝙁𝙞𝙧𝙚𝙬𝙖𝙡𝙡 𝙈𝙖𝙣𝙖𝙜𝙚𝙢𝙚𝙣𝙩: _𝙍𝙚𝙛𝙞𝙣𝙚𝙙 𝘼𝙘𝙘𝙚𝙨𝙨 𝘾𝙤𝙣𝙩𝙧𝙤𝙡𝙨_** - 🏷️ 𝙄𝘼𝙈-𝘾𝙤𝙣𝙩𝙧𝙤𝙡𝙡𝙚𝙙 𝙏𝙖𝙜𝙨: Integrates IAM features for precise control over firewall rule application. - 🛂 𝙉𝙚𝙩𝙬𝙤𝙧𝙠 𝙍𝙪𝙡𝙚 𝘾𝙪𝙨𝙩𝙤𝙢𝙞𝙯𝙖𝙩𝙞𝙤𝙣: Enables customized rules for intra-VPC communication and security compliance.

Storage test

https://storage.googleapis.com/pejaime-bucket01/temp.txt

GCP ssmples

https://containersolutions.github.io/terraform-examples/examples/google/google.html

Learn GCP

https://m.youtube.com/playlist?list=PLGDl-0H_IoH2MjEs9YOiRR5ahllXpYqFt&si=cRpe-3jcvLuwXKP5

https://m.youtube.com/playlist?list=PLGDl-0H_IoH13Cjln6TLSVhVW9fPFjhJh&si=PqJsbriW8adczLNr

https://m.youtube.com/playlist?list=PLGDl-0H_IoH0mWNg190ekfyia4LBtq55F&si=plyvo1Q-bD2iGYJD

VPC SC Automation

https://medium.com/google-cloud/centralised-management-of-vpcsc-with-terraform-and-cloud-asset-inventory-272efeeb2598

connecting with curl sing gcloud authentication

curl –header “Authorization: Bearer $(gcloud auth application-default print-access-token)” \

"https://api.example.com/endpoint"

Openwrt in GCP

https://finwo.nl/blog/0002-openwrt-in-gcp/

Windows public GS GCE drivers

gs://gce-windows-drivers-public/

Cheat sheet

https://dominicusin.github.io/2019/07/25/gcloud-cheat-sheet.html

GCP python

https://stackoverflow.com/questions/72134185/how-to-use-gcps-resourcemanager-python-client-library-to-get-all-child-projects

VPC SC in 2 minutes

https://www.youtube.com/watch?v=ABlY7FexJJI

What is VPC SC

https://medium.com/google-cloud/gcp-vpc-sc-with-shared-vpc-network-526f85377cdd#:~:text=What%20is%20VPC%2DSC%20(VPC,words%20it%20disables%20data%20exfiltration.

Project

https://cloud.google.com/storage/docs/projects

google modules

https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules

output

https://github.com/JeffBrownTech/tf_module_output_example

Aleks modules

https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/

BGP

https://www.youtube.com/watch?v=Qyu3IjwtOnk

IP ranges

https://cloud.google.com/vpc/docs/vpc

Firewall AWS vs GCP

https://www.linkedin.com/pulse/vpc-service-controls-plain-english-scalesec?trk=organization-update-content_share-article

https://googlecloudarchitect.us/native-gcp-firewall-and-firewall-rules/

private-service-connect-to-connect

https://faun.pub/private-service-connect-to-connect-privately-with-google-apis-and-services-e91da2f26a7a

GCP VPN

https://overlaid.net/2020/04/03/terraform-an-ha-vpn-between-gcp-and-cisco/

https://www.silect.is/blog/multi-cloud-vpn-terraform/

terraform gcp cloud

https://cobalt.io/blog/terraform-0-13-and-google-cloud

DDoS

https://cloud.google.com/files/GCPDDoSprotection-04122016.pdf

GCP peering projects

https://askmedawaa.wordpress.com/2021/05/31/vpc-peering-in-gcp-between-two-projects/amp/

Cloud RUN VPC connector examples

https://cloud.google.com/vpc/docs/configure-serverless-vpc-access?_ga=2.51707232.-891512606.1579136102&_gac=1.28291406.1587500630.Cj0KCQjws_r0BRCwARIsAMxfDRi9uvjmMSAVCJBiHD5aOUKF9KfWnlCt9fG5K0OB-LizzzijdIcCa2oaAnUnEALw_wcB

services

https://storage.googleapis.com/pejaime-bucket03/temp.txt

Kubernetes

https://www.fairwinds.com/blog/how-to-use-terraform-with-gke-a-step-by-step-guide-to-deploying-your-first-cluster?hs_amp=true

Netflix on GCP

https://bittherapy.net/post/creating-your-own-us-netflix-proxy-with-google-cloud/

Sentinel

https://learn.hashicorp.com/tutorials/terraform/sentinel-install?in=terraform/policy

https://medium.com/hashicorp-engineering/using-new-sentinel-features-in-terraform-cloud-c1ade728cbb

Headline

https://www.fairwinds.com/blog/how-to-use-terraform-with-gke-a-step-by-step-guide-to-deploying-your-first-cluster

https://www.youtube.com/watch?v=cNb7xKyya5c

https://www.youtube.com/watch?v=ZQHoC0cR6Qw

https://www.youtube.com/watch?v=Vy8s7AAvU6g

training

https://cloud.google.com/sdk/docs/quickstart#deb

https://console.cloud.google.com/apis/credentials/

regions zones

https://cloud.google.com/compute/docs/regions-zones

https://cloud.google.com/compute/docs/disks

list image types

gcloud compute images list

cheat sheet

https://cloud.google.com/sdk/docs/images/gcloud-cheat-sheet.pdf

gcloud cheat-sheet

some gcloud cmds

gcloud compute images list
gcloud compute disks list
gcloud compute instances list
gcloud compute zones list
gcloud compute accelerator-types list
gcloud compute addresses list
gcloud compute backend-buckets list
gcloud compute backend-services list
gcloud compute commitments list
gcloud compute disk-types list

gcloud list disks

gcloud compute disks list

VPC & VPC firewall rules

https://www.youtube.com/results?search_query=Cloud+Advocate+gcp+vpc

https://www.youtube.com/watch?v=8pqwoZflqPo

GCP setup with terraform

https://medium.com/slalom-technology/a-complete-gcp-environment-with-terraform-c087190366f0

GCP VPC service controls

https://blog.scalesec.com/protecting-gcp-services-with-vpc-service-controls-and-terraform-858019d8b4ff

https://youtu.be/q8jplbdMHC8

https://youtu.be/rGCU6Ajo0QE?t=862

Design

https://cloud.google.com/architecture/best-practices-vpc-design

VPC networks explained

You can think of a VPC as a virtual version of your traditional physical network. VPCs are global, spanning all regions. The instances within the VPC have internal IP addresses and can communicate privately with each other across the globe. This logical representation of your network infrastructure abstracts much of the complexities of dealing with on-premises architectures.

Auto mode networks create one subnet in each GCP region automatically when you create the network. As new regions become available, new subnets in those regions are automatically added to the auto mode network. IP ranges for the automatically created subnets come from a predetermined set of ranges. On the other hand, Custom mode networks start with no subnets, giving you full control over subnet creation and IP addressing.

If you create multiple auto mode VPC networks in your project, each VPC network will be spread across all the available zones and regions, and instances in each VPC network will communicate between each other, but both VPC networks will not communicate unless you configure a link between them ( VPC peering, Cloud VPN tunnel )

If you have two auto mode networks, both will use the same network IP ranges configured in the same regions, so if you create an instance in each VPC in the same region you will have two instances with the same internal IP address. But bear in mind that those instances could also have external IP addresses configured, so they could be able to communicate through their public IP addresses as long as the VPC firewall of the destination instance allows the ingress traffic.

If two VPC networks use the same IP address ranges, that is to say that they have overlapping IP ranges , you cannot link them because the routing will not be feasible between both VPC networks.

Note that you can configure an instance to have multiple network interfaces, each in different VPC networks, thus enabling the instance to communicate with both different worlds.

There are plenty of reasons why you could need multiple VPC networks in one project, especially because they are both segregated and not able to communicate between each other. If you want to interconnect VPC networks (being in the same project or not) you can use custom mode VPC networks and link them via VPC peering or VPN tunnels as long as their IP ranges do not match.

You will find extensive information on GCP public doc on VPC networking at this link.

https://cloud.google.com/vpc/docs/vpc

https://stackoverflow.com/questions/59383018/gcp-vpc-service-control-allow-access-to-a-subset-of-service-projects-that-belon

Storage API not protected from Service Controls

VPC SC

how to list google services which support vpc service controls / /usr/local/bin/list-vpc-sc-supported-services

https://binx.io/blog/2021/12/22/how-to-list-google-services-which-support-vpc-service-controls/

https://youtu.be/rM8awaez-DA

https://medium.com/google-cloud/mitigating-data-exfiltration-risks-in-gcp-using-vpc-service-controls-part-1-82e2b440197

Service violations

https://medium.com/google-cloud/create-a-data-studio-dashboard-to-monitor-vpc-sc-violations-on-your-google-cloud-organization-bf8f3bead691

terraform implementation sample