Terraform Shared VPC on GCP - Static Internal IP addressGCP Custom IAM role creation with TerraformTerraform GCP vm instance create - Error 403How can I use shared VPC GCP in Terraform config?Terraform GCP when creating instance template, Error getting relative path for source imageTerraform: cannot import Google VPC NetworkGCP: How to access VM in shared VPC by HostnameGoogle Cloud Cloud NAT GatewayHow do I delete and replace the default GCP vpc with terraform?Terraform GCP VPC peeringTerraform: Creating GCP Project using Shared VPC
Explain why watch 'jobs' does not work but watch 'ps' work?
Unethical behavior : should I report it?
Trapped in an ocean Temple in Minecraft?
Piece-drop Mate #2
Is it legal for private citizens to "impound" e-scooters?
Iterate over non-const variables in C++
Keeping an "hot eyeball planet" wet
Print sums of all subsets
How to judge a Ph.D. applicant that arrives "out of thin air"
What is "I bet" in German?
Commercial jet accompanied by small plane near Seattle
"I you already know": is this proper English?
The Sword in the Stone
Easy way to add a zero to the filename if it need it
What does コテッと mean?
Examples of simultaneous independent breakthroughs
Is it normal practice to screen share with a client?
How acidic does a mixture have to be for milk to curdle?
How can I receive packages while in France?
How to avoid unconsciously copying the style of my favorite writer?
Giant space birds hatching out of planets; short story
What do I do when a student working in my lab "ghosts" me?
Decreasing star size
Request for a Latin phrase as motto "God is highest/supreme"
Terraform Shared VPC on GCP - Static Internal IP address
GCP Custom IAM role creation with TerraformTerraform GCP vm instance create - Error 403How can I use shared VPC GCP in Terraform config?Terraform GCP when creating instance template, Error getting relative path for source imageTerraform: cannot import Google VPC NetworkGCP: How to access VM in shared VPC by HostnameGoogle Cloud Cloud NAT GatewayHow do I delete and replace the default GCP vpc with terraform?Terraform GCP VPC peeringTerraform: Creating GCP Project using Shared VPC
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I am attempting to write automation to deploy instances in a shared VPC on GCP. I have a host network project and a service project. I can create a static internal IP address resource in the host project (resource "google_compute_address" "internal") in which I specify the VPC host project (NET_HUB_PROJ) but I am unable to use it when creating the instance. I receive the following error:
google_compute_instance.compute: Error creating instance: googleapi:
Error 400: Invalid value for field
'resource.networkInterfaces[0].networkIP': '10.128.0.10'. IP address
'projects/prototype-network-hub/regions/us-central1/addresses/bh-int-
ip' (10.128.0.10) is reserved by another project., invalid
My compute module:
data "google_compute_image" "image"
name = "$var.IMAGE_NAME"
project = "$var.IMAGE_PROJECT"
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "$var.NET_HUB_SUBNETWORK"
region = "$var.NET_HUB_REGION"
project = "$var.NET_HUB_PROJ"
resource "google_compute_address" "external"
count = "$var.EXT_IP_CREATE ? 1 : 0"
name = "$var.NAME-ext-ip"
address_type = "EXTERNAL"
region = "$var.REGION"
resource "google_compute_instance" "compute"
depends_on = ["google_compute_address.external"]
name = "$var.NAME"
machine_type = "$var.MACHINE_TYPE"
zone = "$var.ZONE"
can_ip_forward = "$var.CAN_IP_FORWARD"
deletion_protection ="$var.DELETION_PROTECTION"
allow_stopping_for_update = "$var.ALLOW_STOPPING_FOR_UPDATE"
tags = ["allow-ssh"]
metadata =
"network" = "$var.NETWORK"
"env" = "$var.ENV"
"role" = "$var.ROLE"
"region" = "$var.REGION"
"zone" = "$var.ZONE"
labels =
"network" = "$var.NETWORK"
"env" = "$var.ENV"
"role" = "$var.ROLE"
"region" = "$var.REGION"
"zone" = "$var.ZONE"
boot_disk
device_name = "$var.NAME"
auto_delete = "$var.BOOT_DISK_AUTO_DELETE"
initialize_params
size = "$var.BOOT_DISK_SIZE"
type = "$var.BOOT_DISK_TYPE"
image = "$data.google_compute_image.image.self_link"
network_interface
network_ip = "$google_compute_address.internal.address"
subnetwork_project = "$var.NET_HUB_PROJ"
subnetwork = "projects/prototype-network-hub/regions/us-central1/subnetworks/custom"
access_config
nat_ip = "$element(concat(google_compute_address.external.*.address, list("")), 0)"
service_account
scopes = ["service-control", "service-management", "logging-write", "monitoring-write", "storage-ro", "https://www.googleapis.com/auth/trace.append" ]
The end goal would be to accomplish the following:
google-cloud-platform terraform terraform-provider-gcp
asked Mar 26 at 17:22
gluxglux
16212 bronze badges
add a comment |
I am attempting to write automation to deploy instances in a shared VPC on GCP. I have a host network project and a service project. I can create a static internal IP address resource in the host project (resource "google_compute_address" "internal") in which I specify the VPC host project (NET_HUB_PROJ) but I am unable to use it when creating the instance. I receive the following error:
google_compute_instance.compute: Error creating instance: googleapi:
Error 400: Invalid value for field
'resource.networkInterfaces[0].networkIP': '10.128.0.10'. IP address
'projects/prototype-network-hub/regions/us-central1/addresses/bh-int-
ip' (10.128.0.10) is reserved by another project., invalid
My compute module:
data "google_compute_image" "image"
name = "$var.IMAGE_NAME"
project = "$var.IMAGE_PROJECT"
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "$var.NET_HUB_SUBNETWORK"
region = "$var.NET_HUB_REGION"
project = "$var.NET_HUB_PROJ"
resource "google_compute_address" "external"
count = "$var.EXT_IP_CREATE ? 1 : 0"
name = "$var.NAME-ext-ip"
address_type = "EXTERNAL"
region = "$var.REGION"
resource "google_compute_instance" "compute"
depends_on = ["google_compute_address.external"]
name = "$var.NAME"
machine_type = "$var.MACHINE_TYPE"
zone = "$var.ZONE"
can_ip_forward = "$var.CAN_IP_FORWARD"
deletion_protection ="$var.DELETION_PROTECTION"
allow_stopping_for_update = "$var.ALLOW_STOPPING_FOR_UPDATE"
tags = ["allow-ssh"]
metadata =
"network" = "$var.NETWORK"
"env" = "$var.ENV"
"role" = "$var.ROLE"
"region" = "$var.REGION"
"zone" = "$var.ZONE"
labels =
"network" = "$var.NETWORK"
"env" = "$var.ENV"
"role" = "$var.ROLE"
"region" = "$var.REGION"
"zone" = "$var.ZONE"
boot_disk
device_name = "$var.NAME"
auto_delete = "$var.BOOT_DISK_AUTO_DELETE"
initialize_params
size = "$var.BOOT_DISK_SIZE"
type = "$var.BOOT_DISK_TYPE"
image = "$data.google_compute_image.image.self_link"
network_interface
network_ip = "$google_compute_address.internal.address"
subnetwork_project = "$var.NET_HUB_PROJ"
subnetwork = "projects/prototype-network-hub/regions/us-central1/subnetworks/custom"
access_config
nat_ip = "$element(concat(google_compute_address.external.*.address, list("")), 0)"
service_account
scopes = ["service-control", "service-management", "logging-write", "monitoring-write", "storage-ro", "https://www.googleapis.com/auth/trace.append" ]
The end goal would be to accomplish the following:
google-cloud-platform terraform terraform-provider-gcp
asked Mar 26 at 17:22
gluxglux
16212 bronze badges
Have you checked that10.128.0.10was not used by another resource?
– norbjd
Mar 27 at 12:28
It is not being used by any other resource. I can confirm it has been created in the host networking project (prototype-network-hub) but not applied to any resource. The error msg alludes to that. It just specifies that it is reserved by the project. One interesting thing to note is using TF, I see an internal IP reservation: evernote.com/l/AfdR3FOkeFZPubjfrEWmcVA1II2uk8cU3qE, but when manually reserved as seen in the picture in my above post, it does not.
– glux
Mar 27 at 14:49
add a comment |
I am attempting to write automation to deploy instances in a shared VPC on GCP. I have a host network project and a service project. I can create a static internal IP address resource in the host project (resource "google_compute_address" "internal") in which I specify the VPC host project (NET_HUB_PROJ) but I am unable to use it when creating the instance. I receive the following error:
google_compute_instance.compute: Error creating instance: googleapi:
Error 400: Invalid value for field
'resource.networkInterfaces[0].networkIP': '10.128.0.10'. IP address
'projects/prototype-network-hub/regions/us-central1/addresses/bh-int-
ip' (10.128.0.10) is reserved by another project., invalid
My compute module:
data "google_compute_image" "image"
name = "$var.IMAGE_NAME"
project = "$var.IMAGE_PROJECT"
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "$var.NET_HUB_SUBNETWORK"
region = "$var.NET_HUB_REGION"
project = "$var.NET_HUB_PROJ"
resource "google_compute_address" "external"
count = "$var.EXT_IP_CREATE ? 1 : 0"
name = "$var.NAME-ext-ip"
address_type = "EXTERNAL"
region = "$var.REGION"
resource "google_compute_instance" "compute"
depends_on = ["google_compute_address.external"]
name = "$var.NAME"
machine_type = "$var.MACHINE_TYPE"
zone = "$var.ZONE"
can_ip_forward = "$var.CAN_IP_FORWARD"
deletion_protection ="$var.DELETION_PROTECTION"
allow_stopping_for_update = "$var.ALLOW_STOPPING_FOR_UPDATE"
tags = ["allow-ssh"]
metadata =
"network" = "$var.NETWORK"
"env" = "$var.ENV"
"role" = "$var.ROLE"
"region" = "$var.REGION"
"zone" = "$var.ZONE"
labels =
"network" = "$var.NETWORK"
"env" = "$var.ENV"
"role" = "$var.ROLE"
"region" = "$var.REGION"
"zone" = "$var.ZONE"
boot_disk
device_name = "$var.NAME"
auto_delete = "$var.BOOT_DISK_AUTO_DELETE"
initialize_params
size = "$var.BOOT_DISK_SIZE"
type = "$var.BOOT_DISK_TYPE"
image = "$data.google_compute_image.image.self_link"
network_interface
network_ip = "$google_compute_address.internal.address"
subnetwork_project = "$var.NET_HUB_PROJ"
subnetwork = "projects/prototype-network-hub/regions/us-central1/subnetworks/custom"
access_config
nat_ip = "$element(concat(google_compute_address.external.*.address, list("")), 0)"
service_account
scopes = ["service-control", "service-management", "logging-write", "monitoring-write", "storage-ro", "https://www.googleapis.com/auth/trace.append" ]
The end goal would be to accomplish the following:
google-cloud-platform terraform terraform-provider-gcp
asked Mar 26 at 17:22
gluxglux
16212 bronze badges
I am attempting to write automation to deploy instances in a shared VPC on GCP. I have a host network project and a service project. I can create a static internal IP address resource in the host project (resource "google_compute_address" "internal") in which I specify the VPC host project (NET_HUB_PROJ) but I am unable to use it when creating the instance. I receive the following error:
google_compute_instance.compute: Error creating instance: googleapi:
Error 400: Invalid value for field
'resource.networkInterfaces[0].networkIP': '10.128.0.10'. IP address
'projects/prototype-network-hub/regions/us-central1/addresses/bh-int-
ip' (10.128.0.10) is reserved by another project., invalid
My compute module:
data "google_compute_image" "image"
name = "$var.IMAGE_NAME"
project = "$var.IMAGE_PROJECT"
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "$var.NET_HUB_SUBNETWORK"
region = "$var.NET_HUB_REGION"
project = "$var.NET_HUB_PROJ"
resource "google_compute_address" "external"
count = "$var.EXT_IP_CREATE ? 1 : 0"
name = "$var.NAME-ext-ip"
address_type = "EXTERNAL"
region = "$var.REGION"
resource "google_compute_instance" "compute"
depends_on = ["google_compute_address.external"]
name = "$var.NAME"
machine_type = "$var.MACHINE_TYPE"
zone = "$var.ZONE"
can_ip_forward = "$var.CAN_IP_FORWARD"
deletion_protection ="$var.DELETION_PROTECTION"
allow_stopping_for_update = "$var.ALLOW_STOPPING_FOR_UPDATE"
tags = ["allow-ssh"]
metadata =
"network" = "$var.NETWORK"
"env" = "$var.ENV"
"role" = "$var.ROLE"
"region" = "$var.REGION"
"zone" = "$var.ZONE"
labels =
"network" = "$var.NETWORK"
"env" = "$var.ENV"
"role" = "$var.ROLE"
"region" = "$var.REGION"
"zone" = "$var.ZONE"
boot_disk
device_name = "$var.NAME"
auto_delete = "$var.BOOT_DISK_AUTO_DELETE"
initialize_params
size = "$var.BOOT_DISK_SIZE"
type = "$var.BOOT_DISK_TYPE"
image = "$data.google_compute_image.image.self_link"
network_interface
network_ip = "$google_compute_address.internal.address"
subnetwork_project = "$var.NET_HUB_PROJ"
subnetwork = "projects/prototype-network-hub/regions/us-central1/subnetworks/custom"
access_config
nat_ip = "$element(concat(google_compute_address.external.*.address, list("")), 0)"
service_account
scopes = ["service-control", "service-management", "logging-write", "monitoring-write", "storage-ro", "https://www.googleapis.com/auth/trace.append" ]
The end goal would be to accomplish the following:
google-cloud-platform terraform terraform-provider-gcp
google-cloud-platform terraform terraform-provider-gcp
asked Mar 26 at 17:22
gluxglux
16212 bronze badges
asked Mar 26 at 17:22
gluxglux
16212 bronze badges
edited Mar 26 at 17:42
glux
asked Mar 26 at 17:22
gluxglux
16212 bronze badges
asked Mar 26 at 17:22
gluxglux
16212 bronze badges
asked Mar 26 at 17:22
gluxglux
16212 bronze badges
16212 bronze badges
Have you checked that10.128.0.10was not used by another resource?
– norbjd
Mar 27 at 12:28
It is not being used by any other resource. I can confirm it has been created in the host networking project (prototype-network-hub) but not applied to any resource. The error msg alludes to that. It just specifies that it is reserved by the project. One interesting thing to note is using TF, I see an internal IP reservation: evernote.com/l/AfdR3FOkeFZPubjfrEWmcVA1II2uk8cU3qE, but when manually reserved as seen in the picture in my above post, it does not.
– glux
Mar 27 at 14:49
add a comment |
Have you checked that10.128.0.10was not used by another resource?
– norbjd
Mar 27 at 12:28
It is not being used by any other resource. I can confirm it has been created in the host networking project (prototype-network-hub) but not applied to any resource. The error msg alludes to that. It just specifies that it is reserved by the project. One interesting thing to note is using TF, I see an internal IP reservation: evernote.com/l/AfdR3FOkeFZPubjfrEWmcVA1II2uk8cU3qE, but when manually reserved as seen in the picture in my above post, it does not.
– glux
Mar 27 at 14:49
Have you checked that
10.128.0.10 was not used by another resource?– norbjd
Mar 27 at 12:28
Have you checked that
10.128.0.10 was not used by another resource?– norbjd
Mar 27 at 12:28
It is not being used by any other resource. I can confirm it has been created in the host networking project (prototype-network-hub) but not applied to any resource. The error msg alludes to that. It just specifies that it is reserved by the project. One interesting thing to note is using TF, I see an internal IP reservation: evernote.com/l/AfdR3FOkeFZPubjfrEWmcVA1II2uk8cU3qE, but when manually reserved as seen in the picture in my above post, it does not.
– glux
Mar 27 at 14:49
It is not being used by any other resource. I can confirm it has been created in the host networking project (prototype-network-hub) but not applied to any resource. The error msg alludes to that. It just specifies that it is reserved by the project. One interesting thing to note is using TF, I see an internal IP reservation: evernote.com/l/AfdR3FOkeFZPubjfrEWmcVA1II2uk8cU3qE, but when manually reserved as seen in the picture in my above post, it does not.
– glux
Mar 27 at 14:49
add a comment |
1 Answer
1
active
oldest
votes
EDIT (new answer):
Per the GCP documentation, the static internal IP must belong to the service project (not the host network project as in your code) if you're looking to reserve internal IP on a shared VPC in a different project. See here:
https://cloud.google.com/vpc/docs/provisioning-shared-vpc#reserve_internal_ip
Seeing as a shared-vpc is unlikely to be found in your TF codebase, you'll have to use data to get the self_link of the subnetwork to use for google_compute_address. Something like the following:
data "google_compute_subnetwork" "subnet"
name = "$var.NET_HUB_SUBNETWORK"
project = "$var.NET_HUB_PROJ"
region = "$var.NET_HUB_REGION"
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "$data.google_compute_subnetwork.subnet.self_link"
This should create the resource under your service project, yet with an address within the designated subnet.
When you deploy your instance you should see it referenced under the internal_ip column on your VM instances tab for the assigned instance.
(old answer for posterity):
Unfortunately, google_compute_address doesn't contain a subnetwork_project like google_compute_instance. A fix around this is to provide a full URL to the subnetwork field in google_compute_address. Something like the following:
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "https://www.googleapis.com/compute/v1/projects/$var.NET_HUB_PROJ/regions/$var.NET_HUB_REGION/subnetworks/$var.NET_HUB_SUBNETWORK"
answered Apr 2 at 22:35
Colin GarciaColin Garcia
112 bronze badges
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55362914%2fterraform-shared-vpc-on-gcp-static-internal-ip-address%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
EDIT (new answer):
Per the GCP documentation, the static internal IP must belong to the service project (not the host network project as in your code) if you're looking to reserve internal IP on a shared VPC in a different project. See here:
https://cloud.google.com/vpc/docs/provisioning-shared-vpc#reserve_internal_ip
Seeing as a shared-vpc is unlikely to be found in your TF codebase, you'll have to use data to get the self_link of the subnetwork to use for google_compute_address. Something like the following:
data "google_compute_subnetwork" "subnet"
name = "$var.NET_HUB_SUBNETWORK"
project = "$var.NET_HUB_PROJ"
region = "$var.NET_HUB_REGION"
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "$data.google_compute_subnetwork.subnet.self_link"
This should create the resource under your service project, yet with an address within the designated subnet.
When you deploy your instance you should see it referenced under the internal_ip column on your VM instances tab for the assigned instance.
(old answer for posterity):
Unfortunately, google_compute_address doesn't contain a subnetwork_project like google_compute_instance. A fix around this is to provide a full URL to the subnetwork field in google_compute_address. Something like the following:
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "https://www.googleapis.com/compute/v1/projects/$var.NET_HUB_PROJ/regions/$var.NET_HUB_REGION/subnetworks/$var.NET_HUB_SUBNETWORK"
answered Apr 2 at 22:35
Colin GarciaColin Garcia
112 bronze badges
add a comment |
EDIT (new answer):
Per the GCP documentation, the static internal IP must belong to the service project (not the host network project as in your code) if you're looking to reserve internal IP on a shared VPC in a different project. See here:
https://cloud.google.com/vpc/docs/provisioning-shared-vpc#reserve_internal_ip
Seeing as a shared-vpc is unlikely to be found in your TF codebase, you'll have to use data to get the self_link of the subnetwork to use for google_compute_address. Something like the following:
data "google_compute_subnetwork" "subnet"
name = "$var.NET_HUB_SUBNETWORK"
project = "$var.NET_HUB_PROJ"
region = "$var.NET_HUB_REGION"
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "$data.google_compute_subnetwork.subnet.self_link"
This should create the resource under your service project, yet with an address within the designated subnet.
When you deploy your instance you should see it referenced under the internal_ip column on your VM instances tab for the assigned instance.
(old answer for posterity):
Unfortunately, google_compute_address doesn't contain a subnetwork_project like google_compute_instance. A fix around this is to provide a full URL to the subnetwork field in google_compute_address. Something like the following:
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "https://www.googleapis.com/compute/v1/projects/$var.NET_HUB_PROJ/regions/$var.NET_HUB_REGION/subnetworks/$var.NET_HUB_SUBNETWORK"
answered Apr 2 at 22:35
Colin GarciaColin Garcia
112 bronze badges
add a comment |
EDIT (new answer):
Per the GCP documentation, the static internal IP must belong to the service project (not the host network project as in your code) if you're looking to reserve internal IP on a shared VPC in a different project. See here:
https://cloud.google.com/vpc/docs/provisioning-shared-vpc#reserve_internal_ip
Seeing as a shared-vpc is unlikely to be found in your TF codebase, you'll have to use data to get the self_link of the subnetwork to use for google_compute_address. Something like the following:
data "google_compute_subnetwork" "subnet"
name = "$var.NET_HUB_SUBNETWORK"
project = "$var.NET_HUB_PROJ"
region = "$var.NET_HUB_REGION"
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "$data.google_compute_subnetwork.subnet.self_link"
This should create the resource under your service project, yet with an address within the designated subnet.
When you deploy your instance you should see it referenced under the internal_ip column on your VM instances tab for the assigned instance.
(old answer for posterity):
Unfortunately, google_compute_address doesn't contain a subnetwork_project like google_compute_instance. A fix around this is to provide a full URL to the subnetwork field in google_compute_address. Something like the following:
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "https://www.googleapis.com/compute/v1/projects/$var.NET_HUB_PROJ/regions/$var.NET_HUB_REGION/subnetworks/$var.NET_HUB_SUBNETWORK"
answered Apr 2 at 22:35
Colin GarciaColin Garcia
112 bronze badges
EDIT (new answer):
Per the GCP documentation, the static internal IP must belong to the service project (not the host network project as in your code) if you're looking to reserve internal IP on a shared VPC in a different project. See here:
https://cloud.google.com/vpc/docs/provisioning-shared-vpc#reserve_internal_ip
Seeing as a shared-vpc is unlikely to be found in your TF codebase, you'll have to use data to get the self_link of the subnetwork to use for google_compute_address. Something like the following:
data "google_compute_subnetwork" "subnet"
name = "$var.NET_HUB_SUBNETWORK"
project = "$var.NET_HUB_PROJ"
region = "$var.NET_HUB_REGION"
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "$data.google_compute_subnetwork.subnet.self_link"
This should create the resource under your service project, yet with an address within the designated subnet.
When you deploy your instance you should see it referenced under the internal_ip column on your VM instances tab for the assigned instance.
(old answer for posterity):
Unfortunately, google_compute_address doesn't contain a subnetwork_project like google_compute_instance. A fix around this is to provide a full URL to the subnetwork field in google_compute_address. Something like the following:
resource "google_compute_address" "internal"
name = "$var.NAME-int-ip"
address_type = "INTERNAL"
address = "$var.PRIVATE_IP"
subnetwork = "https://www.googleapis.com/compute/v1/projects/$var.NET_HUB_PROJ/regions/$var.NET_HUB_REGION/subnetworks/$var.NET_HUB_SUBNETWORK"
answered Apr 2 at 22:35
Colin GarciaColin Garcia
112 bronze badges
edited Apr 30 at 21:25
answered Apr 2 at 22:35
Colin GarciaColin Garcia
112 bronze badges
answered Apr 2 at 22:35
Colin GarciaColin Garcia
112 bronze badges
answered Apr 2 at 22:35
Colin GarciaColin Garcia
112 bronze badges
112 bronze badges
add a comment |
add a comment |
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55362914%2fterraform-shared-vpc-on-gcp-static-internal-ip-address%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Have you checked that
10.128.0.10was not used by another resource?– norbjd
Mar 27 at 12:28
It is not being used by any other resource. I can confirm it has been created in the host networking project (prototype-network-hub) but not applied to any resource. The error msg alludes to that. It just specifies that it is reserved by the project. One interesting thing to note is using TF, I see an internal IP reservation: evernote.com/l/AfdR3FOkeFZPubjfrEWmcVA1II2uk8cU3qE, but when manually reserved as seen in the picture in my above post, it does not.
– glux
Mar 27 at 14:49