Configure large-scale networks for Cloud Composer environments

Cloud Composer 1 | Cloud Composer 2

This section explains how to organize large-scale networks for Cloud Composer environments.

Use Private Service Connect instead of VPC-based networking

You do not need to follow this guide if your environments use Private Service Connect instead of VPC peerings.

This feature resolves limitations related to VPC peerings for Cloud Composer environments.

For more information, see Configure Private Service Connect.

Quotas for VPC, subnet and forwarding rules

Cloud Composer and GKE services use VPC peerings to establish connections between the components of Cloud Composer environments (Customer Project and Tenant Project) and between a GKE cluster and a GKE Control Plane.

If your project has a large-scale network configuration, such as one with hundreds of networks and many VPC peerings configured, then when you try to create new Cloud Composer environments, the operations might fail because of VPC, subnet or forwarding rules quota errors.

The errors that you might encounter are:

  • The maximum number of VPC peerings per single VPC network is reached.

    The default quota for a number of VPC peerings within a single VPC is 25 (unless you request an increase of this quota).

  • The maximum number of primary and secondary subnet IP ranges is reached.

    The quota for this parameter is 400.

  • The maximum number of forwarding rules in the peering group for Internal TCP/ UDP Load Balancing is reached.

    The quota for this parameter is 175.

For more information about default quotas for VPCs in Google Cloud, see Quotas and limits.

About large-scale networks for Cloud Composer environments

To overcome challenges related to these limits, you can organize your Cloud Composer environments into several VPC networks connected to your main/backbone VPC as it is described in the following sections.

This solution is applicable to Shared VPC and non-Shared VPC scenarios.

Large-scale network setup in a non-Shared VPC scenario

Large-scale network setup in a non-Shared VPC scenario

To create a large-scale network setup for Cloud Composer:

  1. Create a backbone VPC network. This network acts as a hub for individual VPC networks that host Cloud Composer environments.

  2. Create dedicated VPC networks for Cloud Composer environments. You can combine several Cloud Composer environments into one VPC network. For example, you can name these networks composer-vpc-1, composer-vpc-2, and so on.

  3. Establish connectivity between Cloud Composer environment VPC networks and the backbone VPC by creating HA VPN tunnels.

Large-scale network setup in a Shared VPC scenario

To solve the network peering limits issue in a Shared VPC networks, organize your Cloud Composer environments into several projects and VPC networks connected to one backbone VPC.

Large-scale network setup in a Shared VPC scenario

To create a large-scale Shared VPC network setup for Cloud Composer:

  1. In the host project, create a backbone VPC network. This network connects individual VPC networks for service projects running Cloud Composer environments.

  2. In the host project, create VPC networks for Cloud Composer environments. For example, you can name these networks composer-shared-vpc-1, composer-shared-vpc-2, and so on.

  3. Establish connectivity between these VPC networks and the backbone VPC network by manually creating HA VPN tunnels.

  4. Configure Cloud Composer environments in the Shared VPC setup.

What's next