Cloud Composer 1 | Cloud Composer 2 | Cloud Composer 3
This page explains the difference between Private IP and Public IP environment networking types in Cloud Composer 3 and provides instructions for switching the networking type of your environment.
If you want to disable or enable internet access only when installing PyPI packages, see Configure internet access when installing PyPI packages.
If you want to enable access to your VPC network from your environment, see Connect an environment to a VPC network.
About environment networking types
Cloud Composer 3 uses two environment networking types:
Public IP: Airflow components of the environment can access the internet. This is the default networking type.
Private IP: Airflow components of the environment do not have access to the internet.
Regardless of the networking type, access to Google Services APIs is always possible.
In addition to two networking types, you can enable or disable access to your VPC network for any type of environment. Depending on how you configure your VPC network, a Private IP environment can gain access the internet through you VPC network.
For more information about VPC network access, see Connect an environment to a VPC network.
Change environment networking type
Console
In the Google Cloud console, go to the Environments page.
In the list of environments, click the name of your environment. The Environment details page opens.
Go to the Environment configuration tab.
In the Networking configuration section, find the Networking type item and click Edit.
In the Networking type dialog, select:
- Public IP environment (default) for Public IP networking.
- Private IP environment for Private IP networking.
Click Save.
gcloud
The Following Google Cloud CLI arguments change the environment's networking type:
--enable-private-environment
: changes to Private IP networking.--disable-private-environment
: changes to Public IP networking (default).
Change to Private IP networking:
gcloud beta composer environments update ENVIRONMENT_NAME \
--location LOCATION \
--enable-private-environment
Change to Public IP networking:
gcloud beta composer environments update ENVIRONMENT_NAME \
--location LOCATION \
--disable-private-environment
Replace the following:
ENVIRONMENT_NAME
: the name of the environment.LOCATION
: the region where the environment is located.
Example (Private IP):
gcloud beta composer environments update example-environment \
--location us-central1 \
--enable-private-environment
Example (Public IP):
gcloud beta composer environments update example-environment \
--location us-central1 \
--disable-private-environment
API
Create an
environments.patch
API request.In this request:
In the
updateMask
parameter, specify theconfig.private_environment_config.enable_private_environment
mask.In the request body, in the
enablePrivateEnvironment
field:- Specify
true
to change to Private IP networking. - Specify
false
to change to Public IP networking (default).
- Specify
Example (Private IP):
// PATCH https://composer.googleapis.com/v1beta1/projects/example-project/
// locations/us-central1/environments/example-environment?updateMask=
// config.private_environment_config.enable_private_environment
"config": {
"privateEnvironmentConfig": {
"enablePrivateEnvironment": true
}
}
Terraform
The enable_private_environment
field in the config
block specifies the
environment's networking type:
true
: Private IP networking.false
or omitted: Public IP networking (default).
resource "google_composer_environment" "example" {
provider = google-beta
name = "ENVIRONMENT_NAME"
region = "LOCATION"
config {
enable_private_ip_environment = PRIVATE_IP_STATUS
}
}
Replace the following:
ENVIRONMENT_NAME
: the name of your environment.LOCATION
: the region where the environment is located.PRIVATE_IP_STATUS
:true
for Private IP,false
for Public IP
Example (Private IP):
resource "google_composer_environment" "example" {
provider = google-beta
name = "example-environment"
region = "us-central1"
config {
enable_private_ip_environment = true
... other configuration parameters
}
}