Cloud Composer 1 | Cloud Composer 2 | Cloud Composer 3
This page explains the difference between Private IP and Public IP environment networking types in Cloud Composer 3 and provides instructions for switching the networking type of your environment.
If you want to disable or enable internet access only when installing PyPI packages, see Configure internet access when installing PyPI packages.
If you want to enable access to your VPC network from your environment, see Connect an environment to a VPC network.
About environment networking types
Cloud Composer 3 uses two environment networking types:
Public IP: Airflow components of the environment can access the internet. This is the default networking type.
Private IP: Airflow components of the environment do not have access to the internet.
Regardless of the networking type, access to Google Services APIs is always possible.
In addition to two networking types, you can enable or disable access to your VPC network for any type of environment. Depending on how you configure your VPC network, a Private IP environment can gain access the internet through you VPC network.
For more information about VPC network access, see Connect an environment to a VPC network.
Change environment networking type
Console
In the Google Cloud console, go to the Environments page.
In the list of environments, click the name of your environment. The Environment details page opens.
Go to the Environment configuration tab.
In the Networking configuration section, find the Networking type item and click Edit.
In the Networking type dialog, select:
- Public IP environment (default) for Public IP networking.
- Private IP environment for Private IP networking.
Click Save.
gcloud
The Following Google Cloud CLI arguments change the environment's networking type:
--enable-private-environment: changes to Private IP networking.--disable-private-environment: changes to Public IP networking (default).
Change to Private IP networking:
gcloud beta composer environments update ENVIRONMENT_NAME \
--location LOCATION \
--enable-private-environment
Change to Public IP networking:
gcloud beta composer environments update ENVIRONMENT_NAME \
--location LOCATION \
--disable-private-environment
Replace the following:
ENVIRONMENT_NAME: the name of the environment.LOCATION: the region where the environment is located.
Example (Private IP):
gcloud beta composer environments update example-environment \
--location us-central1 \
--enable-private-environment
Example (Public IP):
gcloud beta composer environments update example-environment \
--location us-central1 \
--disable-private-environment
API
Create an
environments.patchAPI request.In this request:
In the
updateMaskparameter, specify theconfig.private_environment_config.enable_private_environmentmask.In the request body, in the
enablePrivateEnvironmentfield:- Specify
trueto change to Private IP networking. - Specify
falseto change to Public IP networking (default).
- Specify
Example (Private IP):
// PATCH https://composer.googleapis.com/v1beta1/projects/example-project/
// locations/us-central1/environments/example-environment?updateMask=
// config.private_environment_config.enable_private_environment
"config": {
"privateEnvironmentConfig": {
"enablePrivateEnvironment": true
}
}
Terraform
The enable_private_environment field in the config block specifies the
environment's networking type:
true: Private IP networking.falseor omitted: Public IP networking (default).
resource "google_composer_environment" "example" {
provider = google-beta
name = "ENVIRONMENT_NAME"
region = "LOCATION"
config {
enable_private_ip_environment = PRIVATE_IP_STATUS
}
}
Replace the following:
ENVIRONMENT_NAME: the name of your environment.LOCATION: the region where the environment is located.PRIVATE_IP_STATUS:truefor Private IP,falsefor Public IP
Example (Private IP):
resource "google_composer_environment" "example" {
provider = google-beta
name = "example-environment"
region = "us-central1"
config {
enable_private_ip_environment = true
... other configuration parameters
}
}