Create an attachment group

This page provides the instructions for how to create or update an attachment group in Google Distributed Cloud (GDC) air-gapped.

An attachment group represents a collection of VLAN attachments that share access to a set of organizations. An AttachmentGroup resource lists the organizations allowed to use virtual routing and forwarding (VRF) on the InterconnectAttachment resource.

Before you begin

To create or update an attachment group, you must have the following:

• The necessary identity and access roles. For more information, see Prepare predefined roles and permissions.

Create or update an attachment group

To create or update an attachment group, follow these steps:

1. Create a YAML file named attachmentgroup.yaml.

2. Add the following content to the file:

   apiVersion: system.private.gdc.goog/v1alpha1
   kind: AttachmentGroup
   metadata:
     name: attachment-group-IDENTIFIER
     namespace: gpc-system
   spec:
     identifier: IDENTIFIER
     entities:
       - orgName: ORG_NAME
         domainType: DOMAIN_TYPE
   

3. Replace the following:

   • IDENTIFIER: a unique identifier string for the attachment group.
   • ORG_NAME: the name of the tenant organization that all VLAN attachments in the attachment group can connect to. This must be your organization's name.

   • DOMAIN_TYPE: the specific domain of the tenant organization in the entry that all VLAN attachments can connect to. You must provide one of the following valid values:

     • OrgAdmin: Connect to the Org Management-plane infrastructure.
     • OrgData: Connect to the Org Data-plane infrastructure.
     • OrgMixed: Use the OrgMixed type to connect to both the Org Management-plane and Org Data-plane infrastructure.
     • External: Use the External type if the organization is not an Org v2 Architecture organization.

4. Create the attachment group:

   kubectl apply -f attachmentgroup.yaml -n gpc-system
   --kubeconfig=MANAGEMENT_API_SERVER
   

   Replace MANAGEMENT_API_SERVER with the path to the kubeconfig file for the Management API server.

5. Check that the creation of attachment group is successful:

   kubectl get attachmentgroup -n gpc-system
   --kubeconfig=MANAGEMENT_API_SERVER
   

   The output returns the attachment group and shows True in the Ready column:

   NAME                     IDENTIFIER       READY
   attachment-group-mixed   mixed            True
   

What's next

• Create a VLAN attachment