- NAME
-
- gcloud services vpc-peerings enable-vpc-service-controls - enable VPC Service Controls for the peering connection
- SYNOPSIS
-
-
gcloud services vpc-peerings enable-vpc-service-controls--network=NETWORK[--async] [--service=SERVICE; default="servicenetworking.googleapis.com"] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
This command configures IPv4 routes and DNS zones applicable to a service
producer VPC network (for example, servicenetworking). The route and DNS
configuration match those recommended for using the restricted.googleapis.com
VIP:
When enabled, Google Cloud makes the following route configuration changes in the service producer VPC network: Google Cloud removes the IPv4 default route (destination 0.0.0.0/0, next hop default internet gateway). Google Cloud then creates an IPv4 route for destination 199.36.153.4/30 using the default internet gateway next hop.
When enabled, Google Cloud also creates Cloud DNS managed private zones and authorizes those zones for the service producer VPC network. The zones include googleapis.com, pkg.dev, gcr.io, and other necessary domains or host names for Google APIs and services that are compatible with VPC Service Controls. Record data in the zones resolves all host names to 199.36.153.4, 199.36.153.5, 199.36.153.6, and 199.36.153.7.
When disabled, Google Cloud makes the following route configuration changes in the service producer VPC network: Google Cloud restores a default route (destination 0.0.0.0/0, next hop default internet gateway). Google Cloud also deletes the Cloud DNS managed private zones that provided the host name overrides.
While enabled, the service producer VPC network can still import static and dynamic routes from the peered customer network if you enable custom route export. These custom routes can include a default route. For this reason, this command is not to be used solely as a means for preventing access to the internet.
- EXAMPLES
-
To enable VPC Service Controls for a connection peering a network called
my-networkon the current project to a service calledyour-service, run:gcloud services vpc-peerings enable-vpc-service-controls --network=my-network --service=your-serviceTo run the same command asynchronously (non-blocking), run:
gcloud services vpc-peerings enable-vpc-service-controls --network=my-network --service=your-service --async - REQUIRED FLAGS
-
--network=NETWORK- The network in the current project that is peered with the service.
- OPTIONAL FLAGS
-
--async- Return immediately, without waiting for the operation in progress to complete.
--service=SERVICE; default="servicenetworking.googleapis.com"- The service to enable VPC service controls for.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
-
These variants are also available:
gcloud alpha services vpc-peerings enable-vpc-service-controlsgcloud beta services vpc-peerings enable-vpc-service-controls
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-02-06 UTC.