Introduction
Google provides several different private access options.
Each option allows VM instances with internal IP addresses to reach certain APIs and services. Choose an option that supports the APIs and services that you need to access.
One of the options is Private Google Access.
Private Google Access enabled allows VM instances which only have internal IP addresses (no external IP addresses) to reach the external IP addresses of Google APIs and services.
Elastifile Requirements
As part of the validation phase, prior the deployment, Elastifile raises a warning in case that the Private Google Access is disabled:
Elastifile requires Private Google Access enabled in the following scenarios
EMS with no external IP configured
As part of the Elastifile cluster wizard configuration, there is a validation step.
This step runs multiple tests against the environment (e.g. VPC, FW rules, user permission, etc.) in order to make sure everything is configured correctly,
in order to prevent failures as early as we can, before the cluster deployment itself.
In order to perform those tests, EMS which has no external IP to queries the Google APIs, must communicate through the Private Google Access.
Configuring the ClearTier feature when Replication Agents have no external IP configured
When an admin user want to enable the clear tier, he could choose either configuring external IPs on the replication agents or not.
In case he decided to use an internal IPs only, he should enable the Private Google Access, so the replication agents could communicate using the Google Cloud Storage JSON API.
How To Check and Change the Private Google Access setting
- In your GCP console, note the network and the subnetwork you would like to deploy Elastifile on.
- From the left menu, choose the VPC Network option, and then VPC networks.
- Locate the network and subnetwork you found in the first step and click on it.
- By clicking in the EDIT button you will be able to modify the setting.