how do you add additional nics to a compute engine vm? - google-compute-engine

how do I add a NIC to a compute engine instance? I need more then one NIC so I can build out an environment...I've looked all over and there is nothing on how to do it...
I know it's probably some API call through the SDK, but I have no idea, and I can't find anything on it.
EDIT:
It's the rhel6 image. figured I should clarify.

The question is probably old and a lot has changed since. Now it's definitely possible to add more nics to an instance but only at creation time (you can find a networking tab on the create instance page on the portal - corresponding rest api exists too). Each nic has to connect to a different virtual network, so you need to create more before creating the instance (if you don't have already).

Do you need an external address or an internal address? If external, you can use gcutil to add an IP address to an existing instance. If internal, you can configure a static network address on the instance, and add a route entry to send traffic for that address to that instance.

I was looking for similiar thing (to have a VM which runs Apache and nginx simultaneously on different IPs), but it seems like although you can have multiple networks (up to 5) in a project and each network can belong to multiple instances, you can not have more than one network per instance. From the documentation:
A project can contain multiple networks and each network can have multiple instances attached to it. [...] A network belongs to only one project and each instance can only belong to one network.

Related

Is it possible to get GCP's ANY distribution for Kubernetes GKE node pool?

I have a GKE Kubernetes cluster running on GCP. This cluster has multiple node pools set with autoscale ON and placed at us-central1-f.
Today we started getting a lot of errors on these Node pools' Managed Instance Groups saying that us-central1-f had run out of resources. The specific error: ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS
I've found another topic on Stackoverflow with a similar question, where the answer points to a discussion on Google Groups with more details. I know that one of the recommended ways of avoiding this is to use multiple zones and/or regions.
When I first faced this issue I wondered if there is a way to set multiple region as a fallback system, instead of redundancy system. In that sense, I would set my VMs to be placed wherever zone that has available resources prioritizing the ones closer to, lets say, us-central1-f.
Then, reading the discussion on the Google Group I found a feature that caught my attentions which is the ANY distribution method for Managed Instance Groups. It seems that this feature does exactly what I need - the zone fallback.
So, my question: Does the ANY distribution method resolve my issue? Can I use it for GKE Node Pools? If not, is there any other solution other than using multiple zones?
It is possible to get a regional (i.e. multi-zonal) GKE deployment, however this will use multiple zonal MIGs as the underlying compute layer. So technically speaking you will not use the ANY distribution method, but you should achieve pretty much the same result.

Zabbix: filter discovery action by IP address

I'm currently monitoring several routers I have in my network with Zabbix 3.4.4. I'm now adding them manually but I'd like to use the discovery feature to do this automatically. The problem I have is that I need to monitor only the router, and not all other hosts on the net.
For example: I have a discovery rule for 10.0.0.0/16, I add a new network 10.0.10.0/24 which has several hosts, but I want to monitor only 10.0.10.1. Sadly being routers and from different manufacturers I cannot test services or responses, I can rely on ping only.
From what I see in the Action options there's no way to filter for such option, am I right? Is there any other way to filter hosts IPs so that I can add Zabbix monitoring only to router's IPs?
It seems like the benefit of repeatedly scanning the whole subnet just to find a small number of hosts is just not there. I'd suggest looking into creating those hosts via API instead.
Having said that, a range of 10.0.0-255.1 might work, and also reduce your network traffic significantly.

Solution for 1 GCP network-to-many GCP networks VPN topologies that addresses internal IP ambiguity

I have a problem where our firm has many GCP projects, and I need to expose services on my project to these distinct GCP projects. Firewalling in individual IPs isn't really sustainable, as we dynamically spin up and tear down hundreds of GCE VMs a day.
I've successfully joined a network from my project to another project via GCP's VPN, but I'm not sure what the best practice should be joining multiple networks to my single network, especially since most of the firm has the same default internal address subnetwork range for the project's default network. I understand that doing it the way that I am will probably work (it's unclear if it'll actually reach the right network, though), but this creates a huge ambiguity in terms of IP collisions, where potentially two VMs could exists in separate networks and have the same internal IP.
I've read that outside of the cloud, most VPNs support NAT remapping, which seems to let you remap the internal IP space of the remote peer's subnet (like, 10.240.* to 11.240.*), such that you can never have ambiguity from the peer doing the remapping.
I also know that Cloud Router may be an option, but it seems like a solution to a very specific problem that doesn't fully encompass this one: dynamically adding and removing subnets to the VPN.
Thanks.
I think you will need to utilize the custom subnet mode network (non-default), specify non-overlapping IP ranges for the networks to avoid collision. See "Creating a new network with custom subnet ranges" in this doc: https://cloud.google.com/compute/docs/subnetworks#networks_and_subnetworks

Easy way to NAT compute engine instances

I assume the support for NAT is already available with the routing and networking available in compute engine? Looking for some easy to read documentation and commands to setup a situation where either one instance acts as a router and other instances can use that to access the public internet. Another scenario I'm looking for is how to make instances with no external IP address be able to access the internet. Is there a gcutil friendly way of scripting this up?
It sounds like you're looking for the Routes Collection. For your first case, the examples should show you how one instance can act as a gateway for other instances by setting a route for the internal nodes to use the gateway as a "next hop" for their traffic.
For your second scenario, there is a caveat listed that "Currently, any packets sent to the Internet must be sent by an instance that has an external IP address. If you create a route that sends packets to the Internet from a particular instance, that instance must also have an external IP. If you create a route that sends packets to the Internet gateway, but the source instance doesn't have an external IP address, the packet will be dropped."

Haproxy + keepalived in google compute engine

I'm really new with this technology, and I can't found information regarding this.
I'm trying to migrate a cluster solution to google compute engine, creating 4 webservers with a loadbancer.
I was thinking to use haproxy and keepalived, but is this possible? can I request a VIP?
I didn't see the option to request a VIP.
Thank you
You can reserve an IP address, and then add it to an instance when you launch it.
In GCE, those are called "Reserved IP Addresses", the documentation shows how you reserve them and assign them.