This is a draft for collective inputs and decision; please feel free to state constraints and sound arguments in order for us to come up with the best network architecture.
Hereunder is the list of our objectives:
Objectives | Decision | Remarks |
|---|---|---|
Each environment e.g. Production, Development, Staging should be on a separate VPC and project folder i.e. the Host project. | ||
Shared VPC architecture will be implemented which is composed of one Host project and several Service projects. The Service projects uses a dedicated subnets in the shared VPC which is owned and maintained by the Host project. (Please see diagram) | We need to decide how to share subnets with service projects. We have the following two options:
| Important Note The communication between resources in service projects depends on the sharing policy adopted in the Shared VPC and on the firewall rules applied. |
Network IP Address Class A for each subnet on sharedvpc | Since we will be using shared VPC, it may be a good idea to have class A i.e. to serve large subnetworks. |
And here are some initial allocation of IP addresses for the Subnets(subject to change)
https://github.com/SafiBank/SaFiMono/blob/main/devops/docs/gcp_network_design.md
These IP allocations will change based on the folder structure we decide
Attachments:
image-20220509-005343.png (image/png)
image-20220509-010430.png (image/png)
image-20220510-133335.png (image/png)