You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 16, 2021. It is now read-only.
Then use a Shared VPC. We can run Vault in a separate project, the app project would then be the Host project, the Vault project is a Service project. Then there's no need for peering. For talking out to Datadog/Infura, we can define this in Cloud NAT.
Advantages:
Reduce attack surface by isolating the nodes from the internet
Simplifies project structure in development (only need one Vault project per project, rather than one Vault project per application cluster)
The text was updated successfully, but these errors were encountered:
With the current design, the Vault cluster isn't private and the nodes have external IP addresses:
This doesn't have to be so!
We can create a private cluster by adding this to the GKE cluster resource in Terraform:
Then use a Shared VPC. We can run Vault in a separate project, the app project would then be the Host project, the Vault project is a Service project. Then there's no need for peering. For talking out to Datadog/Infura, we can define this in Cloud NAT.
Advantages:
The text was updated successfully, but these errors were encountered: