TransWikia.com

Is it possible to consume public artifacts on GCP Storage when VPC Service Perimeter is used and GCP Storage API is restricted?

Server Fault Asked by bcubk on November 4, 2021

Community,

currently I’m installing BOSH/Cloud Foundry in a VPC with an active VPC Service Perimeter. This Perimeter is used to restrict the GCP Storage API to permit external access to GCP Storage buckets.

My problem is that BOSH is using the bosh-gce-light-stemcell as default image. This image is stored in a public accessible GCP Storage bucket (here https://storage.googleapis.com/bosh-gce-raw-stemcells/bosh-stemcell-621.77-google-kvm-ubuntu-xenial-go_agent-raw-1594663662.tar.gz)

I get following error message:

result":null,"error":{"type":"Bosh::Clouds::CloudError","message":"Creating stemcell: Creating Google Image from URL: Failed to create Google Image: googleapi: Error 403: Request is prohibited by organization's policy.}

My question: Is is possible to consume artifacts outside of the Service Perimeter? If yes, what has to be done?

Update:
I’ve solved it by triggering the BOSH-Deployment outside of the perimeter. This consumes all required Stemcells and install BOSh in the restricted enviroment.

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP