Add support for creating Service Networking DNS Peers #782
Description
Checklist
- I did not find a related open enhancement request.
- I understand that enhancement requests filed in the GitHub repository are by default low priority.
- If this request is time-sensitive, I have submitted a corresponding issue with GCP support.
Describe the feature or resource
Due to organizational security policies, we are working to establish a deployment method for Vertex managed notebooks to be attached to a project VPC. However, config connector is currently not able to support creating a DNS peering for the service networking connection and thus we are not able to provide name resolution for custom DNS zones. We would like to have the following functionality added to config connector:
resource "google_service_networking_peered_dns_domain" "name" {
project = 10000000
name = "example-com"
network = "default"
dns_suffix = "example.com."
service = "peering-service"
}
Additional information
- https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_networking_peered_dns_domain
- https://cloud.google.com/vpc/docs/configure-private-services-access#dns-peering
gcloud services peered-dns-domains create testpeer \
--network=net1 \
--dns-suffix=test.com. \
--project=project_12345
Importance
This is currently a blocker as we need the ability to provide name resolution for managed notebooks which are connected to the project VPC via a service connection; per organizational security policy, managed notebook connections must be routed via our project VPC.
Additionally, the following organization policy is driving the need to connect a managed notebook to the project VPC as our security policies prohibit resources from having public IP:
- constraints/ainotebooks.restrictPublicIp