Default VPC Network In Use
01 Run compute networks create command (Windows/macOS/Linux) to create a custom (non-default) Virtual Private Cloud (VPC) network within the GCP project referenced as value for the –project parameter:
gcloud compute networks create cc-custom-vpc-network --project cc-production-app-123123 --subnet-mode=custom --bgp-routing-mode=regional
02 The command output should return the configuration metadata available for the newly created VPC network:
Created [https://www.googleapis.com/compute/v1/projects/cc-production-app-123123/global/networks/cc-custom-vpc-network]. NAME SUBNET_MODE BGP_ROUTING_MODE IPV4_RANGE GATEWAY_IPV4 cc-custom-vpc-network CUSTOM REGIONAL Instances on this network will not be reachable until firewall rules are created. As an example, you can allow all internal traffic between instances as well as SSH, RDP, and ICMP by running: $ gcloud compute firewall-rules create <FIREWALL_NAME> --network cc-custom-vpc-network --allow tcp,udp,icmp --source-ranges <IP_RANGE> $ gcloud compute firewall-rules create <FIREWALL_NAME> --network cc-custom-vpc-network --allow tcp:22,tcp:3389,icmp
03 Run compute networks subnets create command (Windows/macOS/Linux) to create and attach a custom subnet to the VPC network created at the previous steps. The following command example creates a VPC network subnet named “cc-europe-west2-subnet”, in the London, UK (europe-west2) region with the primary IP address range set to 10.0.0.0/24. Use the compute networks subnets create command to create as many VPC subnets as you want:
gcloud compute networks subnets create cc-europe-west2-subnet --network=cc-custom-vpc-network --range=10.0.0.0/24 --region=europe-west2
04 The command output should return the VPC subnet configuration metadata:
Created [https://www.googleapis.com/compute/v1/projects/cc-production-app-123123/regions/europe-west2/subnetworks/cc-europe-west2-subnet]. NAME REGION NETWORK RANGE cc-europe-west2-subnet europe-west2 cc-custom-vpc-network 10.0.0.0/24
05 Run compute firewall-rules create command (Windows/macOS/Linux) to create the necessary firewall rules for your new, non-default Virtual Private Cloud (VPC) network. Firewall rules control incoming and/or outgoing traffic to GCP resources such as VM instances. The following command example creates a firewall rule that allows inbound traffic to all VM instances deployed within the VPC network through TCP port 80 (HTTP) and 443 (HTTPS):
gcloud compute firewall-rules create allow-http-https-traffic --network cc-custom-vpc-network --allow tcp:80,tcp:443 --direction ingress --source-ranges 0.0.0.0/0 --enable-logging
06 The command output should return the VPC firewall rule configuration metadata:
Created [https://www.googleapis.com/compute/v1/projects/cc-production-app-123123/global/firewalls/allow-https-traffic]. NAME NETWORK DIRECTION PRIORITY ALLOW DENY DISABLED allow-http-https-traffic cc-custom-vpc-network INGRESS 1000 tcp:80, tcp:443 False
07 (Optional) Now you can migrate your cloud applications from the default VPC network to the newly created non-default VPC network.
08 Once the default Virtual Private Cloud (VPC) network is not in use anymore, it is safe remove it from your GCP project. Before you can delete a VPC network, you must delete all GCP resources in all of its subnets, and all the resources that reference the network. Resources that reference the network include Cloud VPN gateways, Cloud Routers, firewall rules, and custom static routes. For example, run compute firewall-rules delete command (Windows/macOS/Linux) to delete a firewall rule named “default-allow-rdp” from the default VPC network:
gcloud compute firewall-rules delete default-allow-rdp
09 The compute firewall-rules delete command request should ask you for confirmation. Type Y to confirm the removal action. Once removed, the command output should return the ID of the deleted rule:
The following firewalls will be deleted: - [default-allow-rdp] Do you want to continue (Y/n)? Y Deleted [https://www.googleapis.com/compute/v1/projects/cc-production-app-123123/global/firewalls/default-allow-rdp].
10 Run compute networks delete command (Windows/macOS/Linux) to remove the default Virtual Private Cloud (VPC) network from the selected GCP project:
gcloud compute networks delete default
11 The compute networks delete command request should ask you for confirmation. Type Y to confirm the removal action. Once the resource is deleted, the command output should return the ID of the removed VPC network:
The following networks will be deleted: - [default] Do you want to continue (Y/n)? Y Deleted [https://www.googleapis.com/compute/v1/projects/cc-production-app-123123/global/networks/default].
12 Repeat steps no. 1 – 11 for each GCP project available within your Google Cloud account.