SSH and networking configuration is inherited by child namespaces at which point it may be overridden (see: configuration inheritance).
Here we show a simple two-network GCP setup, where both inherit part of their networking configuration from their parent namespace.
Below can be seen an example network.yml configuration. The “gcp:prod: and “gcp:dev” namespaces both inherit elements of their network configuration from the parent “gcp” collection, then override that configuration with their own authentication scheme (a service account for one, OAuth 2.0 for the other) and their own network filters.
--- wbz: type: collection description: Entire WBZ estate wbz:gcp: type: collection description: WBZ gcp estate network: type: gcp project: wbznet service_scopes: - https://www.googleapis.com/auth/compute.readonly - https://www.googleapis.com/auth/cloud-platform wbz:gcp:prod: type: inventory description: GCP Production ssh_settings: proxy: - host_lookup: by_bcome_namespace namespace: gcp:prod:bastion network: filters: status:running AND labels.environment=prod-net authentication_scheme: oauth secrets_filename: wbz-net-oauth-secrets.json zone: europe-west1-b wbz:gcp:dev: type: inventory description: GCP Production ssh_settings: proxy: - host_lookup: by_bcome_namespace namespace: gcp:dev:bastion network: filters: status:running AND labels.environment=dev-net authentication_scheme: service_account service_account_credentials: service-account.json zone: europe-west1-c
Any SSH or network configuration may be defined in this way.