Add rare care org loadbalancer policy forbid external https (#571)

Tested-by: zlq
GoogleCloudPlatform · Apr 15, 2024 · c989934 · c989934
1 parent c3b17e1
commit c989934
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/applications/jupyter/README.md b/applications/jupyter/README.md
@@ -178,6 +178,7 @@ This example is adapted from Ray AIR's examples [here](https://docs.ray.io/en/la
 ## Auto Brand creation and IAP enablement
 
 **IMPORTANT** If you enable automatic brand creation, only `Internal` brand will be created, allowing only the users under the same org as the project to access the application.
+Make sure [Policy for Restrict Load Balancer Creation Based on Load Balancer Types](https://cloud.google.com/load-balancing/docs/org-policy-constraints) allows EXTERNAL_HTTP_HTTPS.
 
 Ensure that the following variables within `workloads.tfvars` are set:
 

diff --git a/applications/rag/README.md b/applications/rag/README.md
@@ -156,13 +156,14 @@ gcloud container clusters get-credentials ${CLUSTER_NAME} --location=${CLUSTER_L
 We recommend you configure authenticated access via IAP for your services.
 
 1) Make sure the [OAuth Consent Screen](https://developers.google.com/workspace/guides/configure-oauth-consent#configure_oauth_consent) is configured for your project. Ensure `User type` is set to `Internal`.
-2) Set the following variables in `workloads.tfvars`:
+2) Make sure [Policy for Restrict Load Balancer Creation Based on Load Balancer Types](https://cloud.google.com/load-balancing/docs/org-policy-constraints) allows EXTERNAL_HTTP_HTTPS.
+3) Set the following variables in `workloads.tfvars`:
     * `jupyter_add_auth = true`
     * `frontend_add_auth = true`
     * `ray_dashboard_add_auth = true`
-3) Allowlist principals for your services via `jupyter_members_allowlist`, `frontend_members_allowlist` and `ray_dashboard_members_allowlist`.
-4) Configure custom domains names via `jupyter_domain`, `frontend_domain` and `ray_dashboard_domain` for your services. 
-5) Configure DNS records for your custom domains:
+4) Allowlist principals for your services via `jupyter_members_allowlist`, `frontend_members_allowlist` and `ray_dashboard_members_allowlist`.
+5) Configure custom domains names via `jupyter_domain`, `frontend_domain` and `ray_dashboard_domain` for your services. 
+6) Configure DNS records for your custom domains:
     - [Register a Domain on Google Cloud Domains](https://cloud.google.com/domains/docs/register-domain#registering-a-domain) or use a domain registrar of your choice.
     - Set up your DNS service to point to the public IP
         * Run `terraform output frontend_ip_address` to get the public ip address of frontend, and add an A record in your DNS configuration to point to the public IP address.