Enable GCP global access (#385)

* Initial draft

* Apply suggestion from automated review

* DOC-1307 Cloud API: ensure that Create Network request examples conform to new schema

* Update modules/networking/pages/byoc/gcp/enable-global-access.adoc

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Apply suggestions from automated review

* Apply suggestions from review

* Apply suggestions from automated review

* Add new doc to nav tree

* Use collapsible code blocks to make doc more scannable

* Apply suggestions from code review

Co-authored-by: Michele Cyran <michele@redpanda.com>

* Suggestions from review

* Doc intro already includes link to BYOC architecture

* Apply suggestions from automated review

* Minor edit

* Fix note for private service connect

* Missed from review

* Apply suggestions from code review

Co-authored-by: Michele Cyran <michele@redpanda.com>

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Michele Cyran <michele@redpanda.com>

Author: 3 people

modules/ROOT/nav.adoc

@@ -39,6 +39,7 @@
 **** xref:networking:byoc/gcp/vpc-peering-gcp.adoc[Add a Peering Connection]
 **** xref:networking:configure-private-service-connect-in-cloud-ui.adoc[Configure Private Service Connect in the Cloud UI]
 **** xref:networking:gcp-private-service-connect.adoc[Configure Private Service Connect with the Cloud API]
+**** xref:networking:byoc/gcp/enable-global-access.adoc[Enable Global Access]
 ** xref:networking:dedicated/index.adoc[Dedicated]
 *** xref:networking:dedicated/aws/index.adoc[AWS]
 **** xref:networking:dedicated/aws/vpc-peering.adoc[Add a Peering Connection]

modules/get-started/pages/cluster-types/byoc/gcp/create-byoc-cluster-gcp.adoc

@@ -6,7 +6,7 @@ To create a Redpanda cluster in your virtual private cloud (VPC), follow the ins
 
 NOTE: With standard BYOC clusters, Redpanda manages security policies and resources for your VPC, including subnetworks, service accounts, IAM roles, firewall rules, and storage buckets. For the highest level of security, you can manage these resources yourself with a xref:get-started:cluster-types/byoc/gcp/vpc-byo-gcp.adoc[BYOVPC cluster on GCP].
 
-See also: xref:get-started:cloud-overview.adoc#redpanda-cloud-architecture[Redpanda Cloud architecture].
+If your clients need to connect from different GCP regions than where your cluster will be deployed, you must enable global access during cluster creation using the Cloud API. To create a BYOC cluster with global access enabled, see xref:networking:byoc/gcp/enable-global-access.adoc[Enable Global Access].
 
 == Create a BYOC cluster
 

modules/get-started/pages/cluster-types/byoc/gcp/vpc-byo-gcp.adoc

@@ -12,6 +12,8 @@ When you create a BYOVPC cluster, you specify your VPC and service account. The
 * You maintain more control of your Google Cloud account, because Redpanda requires fewer permissions than standard BYOC clusters.
 * You control your security resources and policies, including subnets, service accounts, IAM roles, firewall rules, and storage buckets.
 
+If your clients need to connect from different GCP regions than where your cluster will be deployed, you must enable global access during cluster creation. To create a BYOVPC cluster with global access enabled, see xref:networking:byoc/gcp/enable-global-access.adoc[Enable Global Access].
+
 == Prerequisites
 
 * A standalone GCP project is recommended. If your host project (where your VPC project is created) and your service project (where your Redpanda cluster is created) are in different projects, you must first provision a shared VPC in Google Cloud. For more information, see the https://cloud.google.com/vpc/docs/provisioning-shared-vpc[Google shared VPC documentation^]. 

modules/manage/partials/controlplane-api.adoc

@@ -90,7 +90,9 @@ Create a resource group by making a POST request to the xref:api:ROOT:cloud-cont
 curl -H 'Content-Type: application/json' \
 -H "Authorization: Bearer <token>" \
 -d '{
-  "name": "<resource-group-name>"
+  "resource_group": {
+    "name": "<resource-group-name>"
+  }
 }' -X POST https://api.redpanda.com/v1/resource-groups
 ----
 
@@ -107,27 +109,33 @@ ifdef::env-dedicated[]
 ----
 curl -d \
 '{
-  "cidr_block": "10.0.0.0/20",
-  "cloud_provider": "CLOUD_PROVIDER_GCP",
-  "cluster_type": "TYPE_DEDICATED",
-  "name": "<network-name>",
-  "resource_group_id": "<resource-group-id>",
-  "region": "us-west1"
-}' -H "Authorization: Bearer <token>" -X POST https://api.redpanda.com/v1/networks 
+  "network": {
+    "cidr_block": "10.0.0.0/20",
+    "cloud_provider": "CLOUD_PROVIDER_GCP",
+    "cluster_type": "TYPE_DEDICATED",
+    "name": "<network-name>",
+    "resource_group_id": "<resource-group-id>",
+    "region": "us-west1"
+  }
+}' -H "Content-Type: application/json" \
+-H "Authorization: Bearer <token>" -X POST https://api.redpanda.com/v1/networks 
 ----
 endif::[]
 ifdef::env-byoc[]
 [,bash]
 ----
 curl -d \
 '{
-  "cidr_block": "10.0.0.0/20",
-  "cloud_provider": "CLOUD_PROVIDER_GCP",
-  "cluster_type": "TYPE_BYOC",
-  "name": "<network-name>",
-  "resource_group_id": "<resource-group-id>",
-  "region": "us-west1"
-}' -H "Authorization: Bearer <token>" -X POST https://api.redpanda.com/v1/networks 
+  "network": {
+    "cidr_block": "10.0.0.0/20",
+    "cloud_provider": "CLOUD_PROVIDER_GCP",
+    "cluster_type": "TYPE_BYOC",
+    "name": "<network-name>",
+    "resource_group_id": "<resource-group-id>",
+    "region": "us-west1"
+  }
+}' -H "Content-Type: application/json" \
+-H "Authorization: Bearer <token>" -X POST https://api.redpanda.com/v1/networks 
 ----
 endif::[]
 
@@ -142,51 +150,57 @@ ifdef::env-dedicated[]
 ----
 curl -d \
 '{
-  "cloud_provider": "CLOUD_PROVIDER_GCP",
-  "connection_type": "CONNECTION_TYPE_PUBLIC",
-  "name": "my-new-cluster",
-  "resource_group_id": "<resource-group-id>",
-  "network_id": "<network-id>",
-  "region": "us-west1",
-  "throughput_tier": "tier-1-gcp-um4g",
-  "type": "TYPE_DEDICATED",
-  "zones": [
-    "us-west1-a",
-    "us-west1-b",
-    "us-west1-c"
-  ],
-  "cluster_configuration": {
-      "custom_properties": {
-        "audit_enabled":true
-      }
+  "cluster": {
+    "cloud_provider": "CLOUD_PROVIDER_GCP",
+    "connection_type": "CONNECTION_TYPE_PUBLIC",
+    "name": "my-new-cluster",
+    "resource_group_id": "<resource-group-id>",
+    "network_id": "<network-id>",
+    "region": "us-west1",
+    "throughput_tier": "tier-1-gcp-um4g",
+    "type": "TYPE_DEDICATED",
+    "zones": [
+      "us-west1-a",
+      "us-west1-b",
+      "us-west1-c"
+    ],
+    "cluster_configuration": {
+        "custom_properties": {
+          "audit_enabled":true
+        }
+    }
   }
-}' -H "Authorization: Bearer <token>" -X POST https://api.redpanda.com/v1/clusters
+}' -H "Content-Type: application/json" \
+-H "Authorization: Bearer <token>" -X POST https://api.redpanda.com/v1/clusters
 ----
 endif::[]
 ifdef::env-byoc[]
 [,bash]
 ----
 curl -d \
 '{
-  "cloud_provider": "CLOUD_PROVIDER_GCP",
-  "connection_type": "CONNECTION_TYPE_PUBLIC",
-  "name": "my-new-cluster",
-  "resource_group_id": "<resource-group-id>",
-  "network_id": "<network-id>",
-  "region": "us-west1",
-  "throughput_tier": "tier-1-gcp-um4g",
-  "type": "TYPE_BYOC",
-  "zones": [
-    "us-west1-a",
-    "us-west1-b",
-    "us-west1-c"
-  ],
-  "cluster_configuration": {
-    "custom_properties": {
-      "audit_enabled":true
+  "cluster": {
+    "cloud_provider": "CLOUD_PROVIDER_GCP",
+    "connection_type": "CONNECTION_TYPE_PUBLIC",
+    "name": "my-new-cluster",
+    "resource_group_id": "<resource-group-id>",
+    "network_id": "<network-id>",
+    "region": "us-west1",
+    "throughput_tier": "tier-1-gcp-um4g",
+    "type": "TYPE_BYOC",
+    "zones": [
+      "us-west1-a",
+      "us-west1-b",
+      "us-west1-c"
+    ],
+    "cluster_configuration": {
+      "custom_properties": {
+        "audit_enabled":true
+      }
     }
   }
-}' -H "Authorization: Bearer <token>" -X POST https://api.redpanda.com/v1/clusters
+}' -H "Content-Type: application/json" \
+-H "Authorization: Bearer <token>" -X POST https://api.redpanda.com/v1/clusters
 ----
 endif::[]
 

modules/networking/pages/aws-privatelink.adoc

@@ -59,12 +59,14 @@ REGION=<aws_region>
 
 NETWORK_POST_BODY=`cat << EOF
 {
-    "cloud_provider": "CLOUD_PROVIDER_AWS",
-    "cluster_type": "TYPE_BYOC",
-    "name": "<my-private-link-network>",
-    "cidr_block": "<10.0.0.0/20>",
-    "resource_group_id": "$RESOURCE_GROUP_ID",
-    "region": "$REGION"
+    "network": {
+        "cloud_provider": "CLOUD_PROVIDER_AWS",
+        "cluster_type": "TYPE_BYOC",
+        "name": "<my-private-link-network>",
+        "cidr_block": "<10.0.0.0/20>",
+        "resource_group_id": "$RESOURCE_GROUP_ID",
+        "region": "$REGION"
+    }
 }
 EOF`
 
@@ -95,19 +97,21 @@ In the example below, make sure to set your own values for the following fields:
 ----
 CLUSTER_POST_BODY=`cat << EOF
 {
-    "cloud_provider": "CLOUD_PROVIDER_AWS",
-    "connection_type": "CONNECTION_TYPE_PRIVATE",
-    "name": "<my-private-link-cluster>",
-    "resource_group_id": "$RESOURCE_GROUP_ID",
-    "network_id": "$NETWORK_ID",
-    "region": "$REGION",
-    "zones": [ <zones> ],
-    "throughput_tier": "<tier>",
-    "type": "<type>",
-    "aws_private_link": {
-        "enabled": true,
-        "connect_console": true,
-        "allowed_principals": ["<principal_1>","<principal_2>"]
+    "cluster": {
+        "cloud_provider": "CLOUD_PROVIDER_AWS",
+        "connection_type": "CONNECTION_TYPE_PRIVATE",
+        "name": "<my-private-link-cluster>",
+        "resource_group_id": "$RESOURCE_GROUP_ID",
+        "network_id": "$NETWORK_ID",
+        "region": "$REGION",
+        "zones": [ <zones> ],
+        "throughput_tier": "<tier>",
+        "type": "<type>",
+        "aws_private_link": {
+            "enabled": true,
+            "connect_console": true,
+            "allowed_principals": ["<principal_1>","<principal_2>"]
+        }
     }
 }
 EOF`

modules/networking/pages/azure-private-link.adoc

@@ -80,12 +80,14 @@ REGION=<azure-region>
 
 NETWORK_POST_BODY=`cat << EOF
 {
-    "cloud_provider": "CLOUD_PROVIDER_AZURE",
-    "cluster_type": "<cluster-type>",
-    "name": "<network-name>",
-    "cidr_block": "<10.0.0.0/20>",
-    "resource_group_id": "$RESOURCE_GROUP_ID",
-    "region": "$REGION"
+    "network": {
+        "cloud_provider": "CLOUD_PROVIDER_AZURE",
+        "cluster_type": "<cluster-type>",
+        "name": "<network-name>",
+        "cidr_block": "<10.0.0.0/20>",
+        "resource_group_id": "$RESOURCE_GROUP_ID",
+        "region": "$REGION"
+    }
 }
 EOF`
 
@@ -114,19 +116,21 @@ In the following example, make sure to set your own values for the following fie
 ----
 CLUSTER_POST_BODY=`cat << EOF
 {
-  "cloud_provider": "CLOUD_PROVIDER_AZURE",
-  "connection_type": "CONNECTION_TYPE_PRIVATE",
-  "name": "<name>",
-  "resource_group_id": "$RESOURCE_GROUP_ID",
-  "network_id": "$NETWORK_ID",
-  "region": "$REGION",
-  "throughput_tier": "<tier>",
-  "type": "<type>",
-  "zones": [ <zones> ],
-  "azure_private_link": { 
-      "allowed_subscriptions": ["$SOURCE_CONNECTION_SUBSCRIPTION_ID"],
-      "enabled": true,
-      "connect_console": true
+  "cluster": {
+    "cloud_provider": "CLOUD_PROVIDER_AZURE",
+    "connection_type": "CONNECTION_TYPE_PRIVATE",
+    "name": "<name>",
+    "resource_group_id": "$RESOURCE_GROUP_ID",
+    "network_id": "$NETWORK_ID",
+    "region": "$REGION",
+    "throughput_tier": "<tier>",
+    "type": "<type>",
+    "zones": [ <zones> ],
+    "azure_private_link": { 
+        "allowed_subscriptions": ["$SOURCE_CONNECTION_SUBSCRIPTION_ID"],
+        "enabled": true,
+        "connect_console": true
+    }
   }
 }
 EOF`