Hey,
we are using the GCP plugin to start worker at GCP which is working fine. However, we currently have to use the “external IP” setting to successfully build with this agents. We are now requested to limit the list of the potential IPs so we would like to use Cloud NAT.
Since there is only limited documentation I try to find some help here 
I successfully created a NAT and it’s possible to connect to the outside world from a VM using this network/subnet. I created a test configuration in Jenkins (no external IP) which also successfully spawns a VM with the selected network/subnet but it looks like there is something missing here, since the VM itself starts, but Jenkins can not start the agent.
Does anybody know how the GCE plugin works exactly when spawning an agent (how does it transfer the JAR file for example) or which ports (in which direction) are required?
Thank you!