Google Kubernetes Engine Clusters
Configuring and Managing Firewall Rules
The course is part of these learning paths
This course explores how to implement virtual private clouds on the Google Cloud Platform. It starts off with an overview, where you'll be introduced to the key concepts and components that make up a virtual private cloud.
After covering basic VPC concepts and components, we'll dive into peering VPCs, shared VPCs, and VPC flow logs, including a hands-on demonstration of how to configure flow logs. We’ll also look at routing and network address translation, before moving on to Google Kubernetes Engine clusters. We’ll cover VPC-native clusters and alias IPs, as well as clustering with shared VPCs.
You’ll learn how to add authorized networks for GKE cluster master access and we finish off by looking at firewall rules. We’ll cover network tags, service accounts, and the importance of priority. You’ll also learn about ingress rules, egress rules, and firewall logs.
If you have any feedback related to this course, feel free to contact us at firstname.lastname@example.org.
- Get a foundational understanding of virtual private clouds on GCP
- Learn about VPC peering and sharing
- Learn about VPC flow logs and how to configure them
- Learn about routing in GCP and how to configure a static route
- Understand the pros and cons of VPC-native GKE clusters
- Learn about cluster network policies
- Understand how to configure and manage firewall rules in GPC
This course is intended for anyone who wants to learn how to implement virtual private clouds on the Google Cloud Platform.
To get the most from this course, you should already have experience with the public cloud and networking, as well as an understanding of GCP architecture.
Hello, and welcome to Cluster Network Policies. In this lesson, we’ll take a look at the steps to take and considerations to think about when creating cluster network policies in GKE.
Network policy enforcement, in GKE, is used to manage the communications between the pods and services among your clusters. You use the Kubernetes Network Policy to create the Pod-level firewall rules that make up your network policies. The firewall rules control which pods and services within a cluster can talk to each other.
A typical use case for a cluster network policy would be a scenario where you wish to protect a cluster that’s serving a multi-level application. For example, what you could do is create a network policy that ensures that the customer-facing front end of an application cannot talk directly to the accounting piece of the application. This protects the accounting piece from a front-end that gets compromised.
Before using network policies, you need to enable network policy enforcement for your cluster. There are two ways to this. You can enable it while creating the cluster or you can enable it for an existing cluster. To enable network policy enforcement when creating a new cluster, all you need to do is click “Networking” under the Cluster section in the navigation pane. From there, you can check the “Enable Network Policy” box before completing the cluster deployment. Enabling network policy enforcement for an existing cluster is just as easy. Simply edit the cluster you want to enable policy enforcement for and then change the “network policy for master” dropdown to “Enabled” and save your settings. Once you’ve done that, edit the cluster again and select “Enabled” from the “Network policy for nodes” dropdown.
After you’ve gone ahead and enabled network policy enforcement for the cluster, you can define the network policy for it using the Kubernetes Network Policy API.
Visit the URL on your screen for the latest official documentation from Kubernetes on declaring network policies: https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.