Google Kubernetes Engine Clusters
Configuring and Managing Firewall Rules
The course is part of these learning paths
This course explores how to implement virtual private clouds on the Google Cloud Platform. It starts off with an overview, where you'll be introduced to the key concepts and components that make up a virtual private cloud.
After covering basic VPC concepts and components, we'll dive into peering VPCs, shared VPCs, and VPC flow logs, including a hands-on demonstration of how to configure flow logs. We’ll also look at routing and network address translation, before moving on to Google Kubernetes Engine clusters. We’ll cover VPC-native clusters and alias IPs, as well as clustering with shared VPCs.
You’ll learn how to add authorized networks for GKE cluster master access and we finish off by looking at firewall rules. We’ll cover network tags, service accounts, and the importance of priority. You’ll also learn about ingress rules, egress rules, and firewall logs.
If you have any feedback related to this course, feel free to contact us at firstname.lastname@example.org.
- Get a foundational understanding of virtual private clouds on GCP
- Learn about VPC peering and sharing
- Learn about VPC flow logs and how to configure them
- Learn about routing in GCP and how to configure a static route
- Understand the pros and cons of VPC-native GKE clusters
- Learn about cluster network policies
- Understand how to configure and manage firewall rules in GPC
This course is intended for anyone who wants to learn how to implement virtual private clouds on the Google Cloud Platform.
To get the most from this course, you should already have experience with the public cloud and networking, as well as an understanding of GCP architecture.
Hello and welcome back. This demonstration here is going to be really, really short, all I'm going to do here is show you how to enable VPC flow logs for an existing subnet, it's a pretty straightforward process, but I wanna make sure you know how to do it in case you run into this on an exam, or if you have to do something in a production environment.
So, on the screen here, I'm logged into my console with my admin account, and I'm in the VPC network section. Again, to get to VPC network, hamburger, scroll down, networking, VPC network, VPC networks. So what we'll do is we'll enable the VPC flow logs for our subnet in the network A VPC network.
So what we'll do here is scroll down, and under the network A VPC network, we can see I have my subnet. So what we'll do here is we'll select my subnet, and then we'll edit the subnet. We can see here that flow logs are currently off. So we'll go ahead and click edit, and then under flow logs we simply enable flow logs.
We can see here that turning on VPC flow logs won't affect our performance, but can generate a large number of logs, obviously. If we select the dropdown here for configure logs, we can see we can set our aggregation interval, we hover over the icon here, we can see that flow logs are a collection of observed packets, we talked about this earlier.
This aggregation interval here is the time interval that the flow log will collect log captures over. Hovering over the little icon here for additional fields gives us information on the metadata. We can see that, by default, metadata is added to your flow logs, but you can reduce the log size by removing that metadata.
We'll leave our metadata here, and we'll go ahead and click save. And now we see our flow logs are turned on for the mysubnet subnet in the network A VPC network. We can then view our flow logs here. Now these logs are viewed using the operations logging inside of Google Cloud Platform, and as I mentioned earlier, you could then export these logs if you needed to.
For this demonstration here, I don't have anything going on, I have an empty virtual network, and an empty subnet, I have nothing connected to it, so we're not gonna see anything in our logs. But that's pretty much it, that's how you go about enabling VPC flow logs for a specific subnet in Google Cloud Platform.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.