Google Kubernetes Engine Clusters
Configuring and Managing Firewall Rules
The course is part of these learning paths
This course explores how to implement virtual private clouds on the Google Cloud Platform. It starts off with an overview, where you'll be introduced to the key concepts and components that make up a virtual private cloud.
After covering basic VPC concepts and components, we'll dive into peering VPCs, shared VPCs, and VPC flow logs, including a hands-on demonstration of how to configure flow logs. We’ll also look at routing and network address translation, before moving on to Google Kubernetes Engine clusters. We’ll cover VPC-native clusters and alias IPs, as well as clustering with shared VPCs.
You’ll learn how to add authorized networks for GKE cluster master access and we finish off by looking at firewall rules. We’ll cover network tags, service accounts, and the importance of priority. You’ll also learn about ingress rules, egress rules, and firewall logs.
If you have any feedback related to this course, feel free to contact us at firstname.lastname@example.org.
- Get a foundational understanding of virtual private clouds on GCP
- Learn about VPC peering and sharing
- Learn about VPC flow logs and how to configure them
- Learn about routing in GCP and how to configure a static route
- Understand the pros and cons of VPC-native GKE clusters
- Learn about cluster network policies
- Understand how to configure and manage firewall rules in GPC
This course is intended for anyone who wants to learn how to implement virtual private clouds on the Google Cloud Platform.
To get the most from this course, you should already have experience with the public cloud and networking, as well as an understanding of GCP architecture.
Hello and welcome back. In this brief demonstration, I just want to walk through the process of showing you how to peer two different VPC networks using the Google Cloud Platform Console here.
On the screen here, I'm logged into my console and I'm in my VPC network area. Now to get to this VPC network area, you simply select the hamburger in the upper left and then browse down under networking. And then we see VPC networks.
Now what we're going to do here, if we scroll down, you can see we have all kinds of networks here, this is our lab environment. If we scroll down, we have a network a and a network b. What we're going to do here is just peer these two networks. So the process for doing this is pretty straightforward.
In our left-hand menu here, we have an option here for VPC peering. So we'll go ahead and select VPC peering. And then what we got here is an option here to either learn more about VPC network pairing or we can create a connection. So we'll go ahead and create our connection. And at this point we'll need a couple pieces of information.
Essentially, we need to tell Google Cloud what networks we're going to peer. Now if we're going to peer with a VPC in a different project, we're going to need that project ID. We're not doing that here, both of our networks here are in the same project. And then of course we need the name of the VPC networks we're going to peer.
Now, as I mentioned in the lecture, we see here this note tells us that the subnet IP ranges in our peer networks cannot overlap. We went through that earlier. And in this case, our two networks are 19216800 and 10000. So we don't have any overlap problems. So we'll go ahead and click Continue here. And then we need to do is give our peering connection a name. I'm just going to call it my peering.
And then what we need to do is select the VPC network. We're building the peer four. So we'll select a and then we need to tell Google Cloud where our peer VPC network is, whether it's either in the Project Cloud-Academy-Content-Team which is the project for all of our labs or if we're going to go for a network in another project. Since everything's in the same project I'll leave it set for in Project Cloud-Academy. And then we'll select network b.
Now the dropdown here allows us to exchange custom routes, We're not gonna do any custom route importing or exporting if we hover over the icon here, we could see that by default a peering connection will exchange subnet routes only. So you're only gonna exchange those subnet routes so the peering knows how to communicate on both ends of that peer connection.
Now if we need to import or export custom routes that we've defined for either of these networks, we could do that here. We're not doing this, so we'll just go ahead and create the peer so we can see our peering has been created but we have an inactive status. And you'll see if we refresh here we still have an inactive, and that's because I need to create the peering on the other side.
So we'll go ahead and create another peering connection. I will just call it Myotherpeer, we'll select network b and then we'll peer to a. Again, everything's in project, we'll go ahead and create. And you can see once we've done that our status for that peer in connection now goes to active.
So like I said in the lecture earlier, when you create this peering connection you need to create the peer and connection on both ends. What we did here is we created the connection from a to b, but we still had that inactive, and that's because we hadn't connected from b back to a. Once we did the connection from b back to a we got that active status. So at this point, we now have an active VPC network pairing connection that allows machines that would be connected to network a to communicate with machines on network b and for machines on b to connect back to a.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.