Configuring Kubernetes Clusters
Configuring Firewall Rules
The course is part of this learning path
This course guides you through the key steps to configure a Google Cloud Platform virtual private cloud (VPC), which allows you to connect your GCP services with one another securely.
After a brief introduction, the course begins with how to set up and configure VPCs, including VPC peering and shared VPC. You'll learn how to configure routes, set up cloud NAT (network address translation), and configure VPC-native clusters in Kubernetes, before rounding off the course by looking at VPC firewalls. The topics in this course are accompanied by demonstrations on the platform in order to show you how these concepts apply to real-world scenarios.
If you have any feedback, questions, or queries relating to this course, please feel free to contact us at firstname.lastname@example.org.
- Configure Google Cloud Platform VPC resources
- Configure VPC peering and API access
- Create shared VPCs
- Configure internal static and dynamic routing, as well as NAT
- Configure and maintain Google Kubernetes Engine clusters
- Configure and maintain VPC firewalls
This course is intended for:
- Individuals who want to learn more about Google Cloud networking, who may also have a background in cloud networking with other public cloud providers
- Individuals who simply want to widen their knowledge of cloud technology in general
To get the most from this course, you should already have experience in public cloud and networking as well as an understanding of GCP architecture.
Okay, welcome to the demo of internal static routing and dynamic routing. Now what we're gonna do here, we're gonna zoom in real quick, and we're gonna show you exactly how easy it is to set up a static route and a dynamic route.
Now we're gonna go to VPC network and we're going to click on Routes. And in here setting up a route, we're just gonna click on Create Route at the top. And this new route I'll call it route-one. And we're gonna choose, we'll just leave it at the default network. And then, for instance, with this, we're gonna use a destination IP range. I'm just gonna put in the one they have displayed here on the screen.
Ideally, you're gonna put in the actual route that you want your destination, where your destination traffic is going. So if you have an instance that's sending traffic internal to your network to another instance, that's the address range you would put in. After that, you would then choose the priority, and the higher the number, the lower the priority.
And then at the bottom here on Instance tags option, you have the ability to apply this route to the instance based on the tag. So to put that in an easier, say that a little bit easier is you can put, I'll put a name in here, I'll just say VPC-route. And if I put VPC-route on my Compute Engine VM instance, this rule here that I'm creating, this route rule will apply to that instance.
And then from there, the next hop, it could be another IP address, it could be a VPN tunnel, it could be a load balancer, or it could just go to the default internet. So if I hit Create, depending on, as you see I did it real quick, what instance you have set up, or you'll see that some of the route descriptions, I didn't put one in, but you'll see it's set up, and just like that, that's how easy it is to create a route.
For the next part, this is the real fun one with dynamic routing. So with a dynamic route, that's gonna allow your instances to automatically learn all the routes from either globally or regionally. So when we look at creating a VPC, I'll just call this new-vpc, we're gonna go down, and I'll make it automatic just to keep this simple, and you see the automatic firewall rules that have been created, but down here at the bottom, the last option, you're gonna have a dynamic routing mode or regional.
Now regional is default, but the key thing with that is, any new routes that you add, VPCs or instances or things of that nature, it's only gonna learn in the region they're created. If you do global, it's gonna learn all over the world globally. So basically routes and regions from all over the world from a single VPN interconnect the cloud router. And we'll talk a little bit more about those things later on in the overall big course of just the networking, Professional Networking Engineer Exam, that it's gonna be featured heavily on just interconnect, VPNs, load balancing.
But if you want your stuff, all your resources, your instances, if you want all that stuff to be communicating very seamlessly, you're gonna wanna choose the global dynamic route because if you don't do that, it's gonna give yourself more work by doing regional.
So once we do that, we're gonna hit Create, and then as you could see down here at the bottom, it's gonna be creating, but let's go back to the default network really quick. As you could see there's global dynamic routing, it's off at the top.
So, in this case, any time I use something that's gonna be using this network, this VPC, it's not gonna automatically learn the new routes. If I connect it to another cloud router and I added a whole bunch of instances there, it will not learn or won't be able to recognize any of those resources unless I manually put in those static routes. So hopefully that makes sense. Let's jump on to the next section.
About the Author
Mark has many years of experience working with Google Cloud Platform and also holds eight GCP certifications.