Configuring Kubernetes Clusters
Configuring Firewall Rules
The course is part of this learning path
This course guides you through the key steps to configure a Google Cloud Platform virtual private cloud (VPC), which allows you to connect your GCP services with one another securely.
After a brief introduction, the course begins with how to set up and configure VPCs, including VPC peering and shared VPC. You'll learn how to configure routes, set up cloud NAT (network address translation), and configure VPC-native clusters in Kubernetes, before rounding off the course by looking at VPC firewalls. The topics in this course are accompanied by demonstrations on the platform in order to show you how these concepts apply to real-world scenarios.
If you have any feedback, questions, or queries relating to this course, please feel free to contact us at firstname.lastname@example.org.
- Configure Google Cloud Platform VPC resources
- Configure VPC peering and API access
- Create shared VPCs
- Configure internal static and dynamic routing, as well as NAT
- Configure and maintain Google Kubernetes Engine clusters
- Configure and maintain VPC firewalls
This course is intended for:
- Individuals who want to learn more about Google Cloud networking, who may also have a background in cloud networking with other public cloud providers
- Individuals who simply want to widen their knowledge of cloud technology in general
To get the most from this course, you should already have experience in public cloud and networking as well as an understanding of GCP architecture.
Okay, so for the next section here, what we're going to show you how to do is configure your routing policies using tags and how priorities work. So for the first thing we wanna look at is once we're under routes under the VPC network, you could scroll down here, and you can see from the default network, all of these routes that were created, and they're all using various ranges here, from the 10.128, 10.172. But as you can see, there's also a default route to the internet.
But what we're going to do, we're gonna click on Create Route. This is gonna allow us to select how we want our traffic to flow. But let's go back and just kind of look at some of our VPC networks real quick, and I'm gonna use this for an example.
So let's go ahead and create a route. And in this case, what we're gonna do is we're gonna create a route called, route-east, just gotta put a dash in there, and we're gonna go ahead and choose the network as the web-route. And for the destination IP range, let's just go ahead and do 10.0.0.0.
So any traffic that goes to that destination IP range is going to then have a next hop of the default internet. But before we do that, let's give it instance tag name of east-tag. And when you use an instance tag, what that allows you to do is apply firewall rules or routes to a Compute Engine VM instance directly. So it's really cool when you're creating an instance or you already have one created, you can apply this tag to apply any route or firewall rule directly to that instance.
The priority section means that when you are, the higher the number, the lower the priority. And the lower the number, the higher the priority. So the lower value takes precedence. So that's how you can determine which rules happen before other rules.
So the default is a thousand. And with that being said, let's go and hit Create. And as you can see, it's creating the route. And down here at the bottom, it's being created. Usually, it doesn't take too long to do and just like that, we have a new route created. And then real quick, I'm gonna show you what happens when we apply it to a Compute Engine instance.
Okay, so now we're in VM instances. We're gonna look at our instance one, and we're gonna go ahead and edit. And when we scroll down, you're gonna see these are network tags. So here, we can go ahead and type in east-tag, which is our same tag that we put in our route. And then once we do that, we'll go ahead and save. And while it's updating, what's gonna happen is that you're gonna also see this route.
Now it's gonna show you which instance to apply to. And just like that, you see it now says instance one is under the route-east, route rule or policy rather because of the instance tag that we've put into it. So instance tag there, and it's applied to instance one so hopefully that helps explain all how configuring routing and applying network tags and priorities work in GCP, on to the next section.
About the Author
Mark has many years of experience working with Google Cloud Platform and also holds eight GCP certifications.