Configuring Kubernetes Clusters
Configuring Firewall Rules
The course is part of these learning paths
This course guides you through the key steps to configure a Google Cloud Platform virtual private cloud (VPC), which allows you to connect your GCP services with one another securely.
After a brief introduction, the course begins with how to set up and configure VPCs, including VPC peering and shared VPC. You'll learn how to configure routes, set up cloud NAT (network address translation), and configure VPC-native clusters in Kubernetes, before rounding off the course by looking at VPC firewalls. The topics in this course are accompanied by demonstrations on the platform in order to show you how these concepts apply to real-world scenarios.
If you have any feedback, questions, or queries relating to this course, please feel free to contact us at email@example.com.
- Configure Google Cloud Platform VPC resources
- Configure VPC peering and API access
- Create shared VPCs
- Configure internal static and dynamic routing, as well as NAT
- Configure and maintain Google Kubernetes Engine clusters
- Configure and maintain VPC firewalls
This course is intended for:
- Individuals who want to learn more about Google Cloud networking, who may also have a background in cloud networking with other public cloud providers
- Individuals who simply want to widen their knowledge of cloud technology in general
To get the most from this course, you should already have experience in public cloud and networking as well as an understanding of GCP architecture.
For the next video, what we're gonna demo to you is how to set up your very own VPC. We're gonna create one from scratch, we're gonna go through all the options, as well, so you have a firm understanding on what each option is within the VPC setup screen. And then after that, we're also gonna show you how you can reserve your own static IP address. And ultimately, what that means is if you want to have a specific IP address that you can assign to one of your virtual machine instances, or Kubernetes clusters, you can do that with the external IP address reservation.
Okay, so for this section, we're gonna go into the VPC network and when we do this, before we create a VPC, I wanna show you some of these options in here. So let's just say I'm gonna pick, I'll just give it a name, vm-nginx. And when you look at the subnets, you're gonna pick a name, and I'll just call it vm-nginx-sub. This is where things get really interesting in regards to your IP address ranges.
So, if I select a region in the east4 data center what you're gonna notice is you have to put in a full IP address range including the CIDR notation. So you can really choose how many IP addresses that you want available for that subnet. And what you also can do, so, for instance, I can do 10.0.0.0 and then we'll do like, let's say 24. And then after that, if you really wanna separate your applications and services, or maybe you have some other databases running on different VM instances, you can actually create a secondary IP range as well so that you can have your services and your applications on different ranges. So that's a very great feature within GCP that really allows you to just separate resources and you could just do that, creating a VPC.
Okay, so what we're gonna do is we're gonna go ahead and create this VPC. We already have the name as we put in before, the vm-nginx, and we have our subnet, and let's go ahead and put in a secondary IP. So we're just gonna call this kube-1 and we're gonna pick a different range here. And then that way, like I mentioned earlier, we'll be able to separate our Kubernetes microservices from the main range of IP addresses.
So we can basically have, let's say, our Compute Instance VMs on one IP range and then we can have our Kubernetes pods on a different range. And then, as far as the Private Google access and flow logs, it's good to turn those on if you need to have external access to other Google services, public services.
So let's say you need to use something like a BigQuery or even like a Bigtable, something like that, you could get access to those services without going over the public internet. And then, the flow logs is just gonna give you a lot more information on how your traffic is flowing. So if you need to, if you do audits, or you need to really track that information, or capture it, as much as possible, you're gonna wanna turn the flow logs on.
So, once again, like I said, Private Google access, you don't have to use external IP addresses when you turn that on for other Google services. So, we're gonna hit done. And then we get down to the bottom you're gonna see the Regional and Global option. So Regional, you only can communicate with items in that region, just the routes there, and Global will let you have everything set up from the beginning, globally.
So you can just set one VPC up and you'll be able to connect without creating all these additional routes. So if you ever have to set up some resources in Asia, or somewhere else in the world, if you select Global, you'll be able to do that very easily; you won't have to do any additional work.
Now with that being said, if you want to expose some of those resources to the internet, or you have a need to do so, you can reserve a static IP address. So looking at this section within the console, you're gonna see that you have the ability to come up with a name with one, so we'll just call this external, we'll do ext-ip, and what you're also gonna see is that from a Network Service Tier, if you pick Premium, all that means is it's gonna be less hops over the internet, it's gonna be using GCP's network more so than the Standard, which is just gonna be using the internet and the PoPs, all around the world.
So it's gonna be slower, but it's cheaper. And then another thing, you could choose the IP version but this down here at the bottom, is one thing you wanna be aware of, is the Attached. So if you don't attach an external IP address to a VM instance, you will need to pay for it. So that's something to be aware of. So it won't be free unless you attach it to a VM instance. And if you choose not to, if you just wanna reserve one for something you're gonna create in the future, you can go to the pricing details and you could figure out, they have it all listed here on their site, what the current charges are for an external IP address. And then, as you could see, here's a note, starting in January, that it's gonna be an additional charge for publicly addressed VMs. So there's always changes coming, so definitely check out the pricing guide in regards to the external IP addresses. And other than that, that's gonna wrap up this section of the course.
About the Author
Mark has many years of experience working with Google Cloud Platform and also holds eight GCP certifications.