Configuring Kubernetes Clusters
Configuring Firewall Rules
The course is part of these learning paths
This course guides you through the key steps to configure a Google Cloud Platform virtual private cloud (VPC), which allows you to connect your GCP services with one another securely.
After a brief introduction, the course begins with how to set up and configure VPCs, including VPC peering and shared VPC. You'll learn how to configure routes, set up cloud NAT (network address translation), and configure VPC-native clusters in Kubernetes, before rounding off the course by looking at VPC firewalls. The topics in this course are accompanied by demonstrations on the platform in order to show you how these concepts apply to real-world scenarios.
If you have any feedback, questions, or queries relating to this course, please feel free to contact us at firstname.lastname@example.org.
- Configure Google Cloud Platform VPC resources
- Configure VPC peering and API access
- Create shared VPCs
- Configure internal static and dynamic routing, as well as NAT
- Configure and maintain Google Kubernetes Engine clusters
- Configure and maintain VPC firewalls
This course is intended for:
- Individuals who want to learn more about Google Cloud networking, who may also have a background in cloud networking with other public cloud providers
- Individuals who simply want to widen their knowledge of cloud technology in general
To get the most from this course, you should already have experience in public cloud and networking as well as an understanding of GCP architecture.
Okay, for this section we're gonna talk about setting up a shared VPC with a Kubernetes cluster. So before we start setting that configuration up, the first thing we wanna do is we're gonna go ahead and create another VPC. And I'm naming this one "shared-kube-vpc".
I'm gonna have the address range here. Also, go ahead and make another address range. I'll just go ahead. And as you can see here, it has to be the lowest number in the range. So, in RFC 19-18 range. So I wanna use 192.168.0.0/24. We're also gonna allow private Google access which will allow you to communicate with other Google services without using external IP address. And then we'll also turn on the flow logs to give you all the logs necessary.
So we're gonna go ahead and create that, and we'll be right back. Okay, at this point we see the new VPC has been created, you see the region and zone we've chosen along with the IP ranges we selected earlier.
Okay, so we've gone ahead and done, we've deleted the default network so that we can set up a shared VPC, with all subnet permissions enabled, so this project-level permissions. So what that does is that anything in the future that's created, all of the new subnets in the future will have access, will be granted access to the shared VPC, to the connected service projects rather.
So from that standpoint, we're gonna go into that learn sandbox project. And then when we click on network share to my project, you're gonna see that new "shared-kube-vpc" we created. And then now we're gonna go ahead and create a new cluster.
Now when we create this cluster, I'll just call it "your-first-cluster-5". We'll put it in east b. And when we go ahead do this, at the bottom we're gonna go ahead click the drop-down to expand all the different options. And then you're gonna see an option under VPC native that says "Network shared with me". And when we click on that, you're gonna see that that "shared-kube-vpc" is the one that we can select.
So from this standpoint, all those ranges that have been shared out can be used for this Kubernetes cluster. And then there's more options underneath here in regards to network security from a private cluster, if you master. There's a whole lot of other options down here, I won't go too deep into it on this section. But, they kinda give me an idea, once we have that created, you'll be all set and you'll have your own shared VPC range with the Kubernetes cluster.
Mark has many years of experience working with Google Cloud Platform and also holds eight GCP certifications.