Configuring Kubernetes Clusters
Configuring Firewall Rules
Please note: this course has been replaced with an updated version which can be found here.
This course guides you through the key steps to configure a Google Cloud Platform virtual private cloud (VPC), which allows you to connect your GCP services with one another securely.
After a brief introduction, the course begins with how to set up and configure VPCs, including VPC peering and shared VPC. You'll learn how to configure routes, set up cloud NAT (network address translation), and configure VPC-native clusters in Kubernetes, before rounding off the course by looking at VPC firewalls. The topics in this course are accompanied by demonstrations on the platform in order to show you how these concepts apply to real-world scenarios.
If you have any feedback, questions, or queries relating to this course, please feel free to contact us at firstname.lastname@example.org.
- Configure Google Cloud Platform VPC resources
- Configure VPC peering and API access
- Create shared VPCs
- Configure internal static and dynamic routing, as well as NAT
- Configure and maintain Google Kubernetes Engine clusters
- Configure and maintain VPC firewalls
This course is intended for:
- Individuals who want to learn more about Google Cloud networking, who may also have a background in cloud networking with other public cloud providers
- Individuals who simply want to widen their knowledge of cloud technology in general
To get the most from this course, you should already have experience in public cloud and networking as well as an understanding of GCP architecture.
VPC Peering. Let's talk about that a little bit. What VPC Peering is is it allows you to connect your VPC directly to another VPC to communicate privately. So, what that means, you're not over the public internet, I can connect directly to your project using private RFC 19 IP addresses, which are anything in the 10 range, 192 or 172.
And to give you a good example of this is let's say I create an internal web application or web server, and I don't want it on the internet at all. I just want my internal employees to access it. When I set VPC peering up, I could actually give you access to that internal website without putting it on the internet.
So you could be halfway across the world. Let's say I'm on the west coast, in California, and you're on the east coast, in New York. I could peer my VPC directly to yours. And you can connect to all those resources there. No matter if it's in a different project or a completely different organization. And lastly, it could be in the same project as well. The initial project could have two different VPCs.
Okay, so the first thing we're gonna do within the VPC network, we're gonna go ahead and click on VPC network peering. And we're gonna create a connection, and as you see, one of the first things that's gonna pop up, you're gonna need the project ID, and if its a different project, and you need the VPC network. The actual name of it. So we're gonna go ahead and select those now.
Now, what we've done here, we've just created the name of our new peering connection, we're calling it new-peer. We're choosing the name of our VPC network that we want to, you know, connect with, and we're also gonna choose where the next network that we wanna connect to is located.
So, in this case, it's gonna be within this same project. But you also could choose another project, which is, you would then need to provide that project ID, and the VPC network name itself. But, let's say you have a lot of virtual machine compute engine instances set up within one project, but they're all on different networks, different VPC networks you've set up. This would be the option you would choose to do that.
Now we're gonna go and click create, and while this is creating, we'll pause here for a second. Okay, so the first part of the peering is done. We're doing it from one side, we're doing it from the my network to private net. Now we need to connect the private net to my network. So we're gonna go ahead and create a new peering connection. And I'm just gonna name this one peer-remote. And we're gonna choose the actual network VPC that we want to connect with the one from the first screen. And we're gonna go on and hit connect, create, rather.
Okay, now as you could see, we have both networks showing active connection, they're connected together. So, another thing, there's a few gotchas with this. So number one is that you have to have different, so the IP ranges, they can't overlap. So in this case, you're gonna see, for the my network and the private net, they're completely different ranges there. So you do need to be sure you do that. And that's pretty much the main requirement when it comes to setting up a VPC peering network.
Mark has many years of experience working with Google Cloud Platform and also holds eight GCP certifications.