Creating a Private Kubernetes Cluster

This document provides a detailed guide to creating a private Kubernetes cluster in GKE (Google Kubernetes Engine) and KIND (Kubernetes IN Docker).

Creating Kubernetes Cluster in GKE

Prerequisites

Before proceeding, ensure:

1. Setup VPC network, Cloud NAT, Cloud Router and Access control policies. Please refer to Network Configuration & Access control policies for more information.

2. APIs Enabled: You need to enable the following APIs via the API Library.

• Kubernetes Engine API
• Backup for GKE API

2. Quota Adjustments: Review and increase quotas via Quota Management Console.

• CPUs (regional/global).
• Type of CPUs for your region
• Static IP addresses.
  • Static IP addresses all regions (need at least 1 per namespace).
  • Static IP addresses for your region (need at least 1 per namespace).
• IP addresses for your region.
• Persistent Disk SSD capacity.
• VM instances per region.
• Network Endpoint Groups (NEGs).

---

Steps to Create a Private Cluster Using GCP Console

1. Cluster Setup

• Navigate to GKE Console.
• Click Create → Configure under the Standard section.
• Name the Cluster: e.g., prod-0.
• Location Type: Set as Regional (better resilience).

2. Node Pool Configuration

Click Node Pools → Add Node Pool:

• Name: e.g. pool-4-20.
• Number of nodes: '4'
• Machine Type: t2d-standard-4 (4 vCPUs, 20 GB RAM).
• Boot Disk: SSD, 30 GB.
• Enable Autoscaler
• Set max nodes per zone to 50.
• Enable VPA.

3. Networking

Under Network, Select prod-0 → Select Private Cluster:

• Ensure Access Control Plane Using External IP is checked
• Set Control Plane Authorized Networks
  • Example: 172.16.0.0/28.
  • Add VPN or trusted IP ranges.

4. Metadata & Labels

• On Metadata menu, Add descriptions for clarity. For Example:

  • Description: This is a production cluster.
  • Key: cluster Value: prod-0.

5. Features

• Enable the following:
  • Logging and Monitoring.
  • Backup for GKE.

6. Automation

• Enable Maintenance Window:
  • Example: Weekends at 10 AM IST
• Configure Notifications:
  • Create Pub/Sub topic (e.g., prodPubSub)

7. Finalize and Create

• Review all configurations.
• Click Create to provision the cluster.

---

Equivalent CLI Command

For automation or CI/CD integration, use the following gcloud command:

gcloud beta container --project "idhub-production" clusters create "prod-0" \
  --no-enable-basic-auth \
  --cluster-version "1.27.8-gke.1067004" \
  --release-channel "regular" \
  --machine-type "t2d-standard-4" \
  --disk-type "pd-ssd" \
  --disk-size "30" \
  --node-labels app=idhub-prod \
  --metadata disable-legacy-endpoints=true \
  --scopes "https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring" \https://cloud.google.com/kubernetes-engine/docs/tutorials/private-cluster
  --num-nodes "4" \
  --logging=SYSTEM,WORKLOAD \
  --monitoring=SYSTEM \
  --enable-private-nodes \
  --master-ipv4-cidr "172.16.0.0/28" \
  --enable-ip-alias \
  --network "projects/idhub-production/global/networks/prod-0" \
  --subnetwork "projects/idhub-production/regions/us-central1/subnetworks/prod-subnet-0" \
  --default-max-pods-per-node "110" \
  --maintenance-window-start "2024-03-25T04:30:00Z" \
  --maintenance-window-end "2024-03-26T04:30:00Z" \
  --maintenance-window-recurrence "FREQ=WEEKLY;BYDAY=SA,SU" \
  --labels cluster=prod-0 \
  --enable-managed-prometheus \
  --enable-vertical-pod-autoscaling \
  --enable-shielded-nodes \
  --notification-config=pubsub=ENABLED,pubsub-topic=projects/idhub-production/topics/prodPubSub

note

Replace the values in the above command as per your organization needs

---

Post-Creation Actions

1. Control Plane Authorized Networks:
   • Add Cluster Pod IP range (default) for additional services.
2. Security Best Practices:
   • Regularly update cluster credentials.
   • Enable Workload Identity for secure authentication (Guide).

Additional References

• Private Clusters Overview
• Setting Up Private Clusters

---

Creating a Cluster in KIND

Prerequisites

Run the following command in your terminal to clone IDHub App Repo

git clone https://bitbucket.org/sath-inc/app.git && cd app

Setup Cluster

Run the following script to create a KIND cluster with: - 1 control plane node - 4 worker nodes. This integrates the cluster with Cloud-Provider-Kind for LoadBalancer support.

./src/main/scripts/kind/setupKindK8sCluster.sh