Configuring Kubernetes Cluster in GKE

This document provides a detailed guide to configure a Kubernetes cluster in GKE (Google Kubernetes Engine).

Pre-Requisites

1. Setup VPC network, Cloud NAT, Cloud Router and Access control policies:
   • Please refer to Network Configuration & Access control policies for detailed instructions.
2. APIs Enabled: You need to enable the following APIs via the API Library.
   • Kubernetes Engine API.
   • Backup for GKE API.
3. Quota Adjustments: Review and increase quotas via Quota Management Console.
   • CPUs (regional/global).
   • Type of CPUs for your region.
   • Static IP addresses.
     • Static IP addresses in all regions (need at least 1 per namespace).
     • Static IP addresses for your region (need at least 1 per namespace).
   • IP addresses for your region.
   • Persistent Disk SSD capacity.
   • VM instances per region.
   • Network Endpoint Groups (NEGs).

Create a Private Cluster Using GCP

1. Cluster Setup:
   • Navigate to GKE Console.
   • Click Create → Configure under the Standard section.
   • Name the Cluster: e.g., prod-0.
   • Location Type: Set as Regional (better resilience).
2. Node Pool Configuration: Click Node Pools → Add Node Pool.
   • Name: e.g. pool-4-20.
   • Number of nodes: 4.
   • Machine Type: t2d-standard-4 (4 vCPUs, 20 GB RAM).
   • Boot Disk: SSD, 30 GB.
   • Enable Autoscaler.
   • Set max nodes per zone to 50.
   • Enable VPA.
3. Networking: Under Network, Select prod-0 → Select Private Cluster.
   • Ensure Access Control Plane Using External IP is checked.
   • Set Control Plane Authorized Networks.
     • Example: 172.16.0.0/28.
     • Add VPN or trusted IP ranges.
4. Metadata & Labels: On Metadata menu, Add descriptions for clarity.
   • Description: This is a production cluster.
   • Key: cluster, Value: prod-0.
5. Features: Enable the following.
   • Logging and Monitoring.
   • Backup for GKE.
6. Automation:
   • Enable Maintenance Window:
     • Example: Weekends at 10 AM IST.
   • Configure Notifications:
     • Create Pub/Sub topic (e.g., prodPubSub).
7. Finalize and Create:
   • Review all configurations.
   • Click Create to provision the cluster.

Post-Creation Actions

1. Control Plane Authorized Networks:
   • Add Cluster Pod IP range (default) for additional services.
2. Security Best Practices:
   • Regularly update cluster credentials.
   • Enable Workload Identity for secure authentication (Refer to Workload Identity Guide for detailed instructions).

Additional References

• Private Clusters Overview.
• Setting Up Private Clusters.