Network Configuration And Access Control

A robust networking setup is essential for Kubernetes clusters in GCP to ensure private communication and controlled access to external resources. This guide provides detailed instructions for configuring critical networking components in Google Cloud Platform (GCP) before deploying a private Kubernetes cluster. It ensures a secure and scalable environment by leveraging Google Kubernetes Engine (GKE) best practices.

Step 1: Create a VPC Network

The VPC will act as the foundational network for your Kubernetes cluster.

1. Navigate to the GCP Console:
   • Go to the VPC Networks page.
2. Create the VPC:
   • Name: prod-0.
   • Subnet Creation Mode: Automatic (or Custom if specific IP ranges are required).
3. Add a Custom Subnet:
   • Name: prod-subnet-0.
   • Region: us-central1.
   • IPv4 Range: 10.2.204.0/22.
   • Toggle Private Google Access to ON to allow instances without external IPs to access Google APIs and services.
4. Save and Apply.

tip

Refer to Google Cloud VPC Network documentation for detailed instructions.

Step 2: Configure a Cloud Router

Cloud Router manages dynamic route advertisements, a critical component for NAT.

1. Navigate to the Cloud Router Page:
   • Access the Cloud Router page.
2. Create a Cloud Router:
   • Name: prod-router-0.
   • Region: us-central1.
   • Network: prod-0.
3. Enable BGP (optional):
   • Set up BGP if required for dynamic routing with on-premises networks.
4. Save Configuration.

tip

Refer to Cloud Router documentation for detailed instructions.

Step 3: Set Up Cloud NAT

Cloud NAT provides egress internet access for private Kubernetes nodes.

1. Navigate to the Cloud NAT Page:
   • Go to the Cloud NAT configuration.
2. Create a Cloud NAT Gateway:
   • Name: prod-gateway.
   • Region: us-central1.
   • Network: prod-0.
   • Router: prod-router-0.
3. Specify NAT Mapping:
   • Recommended: Use automatic allocation of NAT IP ranges for simplicity.
4. Enable Logging:
   • For monitoring purposes, enable NAT logging.
5. Save and Deploy.

tip

Refer to Cloud NAT documentation for detailed instructions.

Step 4: Verify and Integrate

After configuring the network, ensure integration with GKE by setting up your Kubernetes cluster.

1. Cluster Creation:
   • Please refer to GKE Cluster Creation Guide for detailed instructions on how to setup Kubernetes cluster in GKE.
   • Please refer to MicroK8s Cluster Creation Guide for detailed instructions on how to setup Kubernetes cluster in MicroK8s.
2. Integrate with Zero-Trust frameworks like Cloudflare and add the following applications:
   • IDHub Admin:
     • Application URL: [IDHUB_FQDN]/admin
   • Keycloak Master Realm:
     • Application URL: [IDHUB_FQDN]/auth/admin/master/console/

note

• The IDHUB_FQDN will be the URL of IDHub application.