Creating A Private Kubernetes Cluster

This document provides a detailed guide to creating a private Kubernetes cluster in GKE (Google Kubernetes Engine) and KIND (Kubernetes IN Docker).

Creating Kubernetes Cluster in GKE

Pre-Requisites

1. Setup VPC network, Cloud NAT, Cloud Router and Access control policies:
   • Please refer to Network Configuration & Access control policies for detailed instructions.
2. APIs Enabled: You need to enable the following APIs via the API Library.
   • Kubernetes Engine API.
   • Backup for GKE API.
3. Quota Adjustments: Review and increase quotas via Quota Management Console.
   • CPUs (regional/global).
   • Type of CPUs for your region.
   • Static IP addresses.
     • Static IP addresses in all regions (need at least 1 per namespace).
     • Static IP addresses for your region (need at least 1 per namespace).
   • IP addresses for your region.
   • Persistent Disk SSD capacity.
   • VM instances per region.
   • Network Endpoint Groups (NEGs).

Create a Private Cluster Using GCP

1. Cluster Setup:
   • Navigate to GKE Console.
   • Click Create → Configure under the Standard section.
   • Name the Cluster: e.g., prod-0.
   • Location Type: Set as Regional (better resilience).
2. Node Pool Configuration: Click Node Pools → Add Node Pool.
   • Name: e.g. pool-4-20.
   • Number of nodes: 4.
   • Machine Type: t2d-standard-4 (4 vCPUs, 20 GB RAM).
   • Boot Disk: SSD, 30 GB.
   • Enable Autoscaler.
   • Set max nodes per zone to 50.
   • Enable VPA.
3. Networking: Under Network, Select prod-0 → Select Private Cluster.
   • Ensure Access Control Plane Using External IP is checked.
   • Set Control Plane Authorized Networks.
     • Example: 172.16.0.0/28.
     • Add VPN or trusted IP ranges.
4. Metadata & Labels: On Metadata menu, Add descriptions for clarity.
   • Description: This is a production cluster.
   • Key: cluster, Value: prod-0.
5. Features: Enable the following.
   • Logging and Monitoring.
   • Backup for GKE.
6. Automation:
   • Enable Maintenance Window:
     • Example: Weekends at 10 AM IST.
   • Configure Notifications:
     • Create Pub/Sub topic (e.g., prodPubSub).
7. Finalize and Create:
   • Review all configurations.
   • Click Create to provision the cluster.

Equivalent CLI Command

For automation or CI/CD integration, use the following gcloud command:

gcloud beta container --project "idhub-production" clusters create "prod-0" \
  --no-enable-basic-auth \
  --cluster-version "1.27.8-gke.1067004" \
  --release-channel "regular" \
  --machine-type "t2d-standard-4" \
  --disk-type "pd-ssd" \
  --disk-size "30" \
  --node-labels app=idhub-prod \
  --metadata disable-legacy-endpoints=true \
  --scopes "https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring" \https://cloud.google.com/kubernetes-engine/docs/tutorials/private-cluster
  --num-nodes "4" \
  --logging=SYSTEM,WORKLOAD \
  --monitoring=SYSTEM \
  --enable-private-nodes \
  --master-ipv4-cidr "172.16.0.0/28" \
  --enable-ip-alias \
  --network "projects/idhub-production/global/networks/prod-0" \
  --subnetwork "projects/idhub-production/regions/us-central1/subnetworks/prod-subnet-0" \
  --default-max-pods-per-node "110" \
  --maintenance-window-start "2024-03-25T04:30:00Z" \
  --maintenance-window-end "2024-03-26T04:30:00Z" \
  --maintenance-window-recurrence "FREQ=WEEKLY;BYDAY=SA,SU" \
  --labels cluster=prod-0 \
  --enable-managed-prometheus \
  --enable-vertical-pod-autoscaling \
  --enable-shielded-nodes \
  --notification-config=pubsub=ENABLED,pubsub-topic=projects/idhub-production/topics/prodPubSub

note

Replace the values in the above command as per your organization needs.

Post-Creation Actions

1. Control Plane Authorized Networks:
   • Add Cluster Pod IP range (default) for additional services.
2. Security Best Practices:
   • Regularly update cluster credentials.
   • Enable Workload Identity for secure authentication (Refer to Workload Identity Guide for detailed instructions).

Additional References

• Private Clusters Overview.
• Setting Up Private Clusters.

Creating a Cluster in KIND

Pre-Requisites

Run the following command in your terminal to clone IDHub App Repo.

git clone https://bitbucket.org/sath-inc/app.git && cd app

Setup Cluster

Run the following script to create a KIND cluster with, one control plane node and four worker nodes. This integrates the cluster with Cloud-Provider-Kind for LoadBalancer support.

./src/main/scripts/kind/setupKindK8sCluster.sh