In this step, we would create a private Google Kubernetes Cluster (GKE). A private cluster ensures that all nodes and the master server (every cluster has a Kubernetes API server called the master) are isolated from the public Internet. You can configure which IPs have access to the master.
You can also set up a Load Balancer that accepts public traffic and directs it to the cluster. For more details, please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters.
Go to Kubernetes Cluster – > Clusters – > Create Cluster.
Follow the steps below to create the cluster.
- Create a Standard cluster. Provide the name of the cluster and zone as us-east1-b (i.e. that should be part of the VPN region). The VPN that we created earlier was in the us-east1 region. We can also create a Regional cluster.
Figure 3 – Cluster Configuration
- Enter the number of nodes as 3 and the machine type based on your workloads. For our sample microservices application, a small machine type is good enough. 3 nodes should be good enough to start with since our cluster will auto scale based on workloads.
Figure 4 – Cluster Configuration – Node pools
- Click Enable-VPC native and select the VPN network and subnet that was created earlier in Step 1.
Figure 5 – Cluster Configuration – Networking options
- Select Enable Http Load balancing for the load balancing component. Select Private Cluster and Select Access Master using its external IP address and specify the IP address. Click Enable master authorized networks and specify the IP which can connect the master. We specify 0.0.0.0/0 for now to allow access from any IP address for running the deployment scripts (or you can create a VM in the same VPN network and connect to the master). Please remove the authorized network once the deployment is done.
Figure 6 – Cluster Configuration – Security options
- Next, enable the logging features and create the cluster.
Figure 7 – Cluster Configuration – Logging options
