Deploying with a custom network configuration

The following steps demonstrate how to provision your cluster with a custom network configuration:

  1. Create a VPC network:
$ gcloud compute networks create k8s-devops-cookbook \
--subnet-mode custom
  1. Create a subnet in your VPC network. In our example, this is 10.240.0.0/16:
$ gcloud compute networks subnets create kubernetes \
--network k8s-devops-cookbook --range 10.240.0.0/16
  1. Create a firewall rule to allow internal traffic:
$ gcloud compute firewall-rules create k8s-devops-cookbook-allow-int \
--allow tcp,udp,icmp --network k8s-devops-cookbook \
--source-ranges 10.240.0.0/16,10.200.0.0/16
  1. Create a firewall rule to allow external SSH, ICMP, and HTTPS traffic:
$ gcloud compute firewall-rules create k8s-devops-cookbook-allow-ext \
--allow tcp:22,tcp:6443,icmp --network k8s-devops-cookbook \
--source-ranges 0.0.0.0/0
  1. Verify the rules:
$ gcloud compute firewall-rules list
 NAME                          NETWORK             DIRECTION PRIORITY ALLOW  DENY    DISABLED
 ...
 k8s-devops-cookbook-allow-ext k8s-devops-cookbook INGRESS   1000     tcp:22,tcp:6443,icmp      False
 k8s-devops-cookbook-allow-int k8s-devops-cookbook INGRESS   1000     tcp,udp,icmp              False
  1. Add the --network k8s-devops-cookbook and --subnetwork kubernetes parameters to your container clusters create command and run it.
上一章目录下一章