Skip to content
My Docs
Blog

Production Prepare

Project

  • Enable API: Kubernetes, Compute Engine, VPC, Cloud SQL Admin API

Network

  • VPC-native

  • Subnet with 1 primary IP range, 2 secondary IP ranges used for pod IP and service IP (enable private acess as well)

  • Public cluster or private cluster

  • Regional or Zonal

  • Max pods per node

  • Create a VPC in region us-east1:

    • Subnet k8s: 10.1.0.0/16 (secondary will be added to this subnet later when we create a new GKE cluster)
    • Subnet vms: 10.0.0.0/16
    • Enable Service Networking
Terminal window
gcloud compute networks create juleb-vpc --project=juleb-demo-415508 --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional &&
gcloud compute networks subnets create k8s-subnet --project=juleb-demo-415508 --range=10.1.0.0/16 --stack-type=IPV4_ONLY --network=juleb-vpc --region=us-east1 --secondary-range=pods-range=10.2.0.0/16,services-range=10.3.0.0/16 --enable-private-ip-google-access &&
gcloud compute networks subnets create vms-subnet --project=juleb-demo-415508 --description=a\ subnet\ for\ vms --range=10.0.0.0/16 --stack-type=IPV4_ONLY --network=juleb-vpc --region=us-east1 --enable-private-ip-google-access &&
gcloud compute firewall-rules create juleb-vpc-allow-custom --project=juleb-demo-415508 --network=projects/juleb-demo-415508/global/networks/juleb-vpc --description=Allows\ connection\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ custom\ protocols. --direction=INGRESS --priority=65534 --source-ranges=10.1.0.0/16,10.0.0.0/16 --action=ALLOW --rules=all &&
gcloud compute firewall-rules create juleb-vpc-allow-icmp --project=juleb-demo-415508 --network=projects/juleb-demo-415508/global/networks/juleb-vpc --description=Allows\ ICMP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=icmp &&
gcloud compute firewall-rules create juleb-vpc-allow-ssh --project=juleb-demo-415508 --network=projects/juleb-demo-415508/global/networks/juleb-vpc --description=Allows\ TCP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ port\ 22. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=tcp:22

Storage

  • Enable FileStore CSI Driver

High Availability

  • 3 zones for 3 nodes
  • Autoscalingb