GCPcloud~5 mins

GKE networking (VPC-native) in GCP - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

When you create a Kubernetes cluster on Google Cloud, you need to connect it to a network. VPC-native networking lets your cluster use the Google Cloud Virtual Private Cloud (VPC) network directly. This makes communication between your cluster and other resources safer and simpler.

When you want your Kubernetes pods to have IP addresses from your VPC network.

When you need your cluster to communicate securely with other Google Cloud services in the same VPC.

When you want to avoid IP conflicts by using alias IP ranges for pods.

When you want to manage network policies and firewall rules at the VPC level.

When you want better scalability and easier network management for your cluster.

Config File - cluster-config.yaml

cluster-config.yaml

apiVersion: container.cnrm.cloud.google.com/v1beta1
kind: ContainerCluster
metadata:
  name: example-gke-cluster
spec:
  location: us-central1
  initialNodeCount: 3
  networking:
    networkRef:
      name: default
    ipAllocationPolicy:
      useIpAliases: true
      clusterSecondaryRangeName: pods-secondary-range
      servicesSecondaryRangeName: services-secondary-range
  nodeConfig:
    machineType: e2-medium

This file defines a GKE cluster configuration using VPC-native networking.

networkRef.name: Uses the default VPC network.
ipAllocationPolicy.useIpAliases: Enables VPC-native alias IPs for pods.
clusterSecondaryRangeName: The secondary IP range for pod IPs.
servicesSecondaryRangeName: The secondary IP range for service IPs.
nodeConfig.machineType: Sets the machine type for cluster nodes.

Commands

This command creates a new GKE cluster named 'example-gke-cluster' in the 'us-central1-a' zone. It enables VPC-native networking with alias IPs using the specified secondary IP ranges for pods and services. It uses the default VPC network and creates 3 nodes with the machine type e2-medium.

Terminal

gcloud container clusters create example-gke-cluster --zone us-central1-a --enable-ip-alias --cluster-secondary-range-name=pods-secondary-range --services-secondary-range-name=services-secondary-range --network default --num-nodes 3 --machine-type e2-medium

Expected OutputExpected

Creating cluster example-gke-cluster in us-central1-a... Creating node pool default-pool... Created [https://container.googleapis.com/v1/projects/my-project/zones/us-central1-a/clusters/example-gke-cluster]. To inspect the contents of your cluster, go to: https://console.cloud.google.com/kubernetes/workload_/gcloud/us-central1-a/example-gke-cluster?project=my-project kubeconfig entry generated for example-gke-cluster. NAME LOCATION MASTER_VERSION MASTER_IP MACHINE_TYPE NODE_VERSION NUM_NODES STATUS example-gke-cluster us-central1-a 1.26.8-gke.100 35.233.123.45 e2-medium 1.26.8-gke.100 3 RUNNING

→

--enable-ip-alias - Enables VPC-native alias IPs for pods and services.

→

--cluster-secondary-range-name - Specifies the secondary IP range for pod IPs.

→

--services-secondary-range-name - Specifies the secondary IP range for service IPs.

This command lists the nodes in your GKE cluster to verify that the cluster is running and nodes are ready.

Terminal

kubectl get nodes

Expected OutputExpected

NAME STATUS ROLES AGE VERSION example-gke-cluster-default-pool-1a2b3c Ready <none> 2m v1.26.8-gke.100

This command shows all pods running in the cluster with their IP addresses to confirm pods have IPs from the VPC secondary range.

Terminal

kubectl get pods --all-namespaces -o wide

Expected OutputExpected

NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system coredns-558bd4d5db-abcde 1/1 Running 0 3m 10.4.0.2 example-gke-cluster-default-pool-1a2b3c <none> <none>

→

--all-namespaces - Shows pods in all namespaces.

→

-o wide - Shows extra details including pod IP addresses.

Key Concept

If you remember nothing else from this pattern, remember: VPC-native (alias IP) networking lets your GKE pods get IP addresses directly from your VPC network, making networking simpler and more secure.

Common Mistakes

Not enabling --enable-ip-alias when creating the cluster.

Without this flag, the cluster uses routes-based networking, which is less scalable and can cause IP conflicts.

Always include --enable-ip-alias and specify secondary IP ranges for pods and services.

Using overlapping IP ranges for pod secondary range and existing VPC subnets.

IP conflicts cause pods to fail to get IPs or communicate properly.

Choose unique, non-overlapping secondary IP ranges for pods and services.

Not verifying pod IPs after cluster creation.

You might miss that pods are not using VPC-native IPs, causing network issues.

Run 'kubectl get pods --all-namespaces -o wide' to check pod IP addresses.

Summary

Create a GKE cluster with --enable-ip-alias to use VPC-native networking.

Specify secondary IP ranges for pods and services to avoid IP conflicts.

Verify cluster nodes and pod IPs to confirm VPC-native networking is active.