0
0
GCPcloud~10 mins

GKE networking (VPC-native) in GCP - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - GKE networking (VPC-native)
Create VPC Network
Enable Alias IP Ranges
Create Subnet with Secondary Ranges
Create GKE Cluster with VPC-native Enabled
Pods get IPs from Secondary Range
Pods communicate using VPC routing
Cluster nodes and Pods share VPC network
This flow shows how a VPC-native GKE cluster is set up to use VPC networking with alias IP ranges, allowing pods to get IPs from a subnet's secondary range and communicate within the VPC.
Execution Sample
GCP
gcloud container clusters create my-cluster \
  --enable-ip-alias \
  --create-subnetwork name=my-subnet,range=10.0.0.0/24,secondary-range-pods=10.0.1.0/24,secondary-range-services=10.0.2.0/24 \
  --network my-vpc
This command creates a GKE cluster with VPC-native networking enabled, using a subnet with secondary IP ranges for pods and services.
Process Table
StepActionResource Created/ModifiedIP Range AssignedResult
1Create VPC networkVPC network 'my-vpc'10.0.0.0/16VPC network ready
2Create subnet with secondary rangesSubnet 'my-subnet'Primary: 10.0.0.0/24 Pods: 10.0.1.0/24 Services: 10.0.2.0/24Subnet with alias IP ranges ready
3Create GKE cluster with --enable-ip-aliasGKE cluster 'my-cluster'Pods use 10.0.1.0/24 Services use 10.0.2.0/24Cluster nodes and pods get IPs from VPC ranges
4Pods scheduledPods in clusterIPs from 10.0.1.0/24Pods communicate over VPC network
5Services createdKubernetes servicesIPs from 10.0.2.0/24Services reachable inside VPC
6Cluster runningAll resourcesN/AVPC-native networking active
💡 All resources created and pods/services assigned IPs from secondary ranges, enabling VPC-native networking.
Status Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4Final
VPC NetworkNonemy-vpc (10.0.0.0/16)my-vpc (10.0.0.0/16)my-vpc (10.0.0.0/16)my-vpc (10.0.0.0/16)my-vpc (10.0.0.0/16)
SubnetNoneNonemy-subnet (10.0.0.0/24) with pods 10.0.1.0/24 and services 10.0.2.0/24my-subnet (10.0.0.0/24) with alias rangesmy-subnet (10.0.0.0/24) with alias rangesmy-subnet (10.0.0.0/24) with alias ranges
ClusterNoneNoneNonemy-cluster with IP alias enabledmy-cluster runningmy-cluster running
Pods IP RangeNoneNoneNone10.0.1.0/24Pods assigned IPs in 10.0.1.0/24Pods assigned IPs in 10.0.1.0/24
Services IP RangeNoneNoneNone10.0.2.0/24Services assigned IPs in 10.0.2.0/24Services assigned IPs in 10.0.2.0/24
Key Moments - 3 Insights
Why do pods get IPs from the secondary range and not the primary subnet range?
Pods get IPs from the secondary range because the cluster is created with --enable-ip-alias and the subnet has secondary IP ranges assigned for pods and services, as shown in execution_table step 3 and 4.
What happens if the subnet does not have secondary IP ranges configured?
Without secondary IP ranges, the cluster cannot assign IPs to pods from the VPC, so VPC-native networking cannot be enabled. This is clear from step 2 where secondary ranges are created before cluster creation.
How do pods communicate with other resources in the VPC?
Pods use IPs from the VPC subnet's secondary range, so they communicate over the VPC network like any other resource, as shown in step 5 and 6.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, at which step are pods assigned their IPs from the secondary range?
AStep 2
BStep 3
CStep 4
DStep 5
💡 Hint
Check the 'IP Range Assigned' and 'Result' columns in execution_table rows for pod IP assignment.
According to variable_tracker, what is the state of the subnet after step 2?
ASubnet with secondary ranges for pods and services
BSubnet with primary range only
CSubnet with no secondary ranges
DSubnet deleted
💡 Hint
Look at the 'Subnet' row after 'After Step 2' column in variable_tracker.
If the cluster was created without --enable-ip-alias, how would the execution_table change?
APods would get IPs from primary subnet range
BPods would not get IPs from VPC ranges, breaking VPC-native networking
CPods would still get IPs from secondary range
DServices would get IPs from secondary range but pods would not
💡 Hint
Refer to the importance of --enable-ip-alias in step 3 of execution_table.
Concept Snapshot
GKE VPC-native networking uses alias IP ranges.
Create a VPC and subnet with secondary IP ranges.
Enable --enable-ip-alias when creating the cluster.
Pods get IPs from secondary ranges, communicating inside VPC.
This improves IP management and network performance.
Full Transcript
This visual execution trace shows how to set up Google Kubernetes Engine (GKE) networking using VPC-native mode. First, a VPC network is created. Then, a subnet is created with secondary IP ranges for pods and services. Next, a GKE cluster is created with the --enable-ip-alias flag, which enables pods to receive IP addresses from the subnet's secondary ranges. Pods and services get IPs from these ranges and communicate over the VPC network. The variable tracker shows how resources and IP ranges evolve step-by-step. Key moments clarify why secondary ranges are needed and how pods communicate. The quiz tests understanding of when pods get IPs, subnet state, and the role of --enable-ip-alias.