You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CLOUDNAT.md
+10-14Lines changed: 10 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,9 +38,7 @@ Accordingly to this picture we are going to do following steps:
38
38
39
39
## Create a GKE cluster with private nodes
40
40
41
-
In any case it is a good idea to keep IP addresses of your nodes private. For the security reasons we suggest to have this setup as a best practice. However, we will make the Kubernetes API endpoint public now for the purpose of simplicity.
42
-
43
-
First, we authorize `gcloud` to access the Cloud Platform:
41
+
In any case, it is a good idea to keep the IP addresses of your nodes private. For security reasons, we recommend choosing this setup as a best practice. However, for simplicity, we will now make the Kubernetes API endpoint publicly available. First we will authorize `gcloud` to access the cloud platform:
_Hint: you must have a service account with the roles `Kubernetes Engine Cluster Admin` and `Compute Network Admin` as well as a key file to create a cluster. In our example we named the service account `cluster-admin` and the key `cluster-admin-key.json`_
...and explain what the parameters are good for as long as the cluster is being configured:
71
-
72
-
`--enable-private-nodes`: like it says the nodes will receive private IP addresses and will not be accessible from outside the cluster.<br>
73
-
`--enable-ip-alias`: it creates a VPC-native cluster which means setting up subnetworks that has two secondary IP ranges: one for pods and one for services.<br>
74
-
`--master-ipv4-cidr 172.16.0.0/28` specifies an internal address range for the Kubernetes management endpoints. You must declare this range, if you start a private cluster.<br>
75
-
`--no-enable-master-authorized-networks` allow to access the Kubernetes API endpoint from everywhere.<br>
76
-
`--no-enable-basic-auth` disables basic authentication for the cluster.<br>
77
-
`--no-issue-client-certificate` disables issuing a client certificate.<br>
78
-
`--zone europe-west1-b` defines in which cloud zone is to create the cluster. Be careful in choosing the zone. It should be the same one as MongoDB Atlas is running on, unless you have good reasons to start the cluster somewhere else. Using the same zone makes the response time of the Mongo queries shorter and the costs lower.
68
+
*`--enable-private-nodes`: All nodes receive private IP addresses and cannot be reached from outside the cluster.
69
+
*`--enable-ip-alias`: A VPC-native cluster is created, i.e. subnets with two secondary IP ranges are established: one for pods and one for services
70
+
*`--master-ipv4-cidr 172.16.0.0/28`: Specifies an internal address range for the Kubernetes management endpoints. You must declare this range when you start a private cluster.
71
+
*`--no-enable-master-authorized-networks`: enable access to the Kubernetes API endpoint from anywhere.
72
+
*`--no-enable-basic-auth`: Disables basic authentication for the cluster.
73
+
*`--no-issue-client-certificate` disables issuing a client certificate.
74
+
*`--zone europe-west1-b`: In which zone should the cluster be created. Be careful when selecting the zone. It should be the same one on which MongoDB Atlas runs, unless you have good reasons to start the cluster somewhere else. Using the same zone shortens the response time of Mongo queries and reduces costs.
79
75
80
-
We hope you see a similar picture now:
76
+
If everything worked, you should receive such an output.
81
77
82
78
```sh
83
79
NAME LOCATION MASTER_VERSION MASTER_IP MACHINE_TYPE NODE_VERSION NUM_NODES STATUS
0 commit comments