Archives for GCP Networking
GKE Control Plane and Public IPs and Private Service Connect
By default, when you create a public cluster, GKE assigns an external IP address (external endpoint) to the control plane and provisions public nodes. This means that any VM with…
Cloud CDN to deal with unauthenticated users
Use Case - serve content to users who are not authenticated Cloud CDN can cache content that doesn't require authenticated users.
Default VPC Firewall Rules in GCP
All inbound traffic is denied by default However, all OUTBOUND is allowed by default. So - if there is a need to ensure that the default VPC instances see no…
Firewall Rules in GCP – Service Accounts versus Tags
Both - network tags - and Service accounts - are viable options (for target instances) when defining firewall rules. However, if both these exist for a certain VM, it is…
VPC Service Controls – As Firewall Rules
Are like firewalls - Firewall rules allow/block based on IP addresses - VPC service controls allow/block based on a project perimeter For to Ensure that cloud storage buckets can be…
Google Cloud DNS – Overview and Use Cases
DNS Terms and Overview Zone Files, A Records, CName Records Cloud DNS - Records versus Record Sets Cloud DNS directs incoming traffic according to its record sets. As with most…
Firewall rules based on Network tags – GCP
Overview Network tags as logical labels that you can apply to VMs. The tags are defined independently, but referenced during the creation of a firewall rule. Use Case - Allow…
Private IP Data Transfer vs. Public IP
Cloud Interconnect (and VPN) - used to connect Private IPs Direct Peering - Exists outside of Google Cloud - uses Public IPs to connect. Use case Transfer LARGE amounts of…
Use Firewall Policies in GCP along with Firewall Rules
Default Firewall Rules exist at the VPC level and are applied to any VM created in a default VPC. In addition to the firewall rules, GCP has something called Firewall…
How Google Load Balancers are different
Google's Global Load Balancer vs. DNS Load Balancing DNS Load Balancing is tricky. For an app hosted in multiple regions, each region essentially gets an IP address that is unique…