Thank you for your order!
Your order placed sucessfully. Your service(s) set up as soon as possible.
Please note that your weborderid (your reference) is . The total amount paid by you is € .
Thank you for your order!
One email will be sent to you. That email is from our ticketing system, this email/ticket will be used to discuss your order further and to deliver the service(s) to you and also there a payment portal link.
To get your service(s) set up as soon as possible you will need to pay for your order first. You can pay in various ways such as Paypal, Bitcoin, Mastercard, Visacard, American Express and wiretransfers. You can find these on our financial page.
Please note that your weborderid (your reference) is when you make your payment. The total amount is € .
TNGNET cluster Private Nodes
Cloud NAT
If restricting outgoing internet access is not a concern for your organization, use Google's Cloud NAT service to allow nodes in the private network to access the internet, enabling them to download the required images from Dockerhub and contact the Rancher management server.
Private registry
If restricting both incoming and outgoing traffic to nodes is a requirement, follow the air-gapped installation instructions to set up a private container image registry on the VPC where the cluster is going to be, allowing the cluster nodes to access and download the images they need to run the cluster agent.
Direct access
If the Rancher server is run on the same VPC as the cluster's control plane, it will have direct access to the control plane's private endpoint. The cluster nodes will need to have access to a private registry to download images as described above.
Public and private Clusters
Public Cluster
Public Cluster offers two different cluster accesses: Public and Private Cluster. A Public cluster doesn’t imply the cluster can be publicly managed. It means the Master and nodes IP are public.
TNGNET Cloud Private cluster
On the other hand, a Private cluster doesn’t assign public IP addresses to the nodes. It reduces the attack surface and the risk of compromising the workloads.
Networks and firewall rules
A VPC-native Cluster is required to configure our desired network components.
Defining private IP ranges
We first need to define private IP ranges for the nodes, services and pods. To do so, we define a subnetwork in our VPC network. A subnet in Google Cloud has a primary IP range, and optional secondary ranges (IP alias ranges).
Google Health Check
It is recommended to enable GooglePrivate Access, so Google services are reachable without going over the public internet.
Private Cluster endpoint
In the setup we define for this article, we choose to use a third option. We wrote Terraform code to create the private clusters with a public endpoint for the Master node.
Interested in a TNGNET Private Cluster Server?
-
For our use case, we'd like to set up a network with a private IP range (say, 10.128.0.0/16), and then set up a self-contained cluster within that network.
-
That would imply that every node in the cluster would have an IP address in that range, as would every load balancer, and that the Kubernetes API would ideally only be exposed in that network. This is known as a private topology.
-
As a result, if we establish a VPN connection to that network and configure the appropriate network routes.
Feel free to contact us
We are ready to give you the best support from us