Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Where do we get the Control Plane IP Range for Private GKE cluster in GCP?

Tags:

google-cloud-platform

google-kubernetes-engine

I am trying to create a private GKE cluster.

I have a subnet with two secondary IP ranges (one for the pods and one for the services).

However, a private GKE cluster also requires an IP address range for the control plane.

I have seen the documents for creating private GKE cluster and I see in their examples they ask you to use 172.16.0.32/28 for the control plane/master IP range.

What I want to understand is that, if the control plane IP range is managed by GCP for a zonal cluster? (if yes how to find it?)

Or,

Do I need to create a separate VPC network altogether for the control plane?

like image 974
bakadevops Avatar asked Nov 06 '25 02:11

bakadevops

1 Answers

Addressing the first question:

What I want to understand is that, if the control plane IP range is managed by GCP for a zonal cluster? (if yes how to find it?)

You can allocate the IP range that the control plane of your GKE cluster will have (during the creation process).

According to the documentation:

The control plane in private clusters

Every GKE cluster has a Kubernetes API server that is managed by the control plane (master). The control plane runs on a VM that is in a VPC network in a Google-owned project. A regional cluster has multiple control planes, each of which runs on its own VM.

-- Cloud.google.com: Kubernetes Engine: ... : Control plane in private clusters

Addressing the second question:

Do I need to create a separate VPC network altogether for the control plane?

No, you don't need to create a VPC for your control plane. It will be created for you. The connection between your network and the control plane will be peered using VPC Network Peering.

You can check the details by following a path:

Cloud Console (Web UI) -> VPC Network -> VPC Networks -> VPC_NAME -> VPC Network Peering

@DawidKruk so that means I can enter an IP range (let's say /28) for control plane and will just make sure that it does not overlap with the subnet that I'm using for the cluster nodes, pods and services?

Yes. You are correct. Following ip ranges shouldn't overlap:

  • Pods
  • Services
  • Control plane
  • VPC Network

Additional resources:

  • Cloud.google.com: Kubernetes Engine: Private cluster concept
like image 189
Dawid Kruk Avatar answered Nov 08 '25 15:11

Dawid Kruk
Sign in to Comment

Related questions

Making GCP Load-balancer HTTP logs integrate with Cloud Trace (in GCP Logs Explorer)?
Firebase onAuthStateChanged user returns null when on localhost
How to set up VPC network peering from multiple App Engine projects to Mongo Atlas
CLI question: "The following functions are found in your project but do not exist in your local source code" - how to default answer No?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!