GCP Project

1 VPC

2 subnets (management subnet & restricted subnet):

1.Management subnet has the following:

•NAT gateway

•PrivateVM

2.Restricted subnet has the following:

•Private standard GKE cluster (private control plan)Notes:

1.Restricted subnet must not have access to internet

2.All images deployed on GKE mustcome from GCR or Artifacts registry.

3.The VM mustbe private.

4.Deploymentmust be exposed to public internetwith a public HTTP load balancer.

5.All infra is to be created on GCP using terraform.

6.Deployment on GKE can be done by terraform or manuallyby kubectl tool.

7.The code to be build/dockerizedand pushed to GCR is on here:

8.Don’t use default compute service account while creating the gke cluster, create custom SAand attach it to your nodes.

9.Only the managementsubnet can connectto the gke cluster.