Home > database >  What IP/CIDR ranges do I need to configure on my GKE cluster so my VPC will communicate with Mongo A
What IP/CIDR ranges do I need to configure on my GKE cluster so my VPC will communicate with Mongo A

Time:11-12

I am setting up VPC network peering between Mongo Atlas and a GKE cluster. Please be patient because I am a total noob with networking.

I am configuring my private cluster and I don't know what IP/CIDR ranges to pick for my GKE cluster and my VPC subnet.

So does my GKE cluster need to be on the same subnet as my VPC? How would I make this happen?

I need to pick a control plane IP range - so I picked 172.16.0.0/28.

I need to pick Cluster default pod address range - which I assume has to be 192.168.0.0/16?

I need to pick Service address range, which I assume can be anything Google will allow which is part of my VPC subnet (eg. 192.168.0.0/9) because it's not exposed to Atlas directly because I have an Ingress? I am assuming requests will travel from my server pod to my ingress then to Atlas? Is this a correct assumption or are all my services accessible from anywhere inside the VPC (and since the VPC peering treats Atlas and GKE like the same VPC, from Atlas too?).

I have to make a new subnet for my VPC in GKE, because otherwise I just get the IP/CIDR range for the default network, which does not match the Atlas VPC range, but when I do configure a new subnet with 192.168.0.0/16, I get this error from the Mongo side:

Connection Failed
Error trying to process asynchronous operation: An IP range in the peer network (192.168.0.0/16) overlaps with an IP range in the local network (192.168.160.0/21) allocated by resource (projects/p-0nwfjlybkawulyxo3aiyci3d/regions/us-west3/subnetworks/sn-61798f7fb1f2d87e98a3d6a7-77ha2bvh).

I thought I was using region us-central-1? I set up the GKE cluster as a Standard cluster with Location type Zonal - will this affect it?

Properly confused - what settings do I need to configure for my GKE cluster and GCP VPC and VPC Peering connection to set up the connection with Atlas?

CodePudding user response:

192.168.0.0/16 is a very wide CIDR being used by mongo atlas(peer network) which can be used by 65536 hosts.

Ensure not to use above CIDR in your VPC. you can use other private ranges 172.16.0.0/12 or 10.0.0.0/8 and use them to create your subnets.

Its better to have a proper analysis of all your existing networks and the CIDR ranges they are using. post analysis choose new CIDR for your new cluster in such a way that the new CIDR range you have choose doesn't conflicts/overlap with your existing networks CIDR ranges.

Note: even though you use ingress in cluster your cluster service, pod and control plane CIDR ranges shouldn't overlap with existing networkS CIDR ranges.

  • Related