Background
This article will go through the best practice configuration for a GCP project when deploying the Virtru gateway via GCP marketplace listing.
Minimum Resources to provision
-
1 VPC with 1 subnet
-
1 Cluster on the new VPC above
-
1 Cloud NAT Gateway
-
1 Cloud Router
Deployment Steps
Provision VPC
-
Navigate to the VPC networks section of GCP by searching “VPC networks”
-
Click “+ Create VPC Network”
-
Give your VPC a name, and create a custom subnet using the details below as an example
-
Click “Create”
Provision Cluster
-
Navigate to the Kubernetes clusters section of GCP by searching “Kubernetes clusters”
-
Click “+ Create”
-
Configure a GKE Standard cluster
-
When configuring the zone, choose the same region as your subnet you created and using the details below as an example
- Navigate to the Networking section of the cluster deployment and choose the Network and Subnet you configured above
-
Click “Create” at the bottom of the page
Provision Cloud NAT
-
Navigate to the Cloud NAT section of GCP by searching “Cloud NAT”
-
Click “+ Create NAT Gateway”
-
Configure your NAT Gateway to use the VPC configured earlier
-
Choose the region you previously created the subnet and cluster in
-
Create a new Cloud Router
-
Keep default values
-
-
Under NAT mapping, select “Primary and secondary ranges for all subnets” for “Source (internal)”
-
Select a manual NAT IP address, and add a static IP you will use specifically for the Virtru gateway
-
Click “Create”
Deploy Virtru Gateway
Follow the instructions found here to deploy the Virtru gateway according to your needs, and be sure to use the cluster created in the steps above for any gateway instances deployed.