Create the Subnets

In this section, you will create the subnets for Management (public access) and the Google Kubernetes Engine Workers (private access).

When creating the subnets make sure that the IP ranges don't overlap with other subnets on other VPCs, since this would prevent VPC peering.

The name of the subnet must be unique, excluding names already assigned to subnets of any other VPC.

To create a subnet you would need to run the following command:

gcloud compute networks subnets create <SUBNET_NAME>  --network=<VPC_NETWORK_NAME> --range=<RANGE> --enable-private-ip-google-access --stack-type=IPV4_ONLY

Where:

<SUBNET_NAME> is the unique name chosen for the subnet

<VPC_NETWORK_NAME> is the name assigned to the VPC when created (see Create the Virtual Private Cloud or retrieve the name from your Google Cloud worksheet)

<RANGE> is the IP space allocated to this subnet in CIDR format.

<stack-type> is the stack type for the default network interface. It must be assigned a value of IPV4_ONLY.

Example command for a Management Subnet:

gcloud compute networks subnets create management-subnet --project=security-arcsight-nonprod --network=gcp-arcsight-test --range=10.1.49.0/24 --enable-private-ip-google-access --stack-type=IPV4_ONLY

Example command for a Private Subnet (workers):

gcloud compute networks subnets create private-subnet --project=security-arcsight-nonprod --network=gcp-arcsight-test --range=10.1.1.0/24 --enable-private-ip-google-access --stack-type=IPV4_ONLY

Remember to note down all incumbent configuration values in your Google Cloud worksheet