1

I followed this this GCP guide to be able to reach a Kubernetes Cluster private endpoint with Cloud Build jobs. I have set up everything (using Terraform). The final step in the guide is adding the (cloud build) private pool network range to the authorized networks of the cluster as such:

gcloud container clusters update PRIVATE_CLUSTER_NAME \
--enable-master-authorized-networks \
--region=REGION \
--master-authorized-networks=PRIVATE_POOL_NETWORK/PRIVATE_POOL_PREFIX

I have a private pool set up with an internal IP range of 192.170.0.0/16.

NAME: cloud-build-private-pool
ADDRESS/RANGE: 192.170.0.0/16
TYPE: INTERNAL
PURPOSE: VPC_PEERING
NETWORK: cb-runner-network
REGION:
SUBNET:
STATUS: RESERVED

But when I add the CIDR to the master authorized networks I get this error:

Invalid master authorized networks: network "192.170.0.0/16" is not a reserved network, which is required for private endpoints.

I tried everything but cant think of a reason why the allocated IP range cant be added. Help would be much appreciated.

AMMJ
  • 11
  • 1
  • That IPv4 address range actually belongs to someone else. It is not in one of the IPv4 Private address ranges. – Ron Maupin Mar 23 '22 at 15:24
  • Could you clarify your answer? The linked GCP guide suggests that adding the private pool network range to the control plane authorized networks should work – AMMJ Mar 23 '22 at 15:27
  • Notice in the document you have, it uses IPv4 Private addressing. You are trying to use a public address range that is assigned to other companies. For example, HP owns the `192.170.0.0/24` network that is part of the network you are trying to use. You cannot simply grab IP networks for your own use. – Ron Maupin Mar 23 '22 at 15:42
  • 192.170.0.0/16 is an internal IP range though, not a public one. – AMMJ Mar 23 '22 at 15:48
  • `192.170.0.0/16` does not belong to you, and your are not authorized to use it. Even trying to use it internally means that you will not be able to contact any of the companies authorized to use it on the public Internet. You use addresses from the three IPv4 Private address ranges for internal addressing because that is the specific reason for those address ranges. – Ron Maupin Mar 23 '22 at 15:57
  • Ah thank you! That explains everything. Problem solved. – AMMJ Mar 23 '22 at 16:24

0 Answers0