1. Address
    1. IP Ranges
      1. Nodes, Pods and Services unique IP range
      2. Nodes allocated IP from primary VPC subnet IP range
      3. Pods and Services allocated IP from secondary ranges
      4. Pod and Services secondary ranges must be specified before cluster creation
    2. Nodes
      1. Per Node allocation for Pods is /24 = 256 IPs
      2. Users can allocate a smaller range per Node
    3. Pods
      1. Pods are limited by default to 110 per node
      2. More IPs are allocated than Pods for IP reuse and lifecycle management
      3. No per node Pod IP range must be > 2x max number of Pods per node
    4. Services
      1. IP allocation for the entire cluster (no per node allocation)
    5. Growth
      1. Node IP range = primary VPC subnet range
      2. Pod IP range = VPC secondary IP range for Pods
      3. Divide total range by per node allocation
      4. Google recommends going one CIDR higher if at the upper end of max IP range
    6. Max pods per node | CIDR range per node
      1. 8 | /28
      2. 9 to 16 | /27
      3. 17-32 | /26
      4. 33-64 | /26
      5. 65-110 | /24
    7. Node size | Max nodes | Max Pod IPs | Recommended Pod IP Range
      1. /29 | 4 | 1024 | /21
      2. /28 | 12 | 3072 | /20
      3. /27 | 28 | 7168 | /19
      4. /26 | 60 | 15360 | /18
      5. /25 | 124 | 31744 | /17
      6. /24 | 252 | 65512 | /16
      7. /23 | 508 | 130048 | /15
      8. /22 | 1020 | 261120 | /14
      9. /21 | 2044 | 523264 | /13
      10. /20 | 4092 | 1047552 | /12
      11. /19 | 8188 | 2096128 | /11 (Max Pod address range)
  2. Private clusters
    1. Removes external IPs from nodes
    2. Restrict master plane communication with master authorized networks or public endpoints
    3. Master node is in a Google controlled project
    4. Managed master node has public access via kubectl
    5. Private clusters create network peering connection to Google controlled project
    6. Network peering enables private RFC 1918 communication with master
    7. Private clusters allow access from resources in same subnet as cluster and whitelisted networks
    8. Whitelist IP addresses/ranges to access master node
    9. Public Endpoint is a whitelisted external (non-RFC 1918) located resource
    10. Master Authorized Network
      1. Whitelisted private (RFC 1918) located resource
      2. Authorized and whitelisted with --master-authorized-networks command
  3. Monitoring
    1. Monitors GKE clusters
    2. Manages monitoring and logging
    3. View a cluster's key metrics (CPU, memory, open incidents)
    4. View a cluster's infrastructure, workloads, services
    5. Inspects a cluster's namespace, nodes, workloads, services, pods and containers