VPC endpoints in Google Cloud Platform

I have created a Bastion host in GCP which I can use to build docker images, applying kubernetes configs etc., In AWS we can create VPC endpoints for services and then a route will be added to the bastion host subnet so all the connections are internal instead of external.

But how can I do that in GCP for the Bastion host? I don't want to build and push docker images externally and also I want the Jenkins and GitLab Pods in GKE cluster use the GCP resources internally as well.

Jenkins is a pod which also does Docker image builds and pushes to GKE repository but I need that Jenkin agent host to access GCP resources through internal/private connection as well.


Solution 1:

Private clusters give you the ability to isolate nodes from having inbound and outbound connectivity to the public internet. This isolation is achieved as the nodes have internal IP addresses only.

You can create a private cluster and then make sure that the bastion host is in the same subnet and that it communicates using the internal IP as described here, choosing among the three options depending on what configuration combination you wish to control access to the cluster endpoints.

Beyond the public documentation, I found this article that seems useful and well explained.

Please check the three options available to better determine if this would suit your needs.