Score:0

GCP Adding Private Service Connection IP range to master authorized network throws error

tr flag

I followed this this GCP guide to be able to reach a Kubernetes Cluster private endpoint with Cloud Build jobs. I have set up everything (using Terraform). The final step in the guide is adding the (cloud build) private pool network range to the authorized networks of the cluster as such:

gcloud container clusters update PRIVATE_CLUSTER_NAME \
--enable-master-authorized-networks \
--region=REGION \
--master-authorized-networks=PRIVATE_POOL_NETWORK/PRIVATE_POOL_PREFIX

I have a private pool set up with an internal IP range of 192.170.0.0/16.

NAME: cloud-build-private-pool
ADDRESS/RANGE: 192.170.0.0/16
TYPE: INTERNAL
PURPOSE: VPC_PEERING
NETWORK: cb-runner-network
REGION:
SUBNET:
STATUS: RESERVED

But when I add the CIDR to the master authorized networks I get this error:

Invalid master authorized networks: network "192.170.0.0/16" is not a reserved network, which is required for private endpoints.

I tried everything but cant think of a reason why the allocated IP range cant be added. Help would be much appreciated.

Ron Maupin avatar
us flag
That IPv4 address range actually belongs to someone else. It is not in one of the IPv4 Private address ranges.
AMMJ avatar
tr flag
Could you clarify your answer? The linked GCP guide suggests that adding the private pool network range to the control plane authorized networks should work
Ron Maupin avatar
us flag
Notice in the document you have, it uses IPv4 Private addressing. You are trying to use a public address range that is assigned to other companies. For example, HP owns the `192.170.0.0/24` network that is part of the network you are trying to use. You cannot simply grab IP networks for your own use.
AMMJ avatar
tr flag
192.170.0.0/16 is an internal IP range though, not a public one.
Ron Maupin avatar
us flag
`192.170.0.0/16` does not belong to you, and your are not authorized to use it. Even trying to use it internally means that you will not be able to contact any of the companies authorized to use it on the public Internet. You use addresses from the three IPv4 Private address ranges for internal addressing because that is the specific reason for those address ranges.
AMMJ avatar
tr flag
Ah thank you! That explains everything. Problem solved.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.