google-cloud-platformgoogle-kubernetes-enginegoogle-cloud-vpn

GCP Adding Private Service Connection IP range to master authorized network throws error


I followed this this GCP guide to be able to reach a Kubernetes Cluster private endpoint with Cloud Build jobs. I have set up everything (using Terraform). The final step in the guide is adding the (cloud build) private pool network range to the authorized networks of the cluster as such:

gcloud container clusters update PRIVATE_CLUSTER_NAME \
--enable-master-authorized-networks \
--region=REGION \
--master-authorized-networks=PRIVATE_POOL_NETWORK/PRIVATE_POOL_PREFIX

I have a private pool set up with an internal IP range of 192.170.0.0/16 as can be seen here.

enter image description here

But when I add the CIDR to the master authorized networks I get this error:

Invalid master authorized networks: network "192.170.0.0/16" is not a reserved network, which is required for private endpoints.

NAME: cloud-build-private-pool
ADDRESS/RANGE: 192.170.0.0/16
TYPE: INTERNAL
PURPOSE: VPC_PEERING
NETWORK: cb-runner-network
REGION:
SUBNET:
STATUS: RESERVED

I tried everything but cant think of a reason why the allocated IP range cant be added. Help would be much appreciated.


Solution

  • Solved. The IP address range was wrong and I needed to use one of the three private IP ranges as can be read here: https://cloud.google.com/vpc/docs/subnets#valid-ranges