Solved: Blue/green deployment: Single or multiple VPCs

MH1169 · 07-06-2022 02:42 AM

Hi all,

I'm planning for blue/green deployment for my GKE clusters. What would be a better choice to deploy the clusters:

Single VPC with multiple subnets
- 1 blue subnet
- 1 green subnet
Multiple VPC with single subnet
- 1 green VPC - 1 green subnet
- 1 blue VPC - 1 blue subnet

The cons I can think of for single VPC is that no VPC peering is required and less overhead.

Are there any other points I'm missing?

Any pointers is greatly appreciated.

Thanks.

grobledo

From the security standpoint, it is always better to have separate VPCs. However, if your cluster is running within a single project/organization and there's only one team responsible for managing the network resources, then, it does not make sense to use separate VPCs, you would be just adding a grade of complexity to the implementation.

View solution in original post

grobledo

From the security standpoint, it is always better to have separate VPCs. However, if your cluster is running within a single project/organization and there's only one team responsible for managing the network resources, then, it does not make sense to use separate VPCs, you would be just adding a grade of complexity to the implementation.

MH1169

Thanks for the input. As the cluster is managed by the same team, a single VPC would be the ideal route.

I would like to dig a little deeper on separating VPCs from security standpoint. Would you be so kind to elaborate on that?

Thanks.