Skip to content

Latest commit

 

History

History
144 lines (103 loc) · 2.99 KB

GSP178.md

File metadata and controls

144 lines (103 loc) · 2.99 KB
Raw

GSP178 - Setting up a Private Kubernetes Cluster

Task 1. Set a zone

  1. Set default zone

    gcloud config set compute/zone us-central1-a

Task 2. Creating a private cluster

  1. Buat private cluster

    gcloud beta container clusters create private-cluster \
    --enable-private-nodes \
    --master-ipv4-cidr 172.16.0.16/28 \
    --enable-ip-alias \
    --create-subnetwork ""

Task 3. Viewing your subnet and secondary address ranges

  1. List subnetwork

    gcloud compute networks subnets list --network default
    gcloud compute networks subnets describe [SUBNET_NAME] --region us-central1

Task 4. Enabling master authorized networks

  1. Buat vm

    gcloud compute instances create source-instance --zone us-central1-a --scopes 'https://www.googleapis.com/auth/cloud-platform'

  2. Copy ip vm

    gcloud compute instances describe source-instance --zone us-central1-a | grep natIP

  3. SSH ke vm

    gcloud compute ssh source-instance --zone us-central1-a

  4. Install and setup ``bash sudo apt-get install kubectl

    ```bash
sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin
gcloud container clusters get-credentials private-cluster --zone us-central1-a

    kubectl get nodes --output yaml | grep -A4 addresses
    kubectl get nodes --output wide

  5. Exit

    exit

Task 5. Clean Up

  1. Delete cluster

    gcloud container clusters delete private-cluster --zone us-central1-a

Task 6. Creating a private cluster that uses a custom subnetwork

  1. Create subnetwork

    gcloud compute networks subnets create my-subnet \
    --network default \
    --range 10.0.4.0/22 \
    --enable-private-ip-google-access \
    --region us-central1 \
    --secondary-range my-svc-range=10.0.32.0/20,my-pod-range=10.4.0.0/14

  2. Create cluster with custom subnetwork

    gcloud beta container clusters create private-cluster2 \
    --enable-private-nodes \
    --enable-ip-alias \
    --master-ipv4-cidr 172.16.0.32/28 \
    --subnetwork my-subnet \
    --services-secondary-range-name my-svc-range \
    --cluster-secondary-range-name my-pod-range \
    --zone us-central1-a

  3. get natIP

    gcloud compute instances describe source-instance --zone us-central1-a | grep natIP

  4. Authorize

    gcloud container clusters update private-cluster2 \
    --enable-master-authorized-networks \
    --zone us-central1-a \
    --master-authorized-networks [MY_EXTERNAL_RANGE]

  5. SSH

    gcloud compute ssh source-instance --zone us-central1-a

  6. configure access

    gcloud container clusters get-credentials private-cluster2 --zone us-central1-a

  7. Verify no external IP

    kubectl get nodes --output yaml | grep -A4 addresses