Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
# author: Gary A. Stafford
# site:
# license: MIT License
# purpose: Create non-prod Kubernetes cluster on GKE
# Constants - CHANGE ME!
readonly PROJECT='gke-confluent-atlas'
readonly CLUSTER='storefront-api-non-prod'
readonly REGION='us-central1'
readonly MASTER_AUTH_NETS='<your_ip_cidr>'
readonly NAMESPACES=( 'dev' 'test' 'uat' )
# Build a 3-node, single-region, multi-zone GKE cluster
time gcloud beta container \
--project $PROJECT clusters create $CLUSTER \
--region $REGION \
--no-enable-basic-auth \
--no-issue-client-certificate \
--cluster-version "1.11.5-gke.5" \
--machine-type "n1-standard-2" \
--image-type "COS" \
--disk-type "pd-standard" \
--disk-size "100" \
--scopes "","","","","","" \
--num-nodes "1" \
--enable-stackdriver-kubernetes \
--enable-ip-alias \
--enable-master-authorized-networks \
--master-authorized-networks $MASTER_AUTH_NETS \
--network "projects/${PROJECT}/global/networks/default" \
--subnetwork "projects/${PROJECT}/regions/${REGION}/subnetworks/default" \
--default-max-pods-per-node "110" \
--addons HorizontalPodAutoscaling,HttpLoadBalancing,Istio \
--istio-config auth=MTLS_STRICT \
--metadata disable-legacy-endpoints=true \
--enable-autoupgrade \
# Get cluster creds
gcloud container clusters get-credentials $CLUSTER \
--region $REGION --project $PROJECT
kubectl config current-context
# Create Namespaces
kubectl apply -f ./resources/other/namespaces.yaml
# Enable automatic Istio sidecar injection
for namespace in ${NAMESPACES[@]}; do
kubectl label namespace $namespace istio-injection=enabled
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.