Ricardo Trentin rtrentin73

## on-prem-config.txt
crypto ikev2 proposal gcp-central1-gw-on-prem-csr-proposal
 encryption aes-cbc-256 aes-cbc-192 aes-cbc-128
 integrity sha256
 group 16
!
crypto ikev2 policy gcp-central1-gw-on-prem-csr-policy
 proposal gcp-central1-gw-on-prem-csr-proposal
!
crypto ikev2 keyring gcp-central1-gw-on-prem-csr-key-0
 peer gcp-central1-gw-interface-0

## on-prem-route-table.txt
ip-192-168-0-93#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

## nginx-import.yaml
kind: ServiceImport
apiVersion: net.gke.io/v1
metadata:
 namespace: nginx
 name: external-svc-nginx
status:
 ports:
 - name: nginx
   port: 80
   protocol: TCP

## nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx
  namespace: mcs-common
spec:
  type: ClusterIP
  selector:
    app: nginx
  ports:

## nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: mcs-common
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2

## nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx
  annotations:
    networking.gke.io/load-balancer-type: "Internal"
  labels:
    app: nginx
spec:
  type: LoadBalancer

## nginx-export.yaml
kind: ServiceExport
apiVersion: net.gke.io/v1
metadata:
 namespace: mcs-common
 name: nginx

## gist:fc4b1e90bcb0f6b2732623855b769025
gcloud beta container clusters create gke-us-east4-cluster-1 \
--zone "us-east4-a" \
--enable-private-nodes \
--enable-private-endpoint \
--master-ipv4-cidr "192.168.254.0/28" \
--enable-ip-alias \
--network  "gcp-spoke100-us-east4" \
--subnetwork "gcp-spoke100-us-east4-nodes" \
--cluster-secondary-range-name "gcp-spoke100-us-east4-pod" \
--services-secondary-range-name "gcp-spoke100-us-east4-services" \

## gist:2fc326b965c7d89c17c862be5b1306f2
gcloud beta container clusters create gke-us-east4-cluster-2 \
--zone "us-east4-b" \
--enable-private-nodes \
--enable-private-endpoint \
--master-ipv4-cidr "192.168.254.16/28" \
--enable-ip-alias \
--network  "gcp-spoke200-us-east4" \
--subnetwork "gcp-spoke200-us-east4-nodes" \
--cluster-secondary-range-name "gcp-spoke200-us-east4-pod" \
--services-secondary-range-name "gcp-spoke200-us-east4-services" \

## gist:d3278e4453ec90a1e54dbed1e3b130ab
config router bgp
    set as 65002
    set router-id 10.255.162.68
    set ebgp-multipath enable
    set graceful-restart enable
    config neighbor
        edit "10.255.160.116"
            set ebgp-enforce-multihop enable
            set ebgp-multihop-ttl 16
            set remote-as 65001
	crypto ikev2 proposal gcp-central1-gw-on-prem-csr-proposal
	encryption aes-cbc-256 aes-cbc-192 aes-cbc-128
	integrity sha256
	group 16
	!
	crypto ikev2 policy gcp-central1-gw-on-prem-csr-policy
	proposal gcp-central1-gw-on-prem-csr-proposal
	!
	crypto ikev2 keyring gcp-central1-gw-on-prem-csr-key-0
	peer gcp-central1-gw-interface-0
	ip-192-168-0-93#show ip route
	Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
	D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
	N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
	E1 - OSPF external type 1, E2 - OSPF external type 2
	i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
	ia - IS-IS inter area, * - candidate default, U - per-user static route
	o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
	a - application route
	+ - replicated route, % - next hop override, p - overrides from PfR
	kind: ServiceImport
	apiVersion: net.gke.io/v1
	metadata:
	namespace: nginx
	name: external-svc-nginx
	status:
	ports:
	- name: nginx
	port: 80
	protocol: TCP
	apiVersion: v1
	kind: Service
	metadata:
	name: nginx
	namespace: mcs-common
	spec:
	type: ClusterIP
	selector:
	app: nginx
	ports:
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: nginx
	namespace: mcs-common
	spec:
	selector:
	matchLabels:
	app: nginx
	replicas: 2
	kind: ServiceExport
	apiVersion: net.gke.io/v1
	metadata:
	namespace: mcs-common
	name: nginx
	gcloud beta container clusters create gke-us-east4-cluster-1 \
	--zone "us-east4-a" \
	--enable-private-nodes \
	--enable-private-endpoint \
	--master-ipv4-cidr "192.168.254.0/28" \
	--enable-ip-alias \
	--network "gcp-spoke100-us-east4" \
	--subnetwork "gcp-spoke100-us-east4-nodes" \
	--cluster-secondary-range-name "gcp-spoke100-us-east4-pod" \
	--services-secondary-range-name "gcp-spoke100-us-east4-services" \
	gcloud beta container clusters create gke-us-east4-cluster-2 \
	--zone "us-east4-b" \
	--enable-private-nodes \
	--enable-private-endpoint \
	--master-ipv4-cidr "192.168.254.16/28" \
	--enable-ip-alias \
	--network "gcp-spoke200-us-east4" \
	--subnetwork "gcp-spoke200-us-east4-nodes" \
	--cluster-secondary-range-name "gcp-spoke200-us-east4-pod" \
	--services-secondary-range-name "gcp-spoke200-us-east4-services" \
	config router bgp
	set as 65002
	set router-id 10.255.162.68
	set ebgp-multipath enable
	set graceful-restart enable
	config neighbor
	edit "10.255.160.116"
	set ebgp-enforce-multihop enable
	set ebgp-multihop-ttl 16
	set remote-as 65001