- The cluster needs to be VPC-native to have direct access to other Cloud Compute instances via private IP. Otherwise you must to use public IP and allow firewall rule for NAT gateway for GKE.
- The firewall should allow access to Compute instance port from the cluster network (
clusterIpv4Cidr
).
- VPC network: - dedicated subnet - global static IP for ingress
- Cloud DNS:
- Managed zone:
web.biz
-A
record forhello.web.biz
to the static IP
Cloud SDK commands:
gcloud config set project hello-world
gcloud config set compute/region europe-west6
gcloud config set compute/zone europe-west6-a
gcloud container clusters create hello-web --enable-ip-alias --subnetwork hello-web-subnet
gcloud container clusters get-credentials hello-web
gcloud container clusters describe hello-web
Pay attention to clusterIpv4Cidr
and servicesIpv4Cidr
IP address ranges.
Run:
gcloud compute addresses create helloweb-ip --global
gcloud compute addresses describe helloweb-ip --global
Point the given IP at hello.web.biz
on the Cloud DNS zone page.
Create a web server with load-balancer and managed TLS certificate:
kubectl apply -f gke-helloweb-example.yaml
kubectl get ingress
kubectl describe managedcertificate
curl https://hello.web.biz/
It is possible to disable plain HTTP with kubernetes.io/ingress.allow-http: "false"
annotation.