Standalone Terraform configuration for testing out GKE when using PUPI ranges.
Configures Private GKE Cluster using either Service Networking or Private Service Connect (which Private Clusters will transition to when on 1.29+ https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#control-plane).
Edit terraform.tfvars and substitute variables as appropriate.
terraform init
terraform apply
- 001-networking.tf: Provisions a VPC, Subnet, Pod and Services ranges in the
30.0.0.0/8range. Enables Private Google Access for the subnet. - 002-dns.tf: Configures DNS for Private Google Access.
- 003-cluster.tf: Creates the GKE Cluster, using either Service Networking or Private Service Access, depending on the value of
use_private_service_connectin variables.tf. - 004-asm.tf: Joins the Cluster to GKE Hub, enables Managed ASM.
- 005-load-balancing.tf: Reserves a IP on the subnet for testing ILB.
- 006-vm.tf: Creates a VM on the subnet with an external IP address which can be SSH'd to connect to the private subnet resources.
gcloud container hub features describe servicemesh
Wait for controlPlaneManagement and dataPlaneManagement to be READY.
- test-manifests/001-nginx-deployment-only.yaml: Nginx deployment for testing
- test-manifests/002-nginx-ilb.yaml: Exposes Nginx via an Internal Load Balancer (can test via Curl from the VM)
- test-manifests/003-nginx-container-native-lb.yaml: Exposes nginx via an External Load Balancer using Container Native Load Balancing
- test-manifests/004-istio-ingress-gw-only.yaml: Creates and exposes an Istio Ingress Gateway via an External Load Balancer (TCP)
- test-manifests/005-nginx-ingressgw-exposure.yaml: Exposes the nginx deployment via the Ingress Gateway