GKE DNS Load Balancer
Custom Domain (DNS) Forwarding to Kubernetes (GKE) Cluster via Load Balancer in GCP
In this tutorial we’ll deploy Kubernetes GKE cluster in GCP, set up GCP VPC Network, provision GCP SSL Certificate and Load Balancer to securely route traffic from the External (Internet) to Internal application (GKE Cluster).
The following resources will be provisioned in GCP at the end of this tutorial.
|Google Kubernetes Engine (GKE)||GCP Docs|
|GCP Load Balancer||GCP Docs|
|GCP VPC Network||GCP Docs|
|GCP SSL Certificate||GCP Docs|
|Public IP Address||GCP Docs|
You’ll need these prerequisite items in order to run this tutorial.
|GCP Account||Your own GCP account - Free Credits available!|
|Microsoft Powershell||We’ll run all the commands in this tutorial using Powershell|
|GCP SDK CLI||To interact with GCP resources from Powershell|
|Kubernetes CLI||To interact with Kubernetes cluster from Powershell|
|Domain Name||Your own Domain Name - in this tutorial I’m using my own platformops.dev|
|gke-dns-lb.ps1||Powershell to run this tutorial|
|yaml/deploy.yaml||Deployment YAML Template for Kubernetes Application|
It is assumed that beyond this point of this tutorial:
- You have GCP Account provisioned
- You have relevant Roles and Privileges setup for your User or Service Account
- You are Logged-in to your Account via GCP CLI
Verify Pre-deployment DNS Access
Just to make sure your chosen DNS entry, in our case gke-dns-lb.platformops.dev, forward rule is not working.
Let’s request gke-dns-lb.platformops.dev and the result should be the typical This site can’t be reached error.
At the end of this tutorial, your chosen DNS entry, in our case gke-dns-lb.platformops.dev, will return this.
Create variables to run in our tutorial - we’ll reference these at various stages during this tutorial.
GCP Project Name
This is required – it is your GCP Project Name.
1 $projectName = "<GCP PROJECT NAME>"
These can be left unchanged with defaults as below or rename these to suit your naming conventions, network requirements or cluster specifics.
1 2 3 4 5 6 7 8 9 10 11 12 $gkeName = "gke-dns-lb-c1" $region = "europe-west2" $zone = "europe-west2-a" $kubernetesVersion = "1.19.8-gke.1600" $kubernetesReleaseChannel = "None" $nodesCount = "1" $maxPods = "110" $machineType = "custom-2-4096" $machineImage = "COS" $diskType = "pd-standard" $diskSize = "32" $ipAddressName = "gke-dns-lb-ip"
Deploy GCP Resources
We’ll first provision all we need in GCP from the infrastructure point of view.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 gcloud container clusters create $gkeName ` --project $projectName ` --zone $zone ` --node-locations $zone ` --no-enable-basic-auth ` --enable-shielded-nodes ` --cluster-version $kubernetesVersion ` --release-channel $kubernetesReleaseChannel ` --machine-type $machineType ` --image-type $machineImage ` --disk-type $diskType ` --disk-size $diskSize ` --metadata disable-legacy-endpoints=true ` --num-nodes $nodesCount ` --no-enable-stackdriver-kubernetes ` --enable-ip-alias ` --network "projects/$projectName/global/networks/default" ` --subnetwork "projects/$projectName/regions/$region/subnetworks/default" ` --default-max-pods-per-node $maxPods ` --no-enable-master-authorized-networks ` --addons HttpLoadBalancing ` --no-shielded-integrity-monitoring ` --quiet
Wait for the above to finish before moving to the next step - this might take 10-20 minutes to provision in GCP.
Provision Public IP Address
We’ll need this Ip Address to point our DNS to the GKE instance in GCP.
1 2 3 4 gcloud compute addresses create $ipAddressName ` --project $projectName ` --global ` --quiet
Once we know our public IP Address we can configure it to forward calls to your domain and then all the way to our GKE in GCP.
Acquire Public IP Address
Let’s grab our public IP address with this command.
1 2 3 4 5 Write-Host "Your IP Address =>" ` (gcloud compute addresses describe $ipAddressName ` --project $projectName ` --global ` --format="value(address)")
Create “A” Record with Custom DNS
If you have your NS (Nameserver) Records configured with your own DNS registrar with whom you’ve registered your domain then you’ll need to do the following.
- Login to your Domain Registrar portal
- Go to DNS settings for your Domain
- Add A record, in our case gke-dns-lb, pointing to the Public IP Address obtained earlier
Note: DNS changes can take 10-20 minutes to propagate.
Deploy Applications in GKE
Great, so we have GKE cluster in GCP as well as the networking infrastructure, public IP address and DNS up and running now. Let’s now move down to the app deployments into Kubernetes.
Get Credentials for GKE
We now need to access GKE to start deploying apps into it. The script below will get credentials and set our sample GKE cluster as our current context.
1 2 3 gcloud container clusters get-credentials $gkeName ` --project $projectName ` --zone $zone
Show Context Details
Confirm we are connected to correct GKE cluster context.
1 2 kubectl config get-contexts kubectl config current-context
Deploy Sample GKE Application
We’ll use this YAML Template yaml/deploy.yaml to setup Namespaces, Deployment, Service, Pod, Ingress and SSL Certificate.
Let’s run the App deployment into our GKE cluster.
1 kubectl apply -f yaml/deploy.yaml
Keep checking output from this command - at some stage you’ll see 1x Pod Running, 1x Ingress and SSL Certificate Provisioned.
1 2 3 kubectl get all -n gke-dns-lb kubectl get ingress -n gke-dns-lb kubectl get managedcertificate -n gke-dns-lb
Wait for the above to finish before moving to the next step - the SSL Certificate can stay in Provisioning state for up to 60 minutes before it becomes Active.
Test our Application
Simply request your chosen Domain, in our case that is gke-dns-lb.platformops.dev, and verify that it now resolves to our sample GKE application running in Kubernetes in GCP.
If we didn’t have SSL Certificate configured as per steps above our sample GKE website would not respond because the latest browsers enforce HTTP Strict Transport Security (HSTS).
Notice SSL Certificate Padlock now securing our app according to the HSTS standards.
Simply run these commands below and within 5-10 minutes your Kubernetes and GCP Resources will be all gone.
Delete GKE Deployments
This will delete all the resources deployed into GKE as well as the underlying GCP infrastructure, such as Load Balancers, Routing Rules and SSL Certificate.
1 kubectl delete namespace gke-dns-lb
Delete GCP Resources
This deletes GKE cluster and public IP address (infrastructure) we’ve provisioned for this tutorial.
1 2 3 4 5 6 7 8 9 gcloud container clusters delete $gkeName ` --project $projectName ` --zone $zone ` --quiet gcloud compute addresses delete $ipAddressName ` --project $projectName ` --global ` --quiet
Clear GKE Access Details
This deletes your GKE cluster context and access details to the cluster form your workstation.
1 2 3 4 kubectl config delete-context gke_"$projectName"_"$zone"_"$gkeName" kubectl config unset users.gke_"$projectName"_"$zone"_"$gkeName" kubectl config unset contexts.gke_"$projectName"_"$zone"_"$gkeName" kubectl config unset clusters.gke_"$projectName"_"$zone"_"$gkeName"
Delete A Record in DNS
And of course, don’t forget to delete the A Record we’ve created earlier in the DNS Setup stage. Simply go to your DNS management portal and delete the A Record.