To set up an externally facing load balancer with GKE on AWS, you need to tag your VPC and public subnet with your cluster ID. If you have already tagged your VPC and subnet, skip to Enabling Ingress.
Before you begin
Before you start using GKE on AWS, make sure you have performed the following tasks:
- Complete the Prerequisites.
- Install a management service.
- Create a user cluster.
GKE on AWS requires tags on subnets that contain load balancer
endpoints. GKE on AWS automatically tags all subnets specified in the
spec.Networking.ServiceLoadBalancerSubnetIDs
field of the AWSCluster resource.
If you would like to add additional subnets to your user cluster, or if you need to re-apply tags to existing subnets, perform the following steps.
From your
anthos-awsdirectory, useanthos-gketo switch context to your management service.cd anthos-aws anthos-gke aws management get-credentials
Get the ID of your cluster's AWS VPC with
kubectland store it as a variable.export VPC_ID=$(\ env HTTPS_PROXY=http://localhost:8118 \ kubectl get awscluster cluster-0 -o jsonpath='{.spec.networking.vpcID}')Check the variables content with
echo. The output resemblesvpc-12345678abcdef0.echo $VPC_IDSave your cluster ID into an environment variable.
export CLUSTER_ID=$(\ env HTTPS_PROXY=http://localhost:8118 \ kubectl get awscluster cluster-0 -o jsonpath='{.status.clusterID}')You can check the variable with
echo:echo $CLUSTER_IDThe response includes your cluster ID.
gke-12345678If you installed GKE on AWS into a dedicated VPC, you can use the
awscommand-line tool to retrieve the subnet ID.Select from the following options:
- Public, if you want to expose Services on your public subnet.
- Private, if you want to expose Services on your private subnet.
Multiple subnets, if you want to expose Services on multiple subnets.
Public
export SUBNET_ID=$(aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$VPC_ID" "Name=tag:Name,Values=*public*" \ --query "Subnets[*].SubnetId" \ --output text)The output is an object that contains your subnet ID. It resembles
subnet-1234abcdefg. You can check the variable withecho:echo $SUBNET_IDThe response includes your subnet ID.
subnet-012345678abcdefPrivate
export SUBNET_ID=$(aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$VPC_ID" "Name=tag:Name,Values=*private*" \ --query "Subnets[*].SubnetId" \ --output text)The output is an object that contains your subnet ID. It resembles
subnet-1234abcdefg. You can check the variable withecho:echo $SUBNET_IDThe response includes your subnet ID.
subnet-012345678abcdefMultiple subnets
If you are using multiple subnets for your AWSNodePools (for example, if you use multiple availability zones), you need to tag your subnet IDs individually.
Retrieve your list of subnet IDs with
aws ec2 describe-subnets.To get a list of all public subnets, run the following command:
aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$VPC_ID" "Name=tag:Name,Values=*public*" \ --query "Subnets[*].SubnetId" \ --output textTo get a list of all private subnets, run the following command:
aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$VPC_ID" "Name=tag:Name,Values=*private*" \ --query "Subnets[*].SubnetId" \ --output textThe response includes your subnet IDs.
subnet-012345678abcdef subnet-abcdef123456789 subnet-123456789abcdefTag your subnet with your cluster ID. If you have multiple subnets, select Multiple subnets.
Single subnet
aws ec2 create-tags \ --resources $SUBNET_ID \ --tags Key=kubernetes.io/cluster/$CLUSTER_ID,Value=sharedMultiple subnets
For each of your subnets, run the following command:
aws ec2 create-tags \ --resources subnet-ids \ --tags Key=kubernetes.io/cluster/$CLUSTER_ID,Value=sharedReplace subnet-ids with the list of subnet IDs, separated by spaces. For example,
subnet-012345678abcdef subnet-abcdef123456789 subnet-123456789abcdef.