Configure a GKE cluster scope

This page describes how to use Cloud DNS to configure a Google Kubernetes Engine cluster scope.

To configure a GKE cluster-scoped DNS zone using Cloud DNS, first choose an existing private DNS zone or create a new private DNS zone to which to attach a specific GKE cluster. Next, configure the DNS zone to reference the GKE cluster's name.

To learn more about scopes, see Scopes and hierarchies.

Create a private zone for the GKE cluster

To create a new managed private zone using Cloud DNS for the GKE cluster, complete the following step.

gcloud

Run the gcloud dns managed-zones create command:

gcloud dns managed-zones create NAME \
    --dns-name=DNS_NAME \
    --visibility=private \
    --gkeclusters=GKE_CLUSTER

Replace the following:

  • NAME: a name for your zone
  • DNS_NAME: the DNS suffix for your zone, such as example.private.
  • GKE_CLUSTER: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1a/clusters/my-cluster

API

Send a POST request by using the managedZones.create method:

POST https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/managedZones
{

"name": "NAME",
"description": "DESCRIPTION",
"dnsName": "DNS_NAME",
"visibility": "private"
"privateVisibilityConfig": {
    "kind": "dns#managedZonePrivateVisibilityConfig",
    "gkeClusters": [{
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_1
        },
        {
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_2
        },
        ....
    ]
  }
}

Replace the following:

  • PROJECT_ID: the ID of the project where you have created the managed zone
  • NAME: a name for your zone
  • DESCRIPTION: a description for your zone
  • DNS_NAME: the DNS suffix for your zone, such as example.private.
  • GKE_CLUSTER_NAME_1 and GKE_CLUSTER_NAME_2: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1a/clusters/my-cluster

Authorize the GKE cluster to query a Cloud DNS private zone

To authorize the GKE cluster to query an existing Cloud DNS private zone, complete the following step.

gcloud

Run the gcloud dns managed-zones update command:

gcloud dns managed-zones update NAME \
    --gkeclusters=GKE_CLUSTER

Replace the following:

  • NAME: the name of your zone, such as my-zone
  • GKE_CLUSTER: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1a/clusters/my-cluster

API

Send a PATCH request by using the managedZones.patch method:

PATCH https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/managedZones/NAME
{
"privateVisibilityConfig": {
    "gkeClusters": [{
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_1
        },
        {
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_2
        },
        ....
    ]
  }
}

Replace the following:

  • PROJECT_ID: the ID of the project where you have created the managed zone
  • NAME: the name of your zone, such as my-zone
  • GKE_CLUSTER_NAME_1 and GKE_CLUSTER_NAME_2: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1a/clusters/my-cluster

Configure the GKE cluster to query a response policy

To configure the GKE cluster to query a response policy, complete the following step.

gcloud

Run the gcloud dns response-policies create command:

gcloud dns response-policies create NAME \
    --description=DESCRIPTION \
    --gkeclusters=GKE_CLUSTER

Replace the following:

  • NAME: a name for your response policy, such as my-response-policy
  • DESCRIPTION: a description for your response policy, such as "my-response-policy-for-gke-5"
  • GKE_CLUSTER: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1a/clusters/my-cluster

API

Send a POST request by using the responsePolicies.create method:

POST https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/responsePolicies
{
  "responsePolicyName": "NAME",
  "description": "DESCRIPTION",
  "gkeClusters": [
    {
      "kind": "dns#responsePolicyGKECluster",
      "gkeClusterName": "GKE_CLUSTER"
    },
  ]
}

Replace the following:

  • NAME: a name for your response policy, such as my-response-policy
  • DESCRIPTION: a description for your response policy, such as my-response-policy-for-gke-5
  • GKE_CLUSTER: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1a/clusters/my-cluster

What's next