Configure a zonal GKE cluster-scoped zone

This page describes how to use Cloud DNS to configure a zonal Google Kubernetes Engine (GKE) cluster-scope zone.

To configure a zonal GKE cluster-scoped DNS zone using Cloud DNS, first choose an existing private DNS zone or create a new private DNS zone to which to attach a specific GKE cluster. Next, configure the DNS zone to reference the GKE cluster's name.

For an overview of zonal Cloud DNS zones, see Zonal Cloud DNS zones. To learn more about scopes, see Scopes and hierarchies.

Create a zonal private zone for the zonal GKE cluster

To create a new managed zonal private zone using Cloud DNS for the zonal GKE cluster, follow this step.

gcloud

Run the gcloud dns managed-zones create command:

gcloud dns managed-zones create NAME \
    --description=DESCRIPTION \
    --visibility=private \
    --gkeclusters=GKE_CLUSTER \
    --location=LOCATION

Replace the following:

  • NAME: a name for your zone
  • DESCRIPTION: a description for your zone
  • GKE_CLUSTER: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster
  • LOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such as us-east1-b

API

Send a POST request by using the managedZones.create method:

POST https://www.googleapis.com/dns/v2/projects/PROJECT_ID/locations/LOCATION/managedZones
{

"name": "NAME",
"description": "DESCRIPTION",
"dnsName": "DNS_NAME",
"visibility": "private"
"privateVisibilityConfig": {
    "kind": "dns#managedZonePrivateVisibilityConfig",
    "gkeClusters": [{
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_1
        },
        {
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_2
        },
        ....
    ]
  }
}

Replace the following:

  • PROJECT_ID: the ID of the project where you have created the managed zone
  • NAME: a name for your zone
  • DESCRIPTION: a description for your zone
  • DNS_NAME: the DNS suffix for your zone, such as example.private
  • GKE_CLUSTER_NAME_1 and GKE_CLUSTER_NAME_2: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster
  • LOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such as us-east1-b

Authorize the zonal GKE cluster to query a Cloud DNS private zone

To authorize the zonal GKE cluster to query an existing Cloud DNS private zone, follow this step.

gcloud

Run the gcloud dns managed-zones update command:

gcloud dns managed-zones update NAME \
    --gkeclusters=GKE_CLUSTER  \
    --location=LOCATION

Replace the following:

  • NAME: the name of your zone, such as my-zone
  • GKE_CLUSTER: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster
  • LOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such as us-east1-b. The managed zone is only visible in this Google Cloud zone.

API

Send a PATCH request by using the managedZones.patch method:

PATCH https://www.googleapis.com/dns/v2/projects/PROJECT_ID/locations/LOCATION/managedZones/NAME
{
"privateVisibilityConfig": {
    "gkeClusters": [{
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_1
        },
        {
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_2
        },
        ....
    ]
  }
}

Replace the following:

  • PROJECT_ID: the ID of the project where you have created the managed zone
  • NAME: the name of your zone, such as my-zone
  • GKE_CLUSTER_NAME_1 and GKE_CLUSTER_NAME_2: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster
  • LOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such as us-east1-b. The managed zone is only visible in this Google Cloud zone.

Configure the zonal GKE cluster to query a zonal response policy

To configure the zonal GKE cluster to query a zonal response policy, follow this step.

gcloud

Run the gcloud dns response-policies create command:

gcloud dns response-policies create NAME \
    --description=DESCRIPTION \
    --gkeclusters=GKE_CLUSTER  \
    --location=LOCATION

Replace the following:

  • NAME: a name for your response policy, such as my-response-policy
  • DESCRIPTION: a description for your response policy, such as my-response-policy-for-gke-5
  • GKE_CLUSTER: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster
  • LOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such as us-east1-b. The managed zone is only visible in this Google Cloud zone.

API

Send a POST request by using the responsePolicies.create method:

POST https://www.googleapis.com/dns/v2/projects/PROJECT_ID/locations/LOCATION/responsePolicies
{
  "responsePolicyName": "NAME",
  "description": "DESCRIPTION",
  "gkeClusters": [
    {
      "kind": "dns#responsePolicyGKECluster",
      "gkeClusterName": "GKE_CLUSTER"
    },
  ]
}

Replace the following:

  • NAME: a name for your response policy, such as my-response-policy
  • DESCRIPTION: a description for your response policy, such as my-response-policy-for-gke-5
  • GKE_CLUSTER: the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster
  • LOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such as us-east1-b. The managed zone is only visible in this Google Cloud zone.

What's next