no problem creating via gcloud container with no ip aliases

Question

no problem creating via gcloud container with no ip aliases and autoassign range

green-school-95910 · Answer

Continuing what I sent on general Take a look about VPC native clusters and about routes based clusters They work differently regarding IP allocations and interaction with the VPC network

green-school-95910 · Answer

The default can trick you because they are not very consistent

green-school-95910 · Answer

And although newer gcloud versions returned to routes based they add a lot of options that are not the default for the API Pulumi used the API directly so you need to set those values to work

green-school-95910 · Answer

VPC native clusters have advantages over routes based ones but they also require more configuration and care

green-school-95910 · Answer

The parameter for VPC native on Pulumi is <https www pulumi com docs reference pkg nodejs pulumi gcp container ClusterArgs ipAllocationPolicy|this one>

victorious-helmet-11068 · Answer

I also tried with the undocumented networking mode <https github com pulumi pulumi gcp blob 8a0db4aff3c832cee0e6f89ade72415858291669 sdk go gcp container cluster go L157>

victorious-helmet-11068 · Answer

forcing to ROUTES

green-school-95910 · Answer

That is ignored as input

green-school-95910 · Answer

If there is no `ipAllocationPolicy` the cluster will be routes based

victorious-helmet-11068 · Answer

yes the expected as was before

victorious-helmet-11068 · Answer

and as I would like

green-school-95910 · Answer

Check you network and subnetworks

green-school-95910 · Answer

For routes based there must be a subnetwork in the same region and the network must have a 14 range available

victorious-helmet-11068 · Answer

is there a way to do pulumi up using the old gcp plugin seems the only change

green-school-95910 · Answer

I think this might be leftovers so you should check if the cluster auto allocated a range and left it there after it was destroyed

victorious-helmet-11068 · Answer

and in that case cli continues to work sounds strange But I check

green-school-95910 · Answer

CLI is smarter than the raw API

victorious-helmet-11068 · Answer

but the range is visible in vpc networks theorically no only ip aliases area visible Where i can check this leftover

green-school-95910 · Answer

You can set the <https cloud google com kubernetes engine docs how to routes based cluster pod address range|range directly> I personally prefer to have everything on the infrastructure explicit

victorious-helmet-11068 · Answer

I have a running cluster at the moment But no sign of its range here

green-school-95910 · Answer

Sorry it should be under routes in your case

green-school-95910 · Answer

Something like this probably

victorious-helmet-11068 · Answer

yes Found thanks But I see only that cluster I figure that I setup several VPNs from the creation of that cluster to now and I have a 10 0 0 0 8 sattic route mhmhm may be

green-school-95910 · Answer

If you aready have a route for 10 0 0 0 8 you can t auto allocate a 14 inside of it Not sure what magic gcloud is doing in this case might be worth creating a cluster with it just to see which route appears

victorious-helmet-11068 · Answer

make sense I try to remove that static

victorious-helmet-11068 · Answer

not so easy to do this trial

victorious-helmet-11068 · Answer

but with CLI it is working I m not so sure that is a 10 0 0 0 route issue

green-school-95910 · Answer

That is why I said that it might be worth creating the cluster with gcloud and inspecting it It might be setting something different

victorious-helmet-11068 · Answer

without 10 0 0 0 8 route it is working It is a huge problem but it make sense now

victorious-helmet-11068 · Answer

Thanks Luiz for the support