Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
r
red-area-47037
09/29/2020, 9:56 AMAre there any examples / templates available how to create a private GKE cluster and for private IP setup for Cloud SQL instances using Pulumi?
I am currently working myself through the Pulumi documentation and the GCP documentation in order to figure out how to configure a private GKE cluster using Pulumi...
Right now I am investigating how to configure the GKE Cluster via Pulumi so it uses the Docker Hub mirror from GCP (as the nodes cant access Docker hub....).
If anyone already set this up, it would be great if you can share your Pulumi code 😉
g
green-school-95910
10/05/2020, 6:01 PMYou can't replace docker hub with the mirror. The mirror contain only cached images, not the metadata. All gke clusters come with docker configured to use Google's mirrors when downloading images from the hub.
If you want to deploy an image from docker hub into a private gke you either need to give it access to docker, creating a NAT and adding the firewall rules, or you download the images and add retag them to GCR in one of your projects
r
red-area-47037
10/06/2020, 10:35 AMHi @green-school-95910,
thanks for your responds. Can you point me to some documentation describing the needed steps to give the nodes access to Docker Hub (NAT, Firewall Rules)?
ahh I found this documentation on how to setup NAT: https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#private-nodes-outbound
I manually now did the necessary configuration and validated that the nodes can pull the images from Docker Hub. I am now searching the API Reference to see how I can define Cloud NAT and Cloud Routers (these are the names of the components I had to create in the UI) using Pulumi...
There is no direct match I can find in the API Reference documentation. Does anyone know how to create Cloud Nat / Cloud Routers via Pulumi (preferably in TypeScript 😉)?
My current assumptions:
Cloud NAT: https://www.pulumi.com/docs/reference/pkg/gcp/compute/routernat/ and/or https://www.pulumi.com/docs/reference/pkg/gcp/compute/route/
Cloud Router: https://www.pulumi.com/docs/reference/pkg/gcp/compute/router/
g
green-school-95910
10/06/2020, 1:29 PMYou only need a Router and a RouterNat to do it
The Route resource is only needed if you want to customize the path that the packets will take
r
red-area-47037
10/07/2020, 10:56 AMthx, the following script did the job for me:
//create CloudRouter to give private GKE Cluster Nodes access to the internet -> Docker Hub
const cloudRouter = new gcp.compute.Router(config.envName, {
network: "default",
});
//create CloudNAT to give private GKE Cluster Nodes access to the internet -> Docker Hub
const cloudNat = new gcp.compute.RouterNat(config.envName, {
router: cloudRouter.name,
sourceSubnetworkIpRangesToNat: "ALL_SUBNETWORKS_ALL_IP_RANGES",
natIpAllocateOption: "AUTO_ONLY"
});I think it would be helpful for others if there could be an example of a private GKE cluster deployment be added to the GCP examples, or?
I am happy to do a PR for this, if you are ok with it...
g
green-school-95910
10/07/2020, 11:49 AMI'm not from Pulumi 😅
You can ping one of them or just send the PR, I don't see any reason for they to refuse a new example.