Are there any examples templates available how to create a p Pulumi Community #google-cloud

Are there any examples / templates available how t...

red-area-47037

09/29/2020, 9:56 AM

Are there any examples / templates available how to create a private GKE cluster and for private IP setup for Cloud SQL instances using Pulumi?

red-area-47037

10/02/2020, 9:44 PM

I am currently working myself through the Pulumi documentation and the GCP documentation in order to figure out how to configure a private GKE cluster using Pulumi... Right now I am investigating how to configure the GKE Cluster via Pulumi so it uses the Docker Hub mirror from GCP (as the nodes cant access Docker hub....). If anyone already set this up, it would be great if you can share your Pulumi code 😉

green-school-95910

10/05/2020, 6:01 PM

You can't replace docker hub with the mirror. The mirror contain only cached images, not the metadata. All gke clusters come with docker configured to use Google's mirrors when downloading images from the hub.

green-school-95910

10/05/2020, 6:02 PM

If you want to deploy an image from docker hub into a private gke you either need to give it access to docker, creating a NAT and adding the firewall rules, or you download the images and add retag them to GCR in one of your projects

red-area-47037

10/06/2020, 10:35 AM

Hi @green-school-95910, thanks for your responds. Can you point me to some documentation describing the needed steps to give the nodes access to Docker Hub (NAT, Firewall Rules)?

red-area-47037

10/06/2020, 10:35 AM

ahh I found this documentation on how to setup NAT: https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#private-nodes-outbound

red-area-47037

10/06/2020, 12:06 PM

I manually now did the necessary configuration and validated that the nodes can pull the images from Docker Hub. I am now searching the API Reference to see how I can define Cloud NAT and Cloud Routers (these are the names of the components I had to create in the UI) using Pulumi... There is no direct match I can find in the API Reference documentation. Does anyone know how to create Cloud Nat / Cloud Routers via Pulumi (preferably in TypeScript 😉)?

red-area-47037

10/06/2020, 12:22 PM

My current assumptions: Cloud NAT: https://www.pulumi.com/docs/reference/pkg/gcp/compute/routernat/ and/or https://www.pulumi.com/docs/reference/pkg/gcp/compute/route/ Cloud Router: https://www.pulumi.com/docs/reference/pkg/gcp/compute/router/

green-school-95910

10/06/2020, 1:29 PM

You only need a Router and a RouterNat to do it

green-school-95910

10/06/2020, 1:29 PM

The Route resource is only needed if you want to customize the path that the packets will take

red-area-47037

10/07/2020, 10:56 AM

thx, the following script did the job for me:

Copy code

//create CloudRouter to give private GKE Cluster Nodes access to the internet -> Docker Hub
const cloudRouter = new gcp.compute.Router(config.envName, { 
    network: "default", 
});

//create CloudNAT to give private GKE Cluster Nodes access to the internet -> Docker Hub
const cloudNat = new gcp.compute.RouterNat(config.envName, {
    router: cloudRouter.name,
    sourceSubnetworkIpRangesToNat: "ALL_SUBNETWORKS_ALL_IP_RANGES",
    natIpAllocateOption: "AUTO_ONLY"
});

red-area-47037

10/07/2020, 10:57 AM

I think it would be helpful for others if there could be an example of a private GKE cluster deployment be added to the GCP examples, or?

red-area-47037

10/07/2020, 11:06 AM

I am happy to do a PR for this, if you are ok with it...

green-school-95910

10/07/2020, 11:49 AM

I'm not from Pulumi 😅 You can ping one of them or just send the PR, I don't see any reason for they to refuse a new example.

3 Views

Open in Slack

Previous Next