This message was deleted.
# google-clouds
sparse-intern-71089
09/29/2020, 9:56 AMThis message was deleted.
r
red-area-47037
10/02/2020, 9:44 PMI am currently working myself through the Pulumi documentation and the GCP documentation in order to figure out how to configure a private GKE cluster using Pulumi...
Right now I am investigating how to configure the GKE Cluster via Pulumi so it uses the Docker Hub mirror from GCP (as the nodes cant access Docker hub....).
If anyone already set this up, it would be great if you can share your Pulumi code 😉
g
green-school-95910
10/05/2020, 6:01 PMYou can't replace docker hub with the mirror. The mirror contain only cached images, not the metadata. All gke clusters come with docker configured to use Google's mirrors when downloading images from the hub.
green-school-95910
10/05/2020, 6:02 PMIf you want to deploy an image from docker hub into a private gke you either need to give it access to docker, creating a NAT and adding the firewall rules, or you download the images and add retag them to GCR in one of your projects
r
red-area-47037
10/06/2020, 10:35 AMHi @green-school-95910,
thanks for your responds. Can you point me to some documentation describing the needed steps to give the nodes access to Docker Hub (NAT, Firewall Rules)?
red-area-47037
10/06/2020, 10:35 AMahh I found this documentation on how to setup NAT: https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#private-nodes-outbound
red-area-47037
10/06/2020, 12:06 PMI manually now did the necessary configuration and validated that the nodes can pull the images from Docker Hub. I am now searching the API Reference to see how I can define Cloud NAT and Cloud Routers (these are the names of the components I had to create in the UI) using Pulumi...
There is no direct match I can find in the API Reference documentation. Does anyone know how to create Cloud Nat / Cloud Routers via Pulumi (preferably in TypeScript 😉)?
red-area-47037
10/06/2020, 12:22 PMMy current assumptions:
Cloud NAT: https://www.pulumi.com/docs/reference/pkg/gcp/compute/routernat/ and/or https://www.pulumi.com/docs/reference/pkg/gcp/compute/route/
Cloud Router: https://www.pulumi.com/docs/reference/pkg/gcp/compute/router/
g
green-school-95910
10/06/2020, 1:29 PMYou only need a Router and a RouterNat to do it
green-school-95910
10/06/2020, 1:29 PMThe Route resource is only needed if you want to customize the path that the packets will take
r
red-area-47037
10/07/2020, 10:56 AMthx, the following script did the job for me:
Copy code
//create CloudRouter to give private GKE Cluster Nodes access to the internet -> Docker Hub
const cloudRouter = new gcp.compute.Router(config.envName, {
network: "default",
});
//create CloudNAT to give private GKE Cluster Nodes access to the internet -> Docker Hub
const cloudNat = new gcp.compute.RouterNat(config.envName, {
router: cloudRouter.name,
sourceSubnetworkIpRangesToNat: "ALL_SUBNETWORKS_ALL_IP_RANGES",
natIpAllocateOption: "AUTO_ONLY"
});red-area-47037
10/07/2020, 10:57 AMI think it would be helpful for others if there could be an example of a private GKE cluster deployment be added to the GCP examples, or?
red-area-47037
10/07/2020, 11:06 AMI am happy to do a PR for this, if you are ok with it...
g
green-school-95910
10/07/2020, 11:49 AMI'm not from Pulumi 😅
You can ping one of them or just send the PR, I don't see any reason for they to refuse a new example.
3 Views