github.com/cilium/cilium@v1.16.2/Documentation/network/clustermesh/gke-clustermesh-prep.rst

github.com/cilium/cilium@v1.16.2/Documentation/network/clustermesh/gke-clustermesh-prep.rst (about)

     1  .. _gs_clustermesh_gke_prep:
     2  
     3  **********************************
     4  GKE-to-GKE Clustermesh Preparation
     5  **********************************
     6  
     7  This is a step-by-step guide on how to install and prepare 
     8  Google Kubernetes Engine (GKE) clusters to meet the requirements 
     9  for the clustermesh feature.
    10  
    11  This guide describes how to deploy two zonal, single node GKE clusters
    12  in different regions for the express purpose of creating a
    13  cost-effective environment to deploy a clustermesh to. Ideal for
    14  development/learning purposes.
    15  
    16  .. note::
    17  
    18          The steps below require the `gcloud <https://cloud.google.com/sdk/docs/install>`__ CLI tool
    19  
    20  Create VPC
    21  ##########
    22  
    23  1.  Create a VPC network in your GCP project. Environment variables are recommended as their
    24      values will be referenced in later steps.
    25  
    26      .. code-block:: bash
    27  
    28          #  feel free to choose your own VPC network name
    29          export PROJECT_ID="[GCP_PROJECT_ID]"
    30          export VPC_NETWORK="my-gke-network"
    31  
    32          gcloud compute networks create ${VPC_NETWORK} \
    33            --subnet-mode=auto \
    34            --project ${PROJECT_ID}
    35  
    36          gcloud compute firewall-rules create ${VPC_NETWORK}-allow-internal \
    37            --network ${VPC_NETWORK} \
    38            --allow tcp,udp,icmp \
    39            --source-ranges "10.128.0.0/9"
    40  
    41  
    42  Deploy clusters
    43  ###############
    44  
    45  1.  Set additional environment variables for values that will be reused in 
    46      later steps.
    47  
    48      .. code-block:: bash
    49  
    50          #  us-west1-a can be changed to any available location (`gcloud compute zones list`)
    51          export CLUSTER="gke-1"
    52          export ZONE="us-west1-a"
    53          export POD_CIDR="10.0.0.0/18"
    54          export SERVICES_CIDR="10.1.0.0/20"
    55  
    56      Below is an example to deploy one GKE cluster. To create more clusters, follow the
    57      steps again, using distinct cluster names, zones, pod CIDRs, and services CIDRs.
    58  
    59      .. note::
    60  
    61          You can use different pod and services CIDRs than in the example, but make sure 
    62          they meet the IP address range `rules <https://cloud.google.com/kubernetes-engine/docs/concepts/alias-ips#cluster_sizing>`__. But most
    63          importantly, make sure they do not overlap with the pods and services CIDRs in
    64          your other cluster(s).
    65  
    66      .. code-block:: bash
    67  
    68          gcloud container clusters create ${CLUSTER} \
    69            --zone ${ZONE} \
    70            --node-locations ${ZONE} \
    71            --network=${VPC_NETWORK} \
    72            --enable-ip-alias \
    73            --cluster-ipv4-cidr=${POD_CIDR} \
    74            --services-ipv4-cidr=${SERVICES_CIDR} \
    75            --machine-type=e2-medium \
    76            --max-nodes=1 \
    77            --num-nodes=1 \
    78            --node-taints node.cilium.io/agent-not-ready=true:NoSchedule \
    79            --project ${PROJECT_ID}
    80  
    81          # Get kubectl credentials, the command will merge the new credentials
    82          # with the existing ~/.kube/config
    83          gcloud container clusters get-credentials ${CLUSTER} \
    84            --zone ${ZONE} \
    85            --project ${PROJECT_ID}
    86   
    87      The node taint is used to prevent pods from being deployed/started until Cilium
    88      has been installed.
    89  
    90  2.  Install Cilium.
    91  
    92      .. important::
    93  
    94          Be sure to assign a unique ``cluster.id`` to each cluster.
    95  
    96      .. code-block:: bash
    97  
    98          cilium install \
    99              --version |CHART_VERSION| \
   100              --set cluster.id=1 \
   101              --set cluster.name=${CLUSTER}
   102  
   103  3.  Check the status of Cilium.
   104  
   105      .. code-block:: bash
   106  
   107          cilium status   
   108  
   109  4.  For each GKE cluster, save its context in an environment variable for use in
   110      the clustermesh setup process.
   111  
   112      GKE cluster context is a combination of project ID, location, and cluster name.
   113  
   114      .. code-block:: bash
   115  
   116          export CONTEXT1="gke_${PROJECT_ID}_${ZONE}_${CLUSTER}"
   117  
   118  
   119  Peering VPC networks
   120  ########################
   121  
   122  Google Cloud's VPCs are global in scope, so subnets within the same VPC can already communicate
   123  with each other internally -- regardless of region. So there is no VPC peering required!
   124  
   125  Node-to-node traffic between clusters is now possible. All requirements for 
   126  clustermesh are met. Enabling clustermesh is explained in :ref:`gs_clustermesh`.
   127  
   128  Please reference environment variables exported in step 4 for any commands that require
   129  the Kubernetes context.