brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f816ee7e13d7e3583a3ddaa1eadabdf09564eeb6
oam/knowledge base/cloud computing/gcp/gke.md
Michele Cereda 1abe29578a refactor: cloud computing articles
2023-12-20 23:17:06 +01:00

4.4 KiB
Raw Blame History

Google Kubernetes Engine

Managed Kubernetes solution offered by the Google Cloud Platform.

Table of contents

  1. TL;DR
  2. Gotchas
  3. SSH into GKE clusters' compute instances
  4. Further readings
  5. Sources

TL;DR

# Generate 'kubeconfig' entries for gke clusters.
gcloud container clusters get-credentials 'cluster-name'
gcloud container clusters get-credentials 'cluster-name' --region 'region'

# Get all Kubernetes versions available for use in gke clusters.
gcloud container get-server-config --format "yaml(validNodeVersions)"
gcloud container get-server-config --format "yaml(validMasterVersions)" --zone 'compute-zone'
gcloud container get-server-config --flatten="channels" --filter="channels.channel=RAPID" --format="yaml(channels.channel,channels.validVersions)"

# SSH into gke clusters' compute instances.
gcloud compute ssh 'instance-name' --zone 'zone'

Gotchas

  • When creating admission webhooks, either make sure to expose your webhook service and deployments on port 443 or poke a hole in the firewall for the port they are listening to.
    By default, firewall rules restrict the cluster's masters communication to nodes only on ports 443 (HTTPS) and 10250 (kubelet). Additionally, GKE enables the enable-aggregator-routing option by default, which makes the master to bypass the service and communicate straight to pods.

SSH into GKE clusters' compute instances

Use the same procedure to connect to any other compute instance:

$ gcloud compute ssh 'gke-euwe4-my-instance'
WARNING: The private SSH key file for gcloud does not exist.
WARNING: The public SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/you/.ssh/google_compute_engine.
Your public key has been saved in /Users/you/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:cbYuJKZROlbzX2wuzzN4zd3OGu6m7CupYKJHdiYOxVw you@machine
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|      E          |
|   o .+ . o      |
|    ++ o + o     |
|   .= o S . +    |
|  ..+=oo o +     |
|   =o+o . +o.o...|
|   .oo . .+=+.+oo|
|  ..    .. +BB+oo|
+----[SHA256]-----+
No zone specified. Using zone [europe-west4-c] for instance: [gke-euwe4-my-instance].
External IP address was not found; defaulting to using IAP tunneling.
Updating project ssh metadata...⠹Updated [https://www.googleapis.com/compute/v1/projects/gcp-project].
Updating project ssh metadata...done.
Waiting for SSH key to propagate.
Warning: Permanently added 'compute.4401449885042934396' (ED25519) to the list of known hosts.
Enter passphrase for key '/Users/you/.ssh/google_compute_engine':
Enter passphrase for key '/Users/you/.ssh/google_compute_engine':

Welcome to Kubernetes v1.16.15-gke.6000!

You can find documentation for Kubernetes at:
  http://docs.kubernetes.io/

The source for this release can be found at:
  /home/kubernetes/kubernetes-src.tar.gz
Or you can download it at:
  https://storage.googleapis.com/kubernetes-release-gke/release/v1.16.15-gke.6000/kubernetes-src.tar.gz

It is based on the Kubernetes source at:
  https://github.com/kubernetes/kubernetes/tree/v1.16.15-gke.6000

For Kubernetes copyright and licensing information, see:
  /home/kubernetes/LICENSES

[instance]$

Further readings

Sources

All the references in the further readings section, plus the following: