This page describes how to use Cloud DNS to configure a zonal Google Kubernetes Engine (GKE) cluster-scope zone.
To configure a zonal GKE cluster-scoped DNS zone using Cloud DNS, first choose an existing private DNS zone or create a new private DNS zone to which to attach a specific GKE cluster. Next, configure the DNS zone to reference the GKE cluster's name.
For an overview of zonal Cloud DNS zones, see Zonal Cloud DNS zones . To learn more about scopes, see Scopes and hierarchies .
Create a zonal private zone for the zonal GKE cluster
To create a new managed zonal private zone using Cloud DNS for the zonal GKE cluster, follow this step.
gcloud
Run the gcloud dns managed-zones create
command
:
gcloud dns managed-zones create NAME \ --description= DESCRIPTION \ --visibility=private \ --gkeclusters= GKE_CLUSTER \ --location= LOCATION
Replace the following:
-
NAME
: a name for your zone -
DESCRIPTION
: a description for your zone -
GKE_CLUSTER
: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-cluster
-
LOCATION
: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b
API
Send a POST
request by using the managedZones.create
method:
POST https://www.googleapis.com/dns/v2/projects/ PROJECT_ID /locations/ LOCATION /managedZones { "name": " NAME ", "description": " DESCRIPTION ", "dnsName": " DNS_NAME ", "visibility": "private" "privateVisibilityConfig": { "kind": "dns#managedZonePrivateVisibilityConfig", "gkeClusters": [{ "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters", "gkeClusterName": GKE_CLUSTER_NAME_1 }, { "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters", "gkeClusterName": GKE_CLUSTER_NAME_2 }, .... ] } }
Replace the following:
-
PROJECT_ID
: the ID of the project where you have created the managed zone -
NAME
: a name for your zone -
DESCRIPTION
: a description for your zone -
DNS_NAME
: the DNS suffix for your zone, such asexample.private
-
GKE_CLUSTER_NAME_1
andGKE_CLUSTER_NAME_2
: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-cluster
-
LOCATION
: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b
Authorize the zonal GKE cluster to query a Cloud DNS private zone
To authorize the zonal GKE cluster to query an existing Cloud DNS private zone, follow this step.
gcloud
Run the gcloud dns managed-zones update
command
:
gcloud dns managed-zones update NAME \ --gkeclusters= GKE_CLUSTER \ --location= LOCATION
Replace the following:
-
NAME
: the name of your zone, such asmy-zone
-
GKE_CLUSTER
: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-cluster
-
LOCATION
: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b
. The managed zone is only visible in this Google Cloud zone.
API
Send a PATCH
request by using the managedZones.patch
method:
PATCH https://www.googleapis.com/dns/v2/projects/ PROJECT_ID /locations/ LOCATION /managedZones/ NAME { "privateVisibilityConfig": { "gkeClusters": [{ "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters", "gkeClusterName": GKE_CLUSTER_NAME_1 }, { "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters", "gkeClusterName": GKE_CLUSTER_NAME_2 }, .... ] } }
Replace the following:
-
PROJECT_ID
: the ID of the project where you have created the managed zone -
NAME
: the name of your zone, such asmy-zone
-
GKE_CLUSTER_NAME_1
andGKE_CLUSTER_NAME_2
: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-cluster
-
LOCATION
: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b
. The managed zone is only visible in this Google Cloud zone.
Configure the zonal GKE cluster to query a zonal response policy
To configure the zonal GKE cluster to query a zonal response policy, follow this step.
gcloud
Run the gcloud dns response-policies create
command
:
gcloud dns response-policies create NAME \ --description= DESCRIPTION \ --gkeclusters= GKE_CLUSTER \ --location= LOCATION
Replace the following:
-
NAME
: a name for your response policy, such asmy-response-policy
-
DESCRIPTION
: a description for your response policy, such asmy-response-policy-for-gke-5
-
GKE_CLUSTER
: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-cluster
-
LOCATION
: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b
. The managed zone is only visible in this Google Cloud zone.
API
Send a POST
request by using the responsePolicies.create
method:
POST https://www.googleapis.com/dns/v2/projects/ PROJECT_ID /locations/ LOCATION /responsePolicies { "responsePolicyName": " NAME ", "description": "DESCRIPTION", "gkeClusters": [ { "kind": "dns#responsePolicyGKECluster", "gkeClusterName": " GKE_CLUSTER " }, ] }
Replace the following:
-
NAME
: a name for your response policy, such asmy-response-policy
-
DESCRIPTION
: a description for your response policy, such asmy-response-policy-for-gke-5
-
GKE_CLUSTER
: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-cluster
-
LOCATION
: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b
. The managed zone is only visible in this Google Cloud zone.
What's next
- To find solutions for common issues that you might encounter when using Cloud DNS, see Troubleshooting .
- To learn more about Cloud DNS response policies and rules, see Manage response policies and rules .
- To display an audit log of operations, see View operations on managed zones .