Configure a zonal GKE cluster-scoped zone

This page describes how to use Cloud DNS to configure a zonal Google Kubernetes Engine (GKE) cluster-scope zone.

To configure a zonal GKE cluster-scoped DNS zone using Cloud DNS, first choose an existing private DNS zone or create a new private DNS zone to which to attach a specific GKE cluster. Next, configure the DNS zone to reference the GKE cluster's name.

For an overview of zonal Cloud DNS zones, see Zonal Cloud DNS zones . To learn more about scopes, see Scopes and hierarchies .

Create a zonal private zone for the zonal GKE cluster

To create a new managed zonal private zone using Cloud DNS for the zonal GKE cluster, follow this step.

gcloud

Run the gcloud dns managed-zones create command :

gcloud dns managed-zones create NAME 
\
    --description= DESCRIPTION 
\
    --visibility=private \
    --gkeclusters= GKE_CLUSTER 
\
    --location= LOCATION

Replace the following:

NAME : a name for your zone
DESCRIPTION : a description for your zone
GKE_CLUSTER : the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster
LOCATION : the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such as us-east1-b

API

Send a POST request by using the managedZones.create method:

POST https://dns.googleapis.com/dns/v1/projects/ PROJECT_ID 
/managedZones
{

"name": " NAME 
",
"description": " DESCRIPTION 
",
"dnsName": " DNS_NAME 
",
"visibility": "private"
"privateVisibilityConfig": {
    "kind": "dns#managedZonePrivateVisibilityConfig",
    "gkeClusters": [{
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_1 
},
        {
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_2 
},
        ....
    ]
  }
}

Replace the following:

PROJECT_ID : the ID of the project where you have created the managed zone
NAME : a name for your zone
DESCRIPTION : a description for your zone
DNS_NAME : the DNS suffix for your zone, such as example.private
GKE_CLUSTER_NAME_1 and GKE_CLUSTER_NAME_2 : the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster

Authorize the zonal GKE cluster to query a Cloud DNS private zone

To authorize the zonal GKE cluster to query an existing Cloud DNS private zone, follow this step.

gcloud

Run the gcloud dns managed-zones update command :

gcloud dns managed-zones update NAME 
\
    --gkeclusters= GKE_CLUSTER 
\
    --location= LOCATION

Replace the following:

NAME : the name of your zone, such as my-zone
GKE_CLUSTER : the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster
LOCATION : the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such as us-east1-b . The managed zone is only visible in this Google Cloud zone.

API

Send a PATCH request by using the managedZones.patch method:

PATCH https://dns.googleapis.com/dns/v1/projects/ PROJECT_ID 
/managedZones/ NAME 
{
"privateVisibilityConfig": {
    "gkeClusters": [{
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_1 
},
        {
            "kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
            "gkeClusterName": GKE_CLUSTER_NAME_2 
},
        ....
    ]
  }
}

Replace the following:

PROJECT_ID : the ID of the project where you have created the managed zone
NAME : the name of your zone, such as my-zone
GKE_CLUSTER_NAME_1 and GKE_CLUSTER_NAME_2 : the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster

Configure the zonal GKE cluster to query a zonal response policy

To configure the zonal GKE cluster to query a zonal response policy, follow this step.

gcloud

Run the gcloud dns response-policies create command :

gcloud dns response-policies create NAME 
\
    --description= DESCRIPTION 
\
    --gkeclusters= GKE_CLUSTER 
\
    --location= LOCATION

Replace the following:

NAME : a name for your response policy, such as my-response-policy
DESCRIPTION : a description for your response policy, such as my-response-policy-for-gke-5
GKE_CLUSTER : the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster
LOCATION : the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such as us-east1-b . The managed zone is only visible in this Google Cloud zone.

API

Send a POST request by using the responsePolicies.create method:

POST https://dns.googleapis.com/dns/v1/projects/ PROJECT_ID 
/responsePolicies
{
  "responsePolicyName": " NAME 
",
  "description": "DESCRIPTION",
  "gkeClusters": [
    {
      "kind": "dns#responsePolicyGKECluster",
      "gkeClusterName": " GKE_CLUSTER 
"
    },
  ]
}

Replace the following:

NAME : a name for your response policy, such as my-response-policy
DESCRIPTION : a description for your response policy, such as my-response-policy-for-gke-5
GKE_CLUSTER : the fully qualified resource path of a GKE cluster, such as projects/my-project/locations/us-east1-b/clusters/my-cluster

What's next

To find solutions for common issues that you might encounter when using Cloud DNS, see Troubleshooting .
To learn more about Cloud DNS response policies and rules, see Manage response policies and rules .
To display an audit log of operations, see View operations on managed zones .