proxy-only-subnet for GKE Ingress

[dbaid]

I think you lack the creation of proxy-only-subnet for your case of GKE Ingress

[boredabdel]

Hello,

Which recipe is this referring to ?

[sawsa307]

I think it is missing in the ingress ILB recipe. We can include https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal#configure-a-network in the prerequisite for this recipe.

[sawsa307]

Also, after create the proxy-only subnet, we also need to create a firewall rule to allow connections from proxy-only subnet. This refers to step3 in https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal#configure_firewall_rules

[boredabdel]

Are we talking about this ? https://github.com/GoogleCloudPlatform/gke-networking-recipes/tree/main/ingress/single-cluster/ingress-internal-basic

[sawsa307]

That is my guess. @dbaid can you confirm?

[dbaid]

That is my guess. @dbaid can you confirm?

Yes. This recipe https://github.com/GoogleCloudPlatform/gke-networking-recipes/tree/main/ingress/single-cluster/ingress-internal-basic. The topic of GKE Ingress internal loadbalance gets a lot of reference documents. I tested a private cluster through my major reference document -- https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balance-ingress . I always feel confused when studying gcp techniques. Too many things need to be studied. Step by step tests. 1. auto pilot cluster according the doc (in VPC custom subnet) 2. private cluster + cloud nat 3. cluster with least privilege service account 4. internal lb with static ip 5. My final goal, GKE with Internal ingress in a shared VPC (still under test because no testing environment).

Regards, Steven