建立私有GKE 叢集
gcloud container clusters create private-cluster-0 --cluster-version=1.24.7-gke.900 --machine-type "custom-4-8192" --num-nodes=3 --disk-size=50 --create-subnetwork name=my-subnet-0 --enable-master-authorized-networks --enable-ip-alias --enable-private-nodes --enable-private-endpoint --master-ipv4-cidr 172.16.0.32/28
建立完成後可以看到所有的node都沒有外部ip
只允許default網路 跳版機vm ip 10.140.0.83/20存取私有GKE
gcloud container clusters update private-cluster-0 --enable-master-authorized-networks --master-authorized-networks 10.140.0.83/32
新增default可以通gke的內部網路規則
測試從vm telnet到 kubenetes service
跳版機連線gke
sudo yum install google-cloud-sdk-gke-gcloud-auth-plugin gcloud components install kubectl gcloud components update gcloud container clusters get-credentials private-cluster-0 --zone asia-east1-c --project yourProject [root@jump-h5 tonywu]# kubectl get nodes NAME STATUS ROLES AGE VERSION gke-private-cluster-0-default-pool-4c8ae863-9jf2 Ready <none> 41m v1.24.7-gke.900 gke-private-cluster-0-default-pool-4c8ae863-d8kf Ready <none> 41m v1.24.7-gke.900 gke-private-cluster-0-default-pool-4c8ae863-w3tz Ready <none> 41m v1.24.7-gke.900
刪除測試資源
gcloud container clusters delete -q private-cluster-0 gcloud compute networks delete my-net-0