Search code examples
google-cloud-platformgoogle-kubernetes-engine

Can I have the Google managed service range on a standard gke cluster created with Terraform- non auto-pilot

I'm confused about this, is this only auto-pilot? I thought I was going to get this on GKE standard too https://cloud.google.com/kubernetes-engine/docs/concepts/alias-ips#-managed_secondary_ranges_default

Can I enable this for new standard GKE clusters as well?

For Autopilot clusters running GKE 1.27 and later, GKE assigns Service IP addresses from a Google-managed range by default 34.118.224.0/20, eliminating the need to specify your own range for Services. The following considerations apply...

The docs don't explicitly say auto-pilot only. Perhaps that's the case, but I'd like to confirm if there is a way to configure standard GKE for it as well.

Edit

Adding more context, the following terraform creates a cluster with a service range in a 10.x.0.0/20 network. I can't see the option in the terraform resource to use the managed service range.

resource "google_container_cluster" "test01" {
  provider = google-beta
  name     = var.test01_name
  release_channel {
    channel = "STABLE"
  }
  private_cluster_config {
    enable_private_nodes   = true
    master_ipv4_cidr_block = var.test01_master_ipv4_cidr_block
  }

  remove_default_node_pool = true
  initial_node_count       = 1
  node_config {
    service_account = google_service_account.test.email
  }

  cluster_autoscaling {
    enabled = true
    resource_limits {
      resource_type = "memory"
      minimum       = 0
      maximum       = 1000
    }
    resource_limits {
      resource_type = "cpu"
      minimum       = 0
      maximum       = 100
    }

    auto_provisioning_defaults {
      oauth_scopes = [
        "https://www.googleapis.com/auth/cloud-platform"
      ]
      service_account = google_service_account.test.email
      shielded_instance_config {
        enable_integrity_monitoring = true
        enable_secure_boot          = false
      }
    }
  }

  master_auth {
    client_certificate_config {
      issue_client_certificate = false
    }
  }

  location   = var.default_region
  network    = google_compute_network.net.id
  subnetwork = google_compute_subnetwork.net.id

  workload_identity_config {
    workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
  }

  addons_config {
    http_load_balancing {
      disabled = false
    }
    gcp_filestore_csi_driver_config {
      enabled = true
    }
    gce_persistent_disk_csi_driver_config {
      enabled = true
    }
  }

  cost_management_config {
    enabled = true
  }

  lifecycle {
    ignore_changes = [
      node_pool,
    ]
  }
}
Solution

  • If I have understood your question correctly, when creating the autopilot cluster, you would only need to select the network and the primary range (node range) where your cluster will run. Additionally, you may create two secondary ranges for subnets, one for pods and the other for services. If you don't, as it says for Autopilot clusters running GKE 1.27 and later, GKE assigns Service IP addresses from a Google-managed range by default (34.118.224.0/20), eliminating the need to specify your own range for Services. The following considerations apply. enter image description here

    In GKE standard clusters, there is a checkbox that you can check to instruct GKE to automatically generate secondary IP ranges for both pods and services. enter image description here

    Let me know if it helps, or may be correct me if my understanding is incorrect about the question.

    here enter image description here

    email enter image description here