Stay organized with collections
Save and categorize content based on your preferences.
This page describes how to use Cloud DNS to configure a zonal
Google Kubernetes Engine (GKE) cluster-scope zone.
To configure a zonal GKE cluster-scoped DNS zone using
Cloud DNS, first choose an existing private DNS zone or create a new
private DNS zone to which to attach a specific GKE cluster. Next,
configure the DNS zone to reference the GKE cluster's name.
PROJECT_ID: the ID of the project where you have
created the managed zone
NAME: a name for your zone
DESCRIPTION: a description for your zone
DNS_NAME: the DNS suffix for your zone, such as
example.private
GKE_CLUSTER_NAME_1 and GKE_CLUSTER_NAME_2:
the fully qualified resource path of a GKE cluster, such
as projects/my-project/locations/us-east1-b/clusters/my-cluster
Authorize the zonal GKE cluster to query a Cloud DNS private zone
To authorize the zonal GKE
cluster to query an existing Cloud DNS private zone, follow this step.
gcloud dns managed-zones update NAME \
--gkeclusters=GKE_CLUSTER \
--location=LOCATION
Replace the following:
NAME: the name of your zone, such as
my-zone
GKE_CLUSTER: the fully qualified resource path of a
GKE cluster, such as
projects/my-project/locations/us-east1-b/clusters/my-cluster
LOCATION: the location of the GKE
cluster, specifically the Google Cloud
zone where the cluster is
located, such as us-east1-b. The managed zone is only visible in this
Google Cloud zone.
PROJECT_ID: the ID of the project where you have
created the managed zone
NAME: the name of your zone, such as
my-zone
GKE_CLUSTER_NAME_1 and GKE_CLUSTER_NAME_2:
the fully qualified resource path of a GKE cluster, such
as projects/my-project/locations/us-east1-b/clusters/my-cluster
Configure the zonal GKE cluster to query a zonal response policy
To configure the zonal GKE
cluster to query a zonal response policy, follow this step.
gcloud dns response-policies create NAME \
--description=DESCRIPTION \
--gkeclusters=GKE_CLUSTER \
--location=LOCATION
Replace the following:
NAME: a name for your response policy, such as
my-response-policy
DESCRIPTION: a description for your response policy,
such as my-response-policy-for-gke-5
GKE_CLUSTER: the fully qualified resource path of a
GKE cluster, such as
projects/my-project/locations/us-east1-b/clusters/my-cluster
LOCATION: the location of the GKE
cluster, specifically the Google Cloud
zone where the cluster is
located, such as us-east1-b. The managed zone is only visible in this
Google Cloud zone.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis guide details the process of configuring a zonal Google Kubernetes Engine (GKE) cluster-scoped zone using Cloud DNS.\u003c/p\u003e\n"],["\u003cp\u003eYou can create a new managed zonal private zone for a zonal GKE cluster through the \u003ccode\u003egcloud dns managed-zones create\u003c/code\u003e command or the \u003ccode\u003emanagedZones.create\u003c/code\u003e API method.\u003c/p\u003e\n"],["\u003cp\u003eTo authorize a zonal GKE cluster to query an existing Cloud DNS private zone, use the \u003ccode\u003egcloud dns managed-zones update\u003c/code\u003e command or the \u003ccode\u003emanagedZones.patch\u003c/code\u003e API method.\u003c/p\u003e\n"],["\u003cp\u003eTo configure the zonal GKE cluster to query a zonal response policy, you can use the \u003ccode\u003egcloud dns response-policies create\u003c/code\u003e command or the \u003ccode\u003eresponsePolicies.create\u003c/code\u003e API method.\u003c/p\u003e\n"]]],[],null,["# Configure a zonal GKE cluster-scoped zone\n\nThis page describes how to use Cloud DNS to configure a zonal\nGoogle Kubernetes Engine (GKE) cluster-scope zone.\n\nTo configure a zonal GKE cluster-scoped DNS zone using\nCloud DNS, first choose an existing private DNS zone or create a new\nprivate DNS zone to which to attach a specific GKE cluster. Next,\nconfigure the DNS zone to reference the GKE cluster's name.\n\nFor an overview of zonal Cloud DNS zones, see [Zonal\nCloud DNS zones](/dns/docs/zones/zones-overview#zonal_zones). To learn\nmore about scopes, see [Scopes and hierarchies](/dns/docs/scopes).\n\nCreate a zonal private zone for the zonal GKE cluster\n-----------------------------------------------------\n\nTo create a new managed zonal private zone using Cloud DNS for the zonal\nGKE cluster, follow this step. \n\n### gcloud\n\nRun the\n[`gcloud dns managed-zones create`\ncommand](/sdk/gcloud/reference/dns/managed-zones/create): \n\n```\ngcloud dns managed-zones create NAME \\\n --description=DESCRIPTION \\\n --visibility=private \\\n --gkeclusters=GKE_CLUSTER \\\n --location=LOCATION\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e: a name for your zone\n- \u003cvar translate=\"no\"\u003eDESCRIPTION\u003c/var\u003e: a description for your zone\n- \u003cvar translate=\"no\"\u003eGKE_CLUSTER\u003c/var\u003e: the fully qualified resource path of a GKE cluster, such as `projects/my-project/locations/us-east1-b/clusters/my-cluster`\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the location of the GKE cluster, specifically the [Google Cloud\n zone](/compute/docs/regions-zones#available) where the cluster is located, such as `us-east1-b`\n\n### API\n\nSend a `POST` request by using the\n[`managedZones.create`](/dns/docs/reference/v1/managedZones/create) method: \n\n```\nPOST https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/managedZones\n{\n\n\"name\": \"NAME\",\n\"description\": \"DESCRIPTION\",\n\"dnsName\": \"DNS_NAME\",\n\"visibility\": \"private\"\n\"privateVisibilityConfig\": {\n \"kind\": \"dns#managedZonePrivateVisibilityConfig\",\n \"gkeClusters\": [{\n \"kind\": \"dns#managedZonePrivateVisibilityConfigGKEClusters\",\n \"gkeClusterName\": GKE_CLUSTER_NAME_1\n },\n {\n \"kind\": \"dns#managedZonePrivateVisibilityConfigGKEClusters\",\n \"gkeClusterName\": GKE_CLUSTER_NAME_2\n },\n ....\n ]\n }\n}\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the ID of the project where you have created the managed zone\n- \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e: a name for your zone\n- \u003cvar translate=\"no\"\u003eDESCRIPTION\u003c/var\u003e: a description for your zone\n- \u003cvar translate=\"no\"\u003eDNS_NAME\u003c/var\u003e: the DNS suffix for your zone, such as `example.private`\n- \u003cvar translate=\"no\"\u003eGKE_CLUSTER_NAME_1\u003c/var\u003e and \u003cvar translate=\"no\"\u003eGKE_CLUSTER_NAME_2\u003c/var\u003e: the fully qualified resource path of a GKE cluster, such as `projects/my-project/locations/us-east1-b/clusters/my-cluster`\n\nAuthorize the zonal GKE cluster to query a Cloud DNS private zone\n-----------------------------------------------------------------\n\nTo authorize the zonal GKE\ncluster to query an existing Cloud DNS private zone, follow this step. \n\n### gcloud\n\nRun the\n[`gcloud dns managed-zones update`\ncommand](/sdk/gcloud/reference/dns/managed-zones/update): \n\n```\ngcloud dns managed-zones update NAME \\\n --gkeclusters=GKE_CLUSTER \\\n --location=LOCATION\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e: the name of your zone, such as `my-zone`\n- \u003cvar translate=\"no\"\u003eGKE_CLUSTER\u003c/var\u003e: the fully qualified resource path of a GKE cluster, such as `projects/my-project/locations/us-east1-b/clusters/my-cluster`\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the location of the GKE cluster, specifically the [Google Cloud\n zone](/compute/docs/regions-zones#available) where the cluster is located, such as `us-east1-b`. The managed zone is only visible in this Google Cloud zone.\n\n### API\n\nSend a `PATCH` request by using the\n[`managedZones.patch`](/dns/docs/reference/v1/managedZones/patch) method: \n\n```\nPATCH https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/managedZones/NAME\n{\n\"privateVisibilityConfig\": {\n \"gkeClusters\": [{\n \"kind\": \"dns#managedZonePrivateVisibilityConfigGKEClusters\",\n \"gkeClusterName\": GKE_CLUSTER_NAME_1\n },\n {\n \"kind\": \"dns#managedZonePrivateVisibilityConfigGKEClusters\",\n \"gkeClusterName\": GKE_CLUSTER_NAME_2\n },\n ....\n ]\n }\n}\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the ID of the project where you have created the managed zone\n- \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e: the name of your zone, such as `my-zone`\n- \u003cvar translate=\"no\"\u003eGKE_CLUSTER_NAME_1\u003c/var\u003e and \u003cvar translate=\"no\"\u003eGKE_CLUSTER_NAME_2\u003c/var\u003e: the fully qualified resource path of a GKE cluster, such as `projects/my-project/locations/us-east1-b/clusters/my-cluster`\n\nConfigure the zonal GKE cluster to query a zonal response policy\n----------------------------------------------------------------\n\nTo configure the zonal GKE\ncluster to query a zonal response policy, follow this step. \n\n### gcloud\n\nRun the\n[`gcloud dns response-policies create`\ncommand](/sdk/gcloud/reference/dns/response-policies/create): \n\n```\ngcloud dns response-policies create NAME \\\n --description=DESCRIPTION \\\n --gkeclusters=GKE_CLUSTER \\\n --location=LOCATION\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e: a name for your response policy, such as `my-response-policy`\n- \u003cvar translate=\"no\"\u003eDESCRIPTION\u003c/var\u003e: a description for your response policy, such as `my-response-policy-for-gke-5`\n- \u003cvar translate=\"no\"\u003eGKE_CLUSTER\u003c/var\u003e: the fully qualified resource path of a GKE cluster, such as `projects/my-project/locations/us-east1-b/clusters/my-cluster`\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the location of the GKE cluster, specifically the [Google Cloud\n zone](/compute/docs/regions-zones#available) where the cluster is located, such as `us-east1-b`. The managed zone is only visible in this Google Cloud zone.\n\n### API\n\nSend a `POST` request by using the\n[`responsePolicies.create`](/dns/docs/reference/v1/responsePolicies/create) method: \n\n```\nPOST https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/responsePolicies\n{\n \"responsePolicyName\": \"NAME\",\n \"description\": \"DESCRIPTION\",\n \"gkeClusters\": [\n {\n \"kind\": \"dns#responsePolicyGKECluster\",\n \"gkeClusterName\": \"GKE_CLUSTER\"\n },\n ]\n}\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e: a name for your response policy, such as `my-response-policy`\n- \u003cvar translate=\"no\"\u003eDESCRIPTION\u003c/var\u003e: a description for your response policy, such as `my-response-policy-for-gke-5`\n- \u003cvar translate=\"no\"\u003eGKE_CLUSTER\u003c/var\u003e: the fully qualified resource path of a GKE cluster, such as `projects/my-project/locations/us-east1-b/clusters/my-cluster`\n\nWhat's next\n-----------\n\n- To find solutions for common issues that you might encounter when using Cloud DNS, see [Troubleshooting](/dns/docs/troubleshooting).\n- To learn more about Cloud DNS response policies and rules, see [Manage response policies and rules](/dns/docs/zones/manage-response-policies).\n- To display an audit log of operations, see [View operations on managed zones](/dns/docs/zones/operations)."]]
