This page describes how to use Cloud DNS to configure a zonal Google Kubernetes Engine (GKE) cluster-scope zone.
To configure a zonal GKE cluster-scoped DNS zone using Cloud DNS, first choose an existing private DNS zone or create a new private DNS zone to which to attach a specific GKE cluster. Next, configure the DNS zone to reference the GKE cluster's name.
For an overview of zonal Cloud DNS zones, see Zonal Cloud DNS zones. To learn more about scopes, see Scopes and hierarchies.
Create a zonal private zone for the zonal GKE cluster
To create a new managed zonal private zone using Cloud DNS for the zonal GKE cluster, follow this step.
gcloud
Run the
gcloud dns managed-zones create
command:
gcloud dns managed-zones create NAME \
--description=DESCRIPTION \
--visibility=private \
--gkeclusters=GKE_CLUSTER \
--location=LOCATION
Replace the following:
NAME: a name for your zoneDESCRIPTION: a description for your zoneGKE_CLUSTER: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-clusterLOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b
API
Send a POST request by using the
managedZones.create method:
POST https://www.googleapis.com/dns/v2/projects/PROJECT_ID/locations/LOCATION/managedZones
{
"name": "NAME",
"description": "DESCRIPTION",
"dnsName": "DNS_NAME",
"visibility": "private"
"privateVisibilityConfig": {
"kind": "dns#managedZonePrivateVisibilityConfig",
"gkeClusters": [{
"kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
"gkeClusterName": GKE_CLUSTER_NAME_1
},
{
"kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
"gkeClusterName": GKE_CLUSTER_NAME_2
},
....
]
}
}
Replace the following:
PROJECT_ID: the ID of the project where you have created the managed zoneNAME: a name for your zoneDESCRIPTION: a description for your zoneDNS_NAME: the DNS suffix for your zone, such asexample.privateGKE_CLUSTER_NAME_1andGKE_CLUSTER_NAME_2: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-clusterLOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b
Authorize the zonal GKE cluster to query a Cloud DNS private zone
To authorize the zonal GKE cluster to query an existing Cloud DNS private zone, follow this step.
gcloud
Run the
gcloud dns managed-zones update
command:
gcloud dns managed-zones update NAME \
--gkeclusters=GKE_CLUSTER \
--location=LOCATION
Replace the following:
NAME: the name of your zone, such asmy-zoneGKE_CLUSTER: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-clusterLOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b. The managed zone is only visible in this Google Cloud zone.
API
Send a PATCH request by using the
managedZones.patch method:
PATCH https://www.googleapis.com/dns/v2/projects/PROJECT_ID/locations/LOCATION/managedZones/NAME
{
"privateVisibilityConfig": {
"gkeClusters": [{
"kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
"gkeClusterName": GKE_CLUSTER_NAME_1
},
{
"kind": "dns#managedZonePrivateVisibilityConfigGKEClusters",
"gkeClusterName": GKE_CLUSTER_NAME_2
},
....
]
}
}
Replace the following:
PROJECT_ID: the ID of the project where you have created the managed zoneNAME: the name of your zone, such asmy-zoneGKE_CLUSTER_NAME_1andGKE_CLUSTER_NAME_2: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-clusterLOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b. The managed zone is only visible in this Google Cloud zone.
Configure the zonal GKE cluster to query a zonal response policy
To configure the zonal GKE cluster to query a zonal response policy, follow this step.
gcloud
Run the
gcloud dns response-policies create
command:
gcloud dns response-policies create NAME \
--description=DESCRIPTION \
--gkeclusters=GKE_CLUSTER \
--location=LOCATION
Replace the following:
NAME: a name for your response policy, such asmy-response-policyDESCRIPTION: a description for your response policy, such asmy-response-policy-for-gke-5GKE_CLUSTER: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-clusterLOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b. The managed zone is only visible in this Google Cloud zone.
API
Send a POST request by using the
responsePolicies.create method:
POST https://www.googleapis.com/dns/v2/projects/PROJECT_ID/locations/LOCATION/responsePolicies
{
"responsePolicyName": "NAME",
"description": "DESCRIPTION",
"gkeClusters": [
{
"kind": "dns#responsePolicyGKECluster",
"gkeClusterName": "GKE_CLUSTER"
},
]
}
Replace the following:
NAME: a name for your response policy, such asmy-response-policyDESCRIPTION: a description for your response policy, such asmy-response-policy-for-gke-5GKE_CLUSTER: the fully qualified resource path of a GKE cluster, such asprojects/my-project/locations/us-east1-b/clusters/my-clusterLOCATION: the location of the GKE cluster, specifically the Google Cloud zone where the cluster is located, such asus-east1-b. The managed zone is only visible in this Google Cloud zone.
What's next
- To find solutions for common issues that you might encounter when using Cloud DNS, see Troubleshooting.
- To learn more about Cloud DNS response policies and rules, see Manage response policies and rules.
- To display an audit log of operations, see View operations on managed zones.