GKE Networking Recipes
This repository contains various use cases (aka Recipes) and examples of GKE Networking. For each of the use-cases there are full YAML examples that show how and when these GKE capabilities should be used.
Each recipes is a self-contained example. With a full tutorial for how to set it up and tear it down.
If you're not familiar with the basics of Kubernetes networking then check out Cluster Networking and Service Networking. These resources should give you some of the foundations behind Kubernetes networking.
GKE is a managed Kubernetes platform that provides a more opinionated and seamless experience. For more information on GKE networking, check out network overview, Ingress, and Service networking pages. Each of the following recipes demonstrate specific networking use-cases in GKE. Setup your GKE environment and try out some of these recipes in your own kitchen.
Recipes
-
Ingress
- Basic External Ingress - Deploy host-based routing through an internet-facing HTTP load balancer
- Basic Internal Ingress - Deploy host-based routing through a private, internal HTTP load balancer
- Secure Ingress - Secure Ingress-hosted Services with HTTPS, Google-managed certificates, SSL policies, and HTTPS redirects.
- IAP Ingress - GKE Ingress with Identity-Aware Proxy based authentication.
- CloudArmor Ingress - GKE Ingress with Google CloudArmor policy protection.
- Nginx Ingress - Deploy an internet-facing HTTP load balancer with Nginx Ingress.
- Custom HTTP health check Ingress - GKE Ingress with custom HTTP based health check.
- Custom gRPC health check Ingress - GKE Ingress with custom gRPC based health check.
-
Multi-cluster Ingress
- Basic Multi-cluster Ingress - Deploy applications across different clusters and different regions but retain a single global load balancer and public IP for global traffic management.
- Blue/Green Multi-cluster Ingress Cluster Migration - Deploy applications across multiple clusters in the same region, leveraging a single global load balancer and public IP for global traffic management, to support seamless cluster upgrades without impacting client access.
- (#Missing) Blue/Green Multi-cluster Ingress App Migration - Deploy applications across multiple clusters in the same region, leveraging a single global load balancer and public IP for global traffic management, to support seamless app upgrade without impacting client access.
- Multi-Cluster w/ FrontendConfig - Deploy applications across multiple clusters and use the FrontendConfig CRD to configure HTTP to HTTPS redirect and customize the TLS configuration.
- Multi-Cluster E2E HTTPS - Deploy applications across different clusters with End to End HTTPS (Client -> (https) -> LoadBalancer -> (https) -> workload).
- Multi-Cluster Anthos Service Mesh E2E HTTPS - Deploy applications across different clusters with Anthos Service Mesh and End to End HTTPS (Client -> (https) -> LoadBalancer -> (https) -> Istio Ingress Gateway -> (mTLS) -> Workload).
-
Services
- Basic External LoadBalancer Service - Deploy an internet-facing TCP/UDP network load balancer.
- Basic Internal LoadBalancer Service - Deploy an internal TCP/UDP load balancer.
- Basic Multi-Cluster Service - Deploy applications across multiple clusters. Applications is accessed across clusters via a VIP similar to accessing ClusterIP Service.
-
Gateway
- Basic Multi-cluster Gateway - Deploy an internal multi-cluster Gateway to load balance across applications across multiple clusters.
- Blue-Green Cluster Pattern with multi-cluster Gateway - Deploy an internal multi-cluster Gateway to load balance across two versions of an application in different clusters, while utilizing traffic mirroring and traffic weighting to determine readiness and canary a new version of an application.
- gRPC LoadBalancing - Deploy gRPC application for internet facing and internal traffic.
- Single Cluster Global LoadBalancer - Deploy an application and expose it with the Gateway API using the GatewayClass gke-l7-xlb.
- Single Cluster Global LoadBalancer HTTPS between the GCLB and the Backend app - Deploy an app behind a Global LoadBalancer with the GatewayClass gke-l7-xlb and encrypt traffic between the LB and the backend app using HAProxy.
- Single Cluster Regional Internal LoadBalancer - Deploy an application and expose it with the Gateway API using the GatewayClass gke-l7-rilb.
Contributions
Do you have a GKE networking recipe that would be useful for others? Contribute it and help build the shared knowledge of the GKE community!