This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GKE private cluster unable to add Control plane authorised networks "The cluster update failed."

Posted on 12-25-2023 02:19 AM
amitthk
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

I had an issue with GKE was unable to create the cluster with public IP (constraints/compute.vmExternalIpAccess violated). No matter how I tried, the cluster didn't come up. So I created the private cluster. Now in this cluster the deployments are failing. To make it work I had to create a secret for the docker registry. To create secret I had to connect to its endpoint which is not happening.

I already Enabled "Control plane authorised networks". But when I try to add my IP address to it - it just doesn't save. it gives error "Control plane authorised networks"

Is there any other way to reach this private GKE cluster to be able to deploy using Kubernetes.  The public GKE cluster is crashing due to  and private is useless. I wonder how to deploy the workloads to GKE now.

Solved Solved
0 3 582
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
amitthk
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

What I eventually did is to create a new principal and assign it the role which had "Artifactory Reader" permission:

gcloud artifacts repositories add-iam-policy-binding my-docker-repository \
  --location=asia-southeast1 \
  --member=serviceAccount:<project-number-in-digits>-compute@developer.gserviceaccount.com \
  --role="roles/artifactregistry.reader"

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
garisingh
Staff
Reply posted on --/--/---- --:-- AM

You mention a few issues above, but I'm not exactly sure if/how they are related.   

So you have a private cluster now but you cannot access the Kubernetes API server endpoint to deploy your workloads?   Which docker registry are you using?  Dockerhub?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
amitthk
Bronze 1
Bronze 1
In response to garisingh
Reply posted on --/--/---- --:-- AM

I am using the asia.gcr.io. I pushed the images to this registry and followed the documentation. Cannot use public dockerhub images its a private project.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
amitthk
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

What I eventually did is to create a new principal and assign it the role which had "Artifactory Reader" permission:

gcloud artifacts repositories add-iam-policy-binding my-docker-repository \
  --location=asia-southeast1 \
  --member=serviceAccount:<project-number-in-digits>-compute@developer.gserviceaccount.com \
  --role="roles/artifactregistry.reader"
Jump to Solution
0 Likes
Top Labels in this Space