Google Cloud: Step by Step Tutorials for setting up Multi-cluster Ingress (MCI)

1. Enable Required APIs:
   Ensure the necessary Google Cloud APIs are enabled for your project:
   - Compute Engine API
   - Kubernetes Engine API
   - GKE Hub API
   - Multi-cluster Ingress API
   You can enable these through the Google Cloud Console or by using the gcloud command-line tool.

2. Prepare Your GKE Clusters:
   - Create or select existing GKE clusters in different regions to set up a multi-cluster environment.
   - Register your clusters with a Google Cloud fleet if not already done. This step is crucial for MCI.

3. Grant IAM Permissions:
   Ensure the Google Cloud account or service account you're using has the necessary roles:
   - roles/container.admin (GKE Admin)
   - roles/gkehub.admin (GKE Hub Admin)
   - roles/compute.networkAdmin (Compute Network Admin)
   These roles are needed to configure MCI and related resources.

4. Configure Multi-cluster Ingress:
   - Install the `gcloud` beta components if you haven't already:
     `gcloud components install beta`
   - Use `gcloud` to create a multi-cluster ingress. This step involves defining the global load balancer that will route traffic to your services across clusters.

5. Deploy Your Application:
   - Deploy your application to the clusters you want to include in the MCI setup.
   - Ensure that each application instance is exposed via a Kubernetes Service of type ClusterIP or NodePort.

6. Define MultiClusterService:
   - Create a MultiClusterService (MCS) resource for each Kubernetes Service you want to expose through MCI. This step makes your services discoverable across clusters.

7. Deploy MultiClusterIngress:
   - Define and deploy a MultiClusterIngress (MCI) resource that specifies how external traffic should be routed to your multi-cluster services.

8. Apply FrontendConfig and BackendConfig (Optional):
   - If needed, define and apply FrontendConfig for custom frontend settings like SSL policies.
   - Define and apply BackendConfig to customize backend settings, such as health checks and session affinity.

	# Application Deployment
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: my-app
	namespace: default
	spec:
	selector:
	matchLabels:
	app: my-app
	replicas: 2
	template:
	metadata:
	labels:
	app: my-app
	spec:
	containers:
	- name: nginx
	image: nginx
	ports:
	- containerPort: 80

	# Service (ClusterIP) Exposing the Application
	apiVersion: v1
	kind: Service
	metadata:
	name: my-app-service
	namespace: default
	spec:
	ports:
	- port: 80
	targetPort: 80
	selector:
	app: my-app
	type: ClusterIP

	# MultiClusterService Configuration
	apiVersion: networking.gke.io/v1
	kind: MultiClusterService
	metadata:
	name: my-app-mcs
	namespace: default
	spec:
	template:
	spec:
	selector:
	app: my-app
	ports:
	- name: http
	protocol: TCP
	port: 80
	targetPort: 80

	# MultiClusterIngress Configuration
	apiVersion: networking.gke.io/v1
	kind: MultiClusterIngress
	metadata:
	name: my-app-mci
	namespace: default
	spec:
	template:
	spec:
	frontendConfig:
	name: my-app-frontendconfig
	rules:
	- host: myapp.example.com
	http:
	paths:
	- path: /*
	pathType: Prefix
	backend:
	service:
	name: my-app-mcs
	port:
	number: 80

	# FrontendConfig
	apiVersion: networking.gke.io/v1
	kind: FrontendConfig
	metadata:
	name: my-app-frontendconfig
	namespace: default
	spec:
	sslPolicy: custom-ssl-policy
	redirectToHttps:
	enabled: true

	# BackendConfig
	apiVersion: cloud.google.com/v1
	kind: BackendConfig
	metadata:
	name: my-app-backendconfig
	namespace: default
	spec:
	healthCheck:
	checkIntervalSec: 30
	timeoutSec: 5
	healthyThreshold: 2
	unhealthyThreshold: 3
	requestPath: /healthz
	sessionAffinity:
	affinityType: CLIENT_IP
	``

view raw gistfile1.txt hosted with

by GitHub

Steps:

Enable Required APIs:Bashgcloud services enable gkehub.googleapis.com gcloud services enable anthos.googleapis.com gcloud services enable multiclusteringress.googleapis.com
Provision GKE Clusters (2 or more):Use the Cloud SDK’s gcloud container clusters create command to create GKE clusters in geographically distributed regions. Ensure Workload Identity Federation is enabled for seamless communication between clusters.Example for a cluster named gke-us in the us-central1 region:Bashgcloud container clusters create gke-us \ --region=us-central1 \ --enable-workload-identity \ --workload-pool=PROJECT_ID.svc.id.goog \ --release-channel=stable \ --project=PROJECT_ID Repeat for additional clusters, replacing region and names accordingly.
Register Clusters to a Fleet:Create a fleet in your project to manage your GKE clusters:Bashgcloud multi-cluster ingress fleets create my-fleet \ --project=PROJECT_ID Use code with caution.content_copyRegister each cluster to the fleet using its location and name:Bashgcloud container hub memberships register gke-us \ --gke-cluster=us-central1/gke-us \ --enable-workload-identity # Repeat for other clusters (replace names and locations)
Select a Config Cluster:Choose a GKE cluster to act as the central configuration cluster. This cluster will manage MCI resources.
Deploy Applications (Optional):Deploy your applications to the desired GKE clusters using Kubernetes deployment manifests.
Create MultiClusterService Resources:In the config cluster, define MultiClusterService resources that specify backend services across registered clusters. These services will be targeted by the MCI.

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND