GKE create a private cluster failed

Question

I'm following this topic to Creating GKE private clusters with network proxies for controller access, it stuck at create a private cluster via run command:

gcloud container clusters create frobnitz  \
    --master-ipv4-cidr=172.16.0.64/28 \
    --network k8s-proxy \
    --subnetwork=subnet-cluster \
    --enable-ip-alias \
    --enable-private-nodes \
    --enable-private-endpoint \
    --master-authorized-networks $CLIENT_IP/32 \
    --enable-master-authorized-networks

Get error message: All cluster resources were brought up, but: component "kube-apiserver" from endpoint "gke-d28547e410cb4d089d27-b74d" is unhealthy.

Does anyone have same experience? How to fix it?

Sorry for the format, had you tried this?: `gcloud container clusters create "frobnitz" --zone "us-central1-c" --enable-private-nodes --enable-private-endpoint --master-ipv4-cidr "172.16.0.64/28" --enable-ip-alias --network "projects/gke-gen/global/networks/k8s-proxy" --subnetwork "projects/gke-gen/regions/us-central1/subnetworks/subnet-cluster" --enable-master-authorized-networks --master-authorized-networks 10.3.8.5/32` Feel free to change `10.3.8.5`, `gke-gen` and `zone / us-central1-c` to your liking, as long as you don't have `Deny` GCP Firewall rules you should be fine without any. — Frank, Feb 03 '21 at 20:42
I just re-run that command again, and cluster was created without any error. — William, Feb 03 '21 at 21:27
I am glad this helped, I will post this as an answer in order to help other users, if you can mark that one as "accepted" it will help other users to recognize that one helped you — Frank, Feb 03 '21 at 21:31

score 0 · Answer 1 · answered Feb 03 '21 at 21:36

Full needed command:

gcloud container clusters create "frobnitz" \
    --zone "us-central1-c" --enable-private-nodes \
    --enable-private-endpoint --master-ipv4-cidr "172.16.0.64/28" \
    --enable-ip-alias --network "projects/gke-gen/global/networks/k8s-proxy" \
    --subnetwork "projects/gke-gen/regions/us-central1/subnetworks/subnet-cluster" \
    --enable-master-authorized-networks --master-authorized-networks 10.3.8.5/32

Feel free to change 10.3.8.5, gke-gen and zone / us-central1-c to your liking, as long as you don't have Deny GCP Firewall rules you should be fine without any.

GKE create a private cluster failed

1 Answers1