gbrayut · March 24, 2026 23:19
diff --git a/gke-setup.sh b/gke-setup.sh
 DEVSHELL_PROJECT_ID=gregbray-ambient

 # create network
 gcloud compute networks create gke-vpc --subnet-mode=custom --project $DEVSHELL_PROJECT_ID

 # Enable IAP access via SSH 22 (used by gcloud compute ssh)
 gcloud compute firewall-rules create allow-ssh-ingress-from-iap --project $DEVSHELL_PROJECT_ID \
  --direction=INGRESS \
  --action=allow \
  --rules=tcp:22 \
  --source-ranges=35.235.240.0/20 --network=gke-vpc

 # Create a /16 used for nodes. Pod IP secondary ranges will be automatically generated (defaults to /18)
 gcloud compute networks subnets create gke-iowa-subnet --project $DEVSHELL_PROJECT_ID \
    --network "projects/gregbray-ambient/global/networks/gke-vpc" \
    --region us-central1 --range 10.100.0.0/16

 # Create GKE Cluster using auto-ipam and random /21 for initial pod secondary range
 gcloud beta container --project "gregbray-ambient" clusters create "ambient-iowa" --region "us-central1" \
  --enable-private-nodes --autoscaling-profile optimize-utilization --services-ipv4-cidr "/20" \
  --workload-pool "gregbray-ambient.svc.id.goog" --fleet-project="gregbray-ambient" --release-channel "rapid" --cluster-version="1.35.2-gke.1485000" \
  --machine-type "e2-standard-8" --image-type "COS_CONTAINERD" \
  --disk-type "pd-balanced" --disk-size "100" --max-pods-per-node "110" --num-nodes "1" --logging=SYSTEM,WORKLOAD --monitoring=SYSTEM \
  --no-enable-intra-node-visibility --default-max-pods-per-node "110" --enable-dataplane-v2 --addons HorizontalPodAutoscaling,HttpLoadBalancing,NodeLocalDNS,GcePersistentDiskCsiDriver \
  --enable-autoupgrade --enable-autorepair --max-surge-upgrade 3 --max-unavailable-upgrade 3 \
  --enable-autoscaling --max-nodes=3 --min-nodes=0 --gateway-api "standard" \
  --network "projects/gregbray-ambient/global/networks/gke-vpc"  \
  --subnetwork gke-iowa-subnet --enable-auto-ipam --cluster-ipv4-cidr /21 \
  --enable-ip-alias --enable-shielded-nodes --enable-dns-access --no-enable-ip-access

 # Note: when specifying primary subnet, cluster will use the whole range for node IPs but can be shared with other clusters in same region
 # Also it will generate a new secondary range for each cluster (or can specify initial using --cluster-ipv4-cidr 10.101.0.0/20)
 # instead of using the reserved internal ranges like you see when you don't specify the primary subnet.
	DEVSHELL_PROJECT_ID=gregbray-ambient

	# create network
	gcloud compute networks create gke-vpc --subnet-mode=custom --project $DEVSHELL_PROJECT_ID

	# Enable IAP access via SSH 22 (used by gcloud compute ssh)
	gcloud compute firewall-rules create allow-ssh-ingress-from-iap --project $DEVSHELL_PROJECT_ID \
	--direction=INGRESS \
	--action=allow \
	--rules=tcp:22 \
	--source-ranges=35.235.240.0/20 --network=gke-vpc

	# Create a /16 used for nodes. Pod IP secondary ranges will be automatically generated (defaults to /18)
	gcloud compute networks subnets create gke-iowa-subnet --project $DEVSHELL_PROJECT_ID \
	--network "projects/gregbray-ambient/global/networks/gke-vpc" \
	--region us-central1 --range 10.100.0.0/16

	# Create GKE Cluster using auto-ipam and random /21 for initial pod secondary range
	gcloud beta container --project "gregbray-ambient" clusters create "ambient-iowa" --region "us-central1" \
	--enable-private-nodes --autoscaling-profile optimize-utilization --services-ipv4-cidr "/20" \
	--workload-pool "gregbray-ambient.svc.id.goog" --fleet-project="gregbray-ambient" --release-channel "rapid" --cluster-version="1.35.2-gke.1485000" \
	--machine-type "e2-standard-8" --image-type "COS_CONTAINERD" \
	--disk-type "pd-balanced" --disk-size "100" --max-pods-per-node "110" --num-nodes "1" --logging=SYSTEM,WORKLOAD --monitoring=SYSTEM \
	--no-enable-intra-node-visibility --default-max-pods-per-node "110" --enable-dataplane-v2 --addons HorizontalPodAutoscaling,HttpLoadBalancing,NodeLocalDNS,GcePersistentDiskCsiDriver \
	--enable-autoupgrade --enable-autorepair --max-surge-upgrade 3 --max-unavailable-upgrade 3 \
	--enable-autoscaling --max-nodes=3 --min-nodes=0 --gateway-api "standard" \
	--network "projects/gregbray-ambient/global/networks/gke-vpc" \
	--subnetwork gke-iowa-subnet --enable-auto-ipam --cluster-ipv4-cidr /21 \
	--enable-ip-alias --enable-shielded-nodes --enable-dns-access --no-enable-ip-access

	# Note: when specifying primary subnet, cluster will use the whole range for node IPs but can be shared with other clusters in same region
	# Also it will generate a new secondary range for each cluster (or can specify initial using --cluster-ipv4-cidr 10.101.0.0/20)
	# instead of using the reserved internal ranges like you see when you don't specify the primary subnet.
No results found