Google Cloud: Step by Step Tutorials for setting up Multi-cluster Ingress (MCI)

1. Enable Required APIs:
   Ensure the necessary Google Cloud APIs are enabled for your project:
   - Compute Engine API
   - Kubernetes Engine API
   - GKE Hub API
   - Multi-cluster Ingress API
   You can enable these through the Google Cloud Console or by using the gcloud command-line tool.

2. Prepare Your GKE Clusters:
   - Create or select existing GKE clusters in different regions to set up a multi-cluster environment.
   - Register your clusters with a Google Cloud fleet if not already done. This step is crucial for MCI.

3. Grant IAM Permissions:
   Ensure the Google Cloud account or service account you're using has the necessary roles:
   - roles/container.admin (GKE Admin)
   - roles/gkehub.admin (GKE Hub Admin)
   - roles/compute.networkAdmin (Compute Network Admin)
   These roles are needed to configure MCI and related resources.

4. Configure Multi-cluster Ingress:
   - Install the `gcloud` beta components if you haven't already:
     `gcloud components install beta`
   - Use `gcloud` to create a multi-cluster ingress. This step involves defining the global load balancer that will route traffic to your services across clusters.

5. Deploy Your Application:
   - Deploy your application to the clusters you want to include in the MCI setup.
   - Ensure that each application instance is exposed via a Kubernetes Service of type ClusterIP or NodePort.

6. Define MultiClusterService:
   - Create a MultiClusterService (MCS) resource for each Kubernetes Service you want to expose through MCI. This step makes your services discoverable across clusters.

7. Deploy MultiClusterIngress:
   - Define and deploy a MultiClusterIngress (MCI) resource that specifies how external traffic should be routed to your multi-cluster services.

8. Apply FrontendConfig and BackendConfig (Optional):
   - If needed, define and apply FrontendConfig for custom frontend settings like SSL policies.
   - Define and apply BackendConfig to customize backend settings, such as health checks and session affinity.


  1. Enable Required APIs:Bashgcloud services enable gcloud services enable gcloud services enable
  2. Provision GKE Clusters (2 or more):Use the Cloud SDK’s gcloud container clusters create command to create GKE clusters in geographically distributed regions. Ensure Workload Identity Federation is enabled for seamless communication between clusters.Example for a cluster named gke-us in the us-central1 region:Bashgcloud container clusters create gke-us \ --region=us-central1 \ --enable-workload-identity \ \ --release-channel=stable \ --project=PROJECT_ID Repeat for additional clusters, replacing region and names accordingly.
  3. Register Clusters to a Fleet:Create a fleet in your project to manage your GKE clusters:Bashgcloud multi-cluster ingress fleets create my-fleet \ --project=PROJECT_ID Use codeĀ with caution.content_copyRegister each cluster to the fleet using its location and name:Bashgcloud container hub memberships register gke-us \ --gke-cluster=us-central1/gke-us \ --enable-workload-identity # Repeat for other clusters (replace names and locations)
  4. Select a Config Cluster:Choose a GKE cluster to act as the central configuration cluster. This cluster will manage MCI resources.
  5. Deploy Applications (Optional):Deploy your applications to the desired GKE clusters using Kubernetes deployment manifests.
  6. Create MultiClusterService Resources:In the config cluster, define MultiClusterService resources that specify backend services across registered clusters. These services will be targeted by the MCI.
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x