Convert private GKE cluster private endpoint to public endpoint

Question

Any chances of converting the private endpoint of a private GKE Cluster to a public endpoint ?

Answer 1

AFAIK, you can't change this because an internal load balancer is created in front of the master and you can't grant it external.

But you can cheat by using this command

gcloud container clusters update <Cluster Name> \
    --enable-master-authorized-networks \
    --master-authorized-networks 0.0.0.0/0

here you authorize any IPs to access to your cluster. It's not very clean, but it should work! The best is to recreate your cluster.

---

EDIT 1

Thanks with the comment of Jijo John, this cheat mode solution doesn't work. The authorized network must be a reserved range, in your private networks. That is obviously normal. Thanks for the try!

Answer 2

This is a Community Wiki answer so feel free to edit it and add any additional details you consider important.

I can't see any option to convert Master private IP range to public IP range.

Well, there is no such option as it wasn't meant to be edited after it has been set up. Private cluster, once created as private one is supposed to remain private. The same rule applies to the public one (compare it with one of my older answers to your question).

So I totally agree with guillaume blaquiere that:

The best is to recreate your cluster.

It looks like an interesting workaround, but keep in mind that this is only a workaround which won't convert your private cluster into a public one. If you check it in GKE pane in GCP console, it will still show you Private cluster as Enabled if you set it this way during its creation. So although it may work well, in order to avoid further confusion I would also recommend to recreate your cluster and migrate your workload.