NB there are two issues here: 1) how to run a cluster where the VMs have no public IP, and the node <-> master comms are private IP.
2) how to run a cluster with long-term-stable egress IPs. They are not the same issue, despite being related :) Tim On Wed, Mar 7, 2018 at 2:27 AM, <[email protected]> wrote: > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote: >> On Fri, Oct 13, 2017 at 3:17 AM, <[email protected]> wrote: >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote: >> >> Private Google Access is not a private subnet. That simply allows your >> >> VMs to access google service without a public IP. You still have to make >> >> VMs without a public IP, which GKE does not support yet. >> > >> > Are there any near plan to have GKE working in Private network ? I don't >> > want to expose my containers to public IPs >> >> We are evaluating how best to support this. In the mean time, it's >> important to note that none of your containers are exposed by default, >> they do not have external IPs, and with the exception of the nodes' >> SSH port, all the default GCP firewalls default to "closed". The only >> "public" traffic required is GKE masters <-> nodes, and that is only >> "public" in name. The traffic stays withing Google's network. >> >> Tim > > I would like to give this thread a bump and love to know if there is any > update. > It is not uncommon to allow access to a service by whitelisting the public > ip. Each kubernetes node having its own public ip makes a mess. Right now, > only solution seems to be running a NAT instance[1]. GCP doesn't provide NAT > gateway as service either, so one would have to deal with scaling and high > availability themselves. > > > [1] > https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine > > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
