On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote: > NB there are two issues here: > > 1) how to run a cluster where the VMs have no public IP, and the node > <-> master comms are private IP. > > 2) how to run a cluster with long-term-stable egress IPs. > > They are not the same issue, despite being related :) > > Tim > > > On Wed, Mar 7, 2018 at 2:27 AM, <aditya...@media.net> wrote: > > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote: > >> On Fri, Oct 13, 2017 at 3:17 AM, <dbgh...@gmail.com> wrote: > >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote: > >> >> Private Google Access is not a private subnet. That simply allows your > >> >> VMs to access google service without a public IP. You still have to > >> >> make VMs without a public IP, which GKE does not support yet. > >> > > >> > Are there any near plan to have GKE working in Private network ? I don't > >> > want to expose my containers to public IPs > >> > >> We are evaluating how best to support this. In the mean time, it's > >> important to note that none of your containers are exposed by default, > >> they do not have external IPs, and with the exception of the nodes' > >> SSH port, all the default GCP firewalls default to "closed". The only > >> "public" traffic required is GKE masters <-> nodes, and that is only > >> "public" in name. The traffic stays withing Google's network. > >> > >> Tim > > > > I would like to give this thread a bump and love to know if there is any > > update. > > It is not uncommon to allow access to a service by whitelisting the public > > ip. Each kubernetes node having its own public ip makes a mess. Right now, > > only solution seems to be running a NAT instance[1]. GCP doesn't provide > > NAT gateway as service either, so one would have to deal with scaling and > > high availability themselves. > > > > > > [1] > > https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Kubernetes user discussion and Q&A" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to kubernetes-users+unsubscr...@googlegroups.com. > > To post to this group, send email to kubernetes-users@googlegroups.com. > > Visit this group at https://groups.google.com/group/kubernetes-users. > > For more options, visit https://groups.google.com/d/optout.
Hi, GKE now supports private clusters :-) https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html Hope that helps! -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.