On Tuesday, March 27, 2018 at 2:01:46 AM UTC+5:30, manjo...@google.com wrote: > On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote: > > NB there are two issues here: > > > > 1) how to run a cluster where the VMs have no public IP, and the node > > <-> master comms are private IP. > > > > 2) how to run a cluster with long-term-stable egress IPs. > > > > They are not the same issue, despite being related :) > > > > Tim > > > > > > On Wed, Mar 7, 2018 at 2:27 AM, <aditya...@media.net> wrote: > > > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote: > > >> On Fri, Oct 13, 2017 at 3:17 AM, <dbgh...@gmail.com> wrote: > > >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote: > > >> >> Private Google Access is not a private subnet. That simply allows > > >> >> your VMs to access google service without a public IP. You still > > >> >> have to make VMs without a public IP, which GKE does not support yet. > > >> > > > >> > Are there any near plan to have GKE working in Private network ? I > > >> > don't want to expose my containers to public IPs > > >> > > >> We are evaluating how best to support this. In the mean time, it's > > >> important to note that none of your containers are exposed by default, > > >> they do not have external IPs, and with the exception of the nodes' > > >> SSH port, all the default GCP firewalls default to "closed". The only > > >> "public" traffic required is GKE masters <-> nodes, and that is only > > >> "public" in name. The traffic stays withing Google's network. > > >> > > >> Tim > > > > > > I would like to give this thread a bump and love to know if there is any > > > update. > > > It is not uncommon to allow access to a service by whitelisting the > > > public ip. Each kubernetes node having its own public ip makes a mess. > > > Right now, only solution seems to be running a NAT instance[1]. GCP > > > doesn't provide NAT gateway as service either, so one would have to deal > > > with scaling and high availability themselves. > > > > > > > > > [1] > > > https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine > > > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Kubernetes user discussion and Q&A" group. > > > To unsubscribe from this group and stop receiving emails from it, send an > > > email to kubernetes-users+unsubscr...@googlegroups.com. > > > To post to this group, send email to kubernetes-users@googlegroups.com. > > > Visit this group at https://groups.google.com/group/kubernetes-users. > > > For more options, visit https://groups.google.com/d/optout. > > Hi, > > GKE now supports private clusters :-) > https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html > > Hope that helps!
Hey, this is great news. Thanks for update. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.