Private cluster is private by default. You can not access the master from the internet. You can specifically change that with the master authorized networks feature, or you can access it from within your VPC network.
On Thu, Mar 29, 2018 at 10:42 PM Vinita <vjo...@etouch.net> wrote: > Hi, > > I am trying to use private cluster. I am able to create private cluster > but kubectl commands are not working. I am seeing connection time out error > as below - > > kubectl run nginx --image=nginx --replicas=2error: failed to discover > supported resources: Get https://104.154.200.217/api: dial tcp > 104.154.200.217:443: i/o timeout > Am I missing something. I am seeing this issue in my SDK as well as Cloud > shell.Thanks > > > On Monday, March 26, 2018 at 1:31:46 PM UTC-7, manjo...@google.com wrote: >> >> On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote: >> > NB there are two issues here: >> > >> > 1) how to run a cluster where the VMs have no public IP, and the node >> > <-> master comms are private IP. >> > >> > 2) how to run a cluster with long-term-stable egress IPs. >> > >> > They are not the same issue, despite being related :) >> > >> > Tim >> > >> > >> > On Wed, Mar 7, 2018 at 2:27 AM, <adit...@media.net> wrote: >> > > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote: >> > >> On Fri, Oct 13, 2017 at 3:17 AM, <dbg...@gmail.com> wrote: >> > >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote: >> > >> >> Private Google Access is not a private subnet. That simply >> allows your VMs to access google service without a public IP. You still >> have to make VMs without a public IP, which GKE does not support yet. >> > >> > >> > >> > Are there any near plan to have GKE working in Private network ? I >> don't want to expose my containers to public IPs >> > >> >> > >> We are evaluating how best to support this. In the mean time, it's >> > >> important to note that none of your containers are exposed by >> default, >> > >> they do not have external IPs, and with the exception of the nodes' >> > >> SSH port, all the default GCP firewalls default to "closed". The >> only >> > >> "public" traffic required is GKE masters <-> nodes, and that is only >> > >> "public" in name. The traffic stays withing Google's network. >> > >> >> > >> Tim >> > > >> > > I would like to give this thread a bump and love to know if there is >> any update. >> > > It is not uncommon to allow access to a service by whitelisting the >> public ip. Each kubernetes node having its own public ip makes a mess. >> Right now, only solution seems to be running a NAT instance[1]. GCP doesn't >> provide NAT gateway as service either, so one would have to deal with >> scaling and high availability themselves. >> > > >> > > >> > > [1] >> https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine >> > > >> > > -- >> > > You received this message because you are subscribed to the Google >> Groups "Kubernetes user discussion and Q&A" group. >> > > To unsubscribe from this group and stop receiving emails from it, >> send an email to kubernetes-use...@googlegroups.com. >> > > To post to this group, send email to kubernet...@googlegroups.com. >> > > Visit this group at https://groups.google.com/group/kubernetes-users. >> > > For more options, visit https://groups.google.com/d/optout. >> >> Hi, >> >> GKE now supports private clusters :-) >> >> https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html >> >> Hope that helps! >> >> -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
