Hello Tim, Thank for your reply. I tried to access mater from a VM in the same VPC network by adding it's internal IP to master authorized network but I could not access it. I was able to access it if I add external IP of the VM in authorized network. Is this expected behavior?
Thanks, Vinita On Friday, March 30, 2018 at 10:04:12 AM UTC-7, Tim Hockin wrote: > > Private cluster is private by default. You can not access the master from > the internet. You can specifically change that with the master authorized > networks feature, or you can access it from within your VPC network. > > On Thu, Mar 29, 2018 at 10:42 PM Vinita <vjo...@etouch.net <javascript:>> > wrote: > >> Hi, >> >> I am trying to use private cluster. I am able to create private cluster >> but kubectl commands are not working. I am seeing connection time out error >> as below - >> >> kubectl run nginx --image=nginx --replicas=2error: failed to discover >> supported resources: Get https://104.154.200.217/api: dial tcp >> 104.154.200.217:443: i/o timeout >> Am I missing something. I am seeing this issue in my SDK as well as Cloud >> shell.Thanks >> >> >> On Monday, March 26, 2018 at 1:31:46 PM UTC-7, manjo...@google.com wrote: >>> >>> On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote: >>> > NB there are two issues here: >>> > >>> > 1) how to run a cluster where the VMs have no public IP, and the node >>> > <-> master comms are private IP. >>> > >>> > 2) how to run a cluster with long-term-stable egress IPs. >>> > >>> > They are not the same issue, despite being related :) >>> > >>> > Tim >>> > >>> > >>> > On Wed, Mar 7, 2018 at 2:27 AM, <adit...@media.net> wrote: >>> > > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote: >>> > >> On Fri, Oct 13, 2017 at 3:17 AM, <dbg...@gmail.com> wrote: >>> > >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin >>> wrote: >>> > >> >> Private Google Access is not a private subnet. That simply >>> allows your VMs to access google service without a public IP. You still >>> have to make VMs without a public IP, which GKE does not support yet. >>> > >> > >>> > >> > Are there any near plan to have GKE working in Private network ? >>> I don't want to expose my containers to public IPs >>> > >> >>> > >> We are evaluating how best to support this. In the mean time, it's >>> > >> important to note that none of your containers are exposed by >>> default, >>> > >> they do not have external IPs, and with the exception of the nodes' >>> > >> SSH port, all the default GCP firewalls default to "closed". The >>> only >>> > >> "public" traffic required is GKE masters <-> nodes, and that is only >>> > >> "public" in name. The traffic stays withing Google's network. >>> > >> >>> > >> Tim >>> > > >>> > > I would like to give this thread a bump and love to know if there is >>> any update. >>> > > It is not uncommon to allow access to a service by whitelisting the >>> public ip. Each kubernetes node having its own public ip makes a mess. >>> Right now, only solution seems to be running a NAT instance[1]. GCP doesn't >>> provide NAT gateway as service either, so one would have to deal with >>> scaling and high availability themselves. >>> > > >>> > > >>> > > [1] >>> https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine >>> > > >>> > > -- >>> > > You received this message because you are subscribed to the Google >>> Groups "Kubernetes user discussion and Q&A" group. >>> > > To unsubscribe from this group and stop receiving emails from it, >>> send an email to kubernetes-use...@googlegroups.com. >>> > > To post to this group, send email to kubernet...@googlegroups.com. >>> > > Visit this group at https://groups.google.com/group/kubernetes-users >>> . >>> > > For more options, visit https://groups.google.com/d/optout. >>> >>> Hi, >>> >>> GKE now supports private clusters :-) >>> >>> https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html >>> >>> Hope that helps! >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Kubernetes user discussion and Q&A" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to kubernetes-use...@googlegroups.com <javascript:>. >> To post to this group, send email to kubernet...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/kubernetes-users. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.