Hi Alan, Thanks for your reply. I tried your workaround but the certificate is not valid for master's internal IP address. I get below error - Unable to connect to the server: x509: certificate is valid for 35.224.109.130, 10.118.16.1, 172.16.0.2, not 172.16.0.3Thanks, Vinita
On Wednesday, May 9, 2018 at 12:03:19 PM UTC-7, Alan Grosskurth wrote: > > Hi Vinita, > > I believe the problem is that currently "gcloud container clusters > get-credentials" always writes the master's external IP address to > ~/.kube/config. So kubectl always talks to that external IP address (via > the external IP address of the VM it's running on). > > You should be able to modify ~/.kube/config on your VM to tell kubectl to > talk to the master's internal IP address. > > First, find the endpoint resource containing the master's internal IP > address. For example: > > $ kubectl get endpoints kubernetes > NAME ENDPOINTS AGE > kubernetes 172.16.0.1:443 1d > > Then open ~/.kube/config and find the section for your cluster. For > example: > > apiVersion: v1 > clusters: > - cluster: > certificate-authority-data: REDACTED > server: https://104.198.205.71 > name: gke_myproject_us-central1-c_mycluster > > Replace the external address (https://104.198.205.71) with the internal > address (https://172.16.0.1). The kubectl command should now work, > provided Master Authorized Networks allows access from the VM's internal IP > address. Note that all of these IP addresses will be different depending on > your environment. > > Let me know if this helps. I agree this isn't very straightforward---I'm > looking into potential ways this setup could be improved. > > Thanks, > > ---Alan > > On Tue, May 8, 2018 at 12:01 PM Vinita <vjo...@etouch.net <javascript:>> > wrote: > >> I have created a private cluster and VM in the same network. I added VM's >> internal IP in private cluster's master authorized network. From VM, after >> obtaining cluster credentials, I am not able to execute kubectl commands. >> However, if I add VM's external IP to master authorized network I am able >> to execute kubectl commands. This behavior is not consistent with the >> documentation. Not sure if I am missing something here. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Kubernetes user discussion and Q&A" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to kubernetes-use...@googlegroups.com <javascript:>. >> To post to this group, send email to kubernet...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/kubernetes-users. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.