subject:"Re\: \[kubernetes\-users\] Can I launch Google Container Engine \(GKE\) in Private GCP network Subnet\?"

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2018-05-07 Thread Vinita

Hello Tim,

Thank for your reply. I tried to access mater from a VM in the same VPC 
network by adding it's internal IP to master authorized network but I could 
not access it. I was able to access it if I add external IP of the VM in 
authorized network. Is this expected behavior? 

Thanks,
Vinita

On Friday, March 30, 2018 at 10:04:12 AM UTC-7, Tim Hockin wrote:
>
> Private cluster is private by default.  You can not access the master from 
> the internet.  You can specifically change that with the master authorized 
> networks feature, or you can access it from within your VPC network.
>
> On Thu, Mar 29, 2018 at 10:42 PM Vinita  
> wrote:
>
>> Hi,
>>
>> I am trying to use private cluster. I am able to create private cluster 
>> but kubectl commands are not working. I am seeing connection time out error 
>> as below -
>>
>> kubectl run nginx --image=nginx --replicas=2error: failed to discover 
>> supported resources: Get https://104.154.200.217/api: dial tcp 
>> 104.154.200.217:443: i/o timeout
>> Am I missing something. I am seeing this issue in my SDK as well as Cloud 
>> shell.Thanks
>>
>>
>> On Monday, March 26, 2018 at 1:31:46 PM UTC-7, manjo...@google.com wrote:
>>>
>>> On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote:
>>> > NB there are two issues here:
>>> > 
>>> > 1) how to run a cluster where the VMs have no public IP, and the node
>>> > <-> master comms are private IP.
>>> > 
>>> > 2) how to run a cluster with long-term-stable egress IPs.
>>> > 
>>> > They are not the same issue, despite being related :)
>>> > 
>>> > Tim
>>> > 
>>> > 
>>> > On Wed, Mar 7, 2018 at 2:27 AM,   wrote:
>>> > > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote:
>>> > >> On Fri, Oct 13, 2017 at 3:17 AM,   wrote:
>>> > >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin 
>>> wrote:
>>> > >> >> Private Google Access is not a private subnet.  That simply 
>>> allows your VMs to access google service without a public IP.  You still 
>>> have to make VMs without a public IP, which GKE does not support yet.
>>> > >> >
>>> > >> > Are there any near plan to have GKE working in Private network ? 
>>> I don't want to expose my containers to public IPs
>>> > >>
>>> > >> We are evaluating how best to support this.  In the mean time, it's
>>> > >> important to note that none of your containers are exposed by 
>>> default,
>>> > >> they do not have external IPs, and with the exception of the nodes'
>>> > >> SSH port, all the default GCP firewalls default to "closed".  The 
>>> only
>>> > >> "public" traffic required is GKE masters <-> nodes, and that is only
>>> > >> "public" in name.  The traffic stays withing Google's network.
>>> > >>
>>> > >> Tim
>>> > >
>>> > > I would like to give this thread a bump and love to know if there is 
>>> any update.
>>> > > It is not uncommon to allow access to a service by whitelisting the 
>>> public ip. Each kubernetes node having its own public ip makes a mess. 
>>> Right now, only solution seems to be running a NAT instance[1]. GCP doesn't 
>>> provide NAT gateway as service either, so one would have to deal with 
>>> scaling and high availability themselves.
>>> > >
>>> > >
>>> > > [1] 
>>> https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine
>>> > >
>>> > > --
>>> > > You received this message because you are subscribed to the Google 
>>> Groups "Kubernetes user discussion and Q" group.
>>> > > To unsubscribe from this group and stop receiving emails from it, 
>>> send an email to kubernetes-use...@googlegroups.com.
>>> > > To post to this group, send email to kubernet...@googlegroups.com.
>>> > > Visit this group at https://groups.google.com/group/kubernetes-users
>>> .
>>> > > For more options, visit https://groups.google.com/d/optout.
>>>
>>> Hi,
>>>
>>> GKE now supports private clusters :-)
>>>
>>> https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html
>>>
>>> Hope that helps!
>>>
>>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Kubernetes user discussion and Q" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to kubernetes-use...@googlegroups.com .
>> To post to this group, send email to kubernet...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2018-03-30 Thread 'Tim Hockin' via Kubernetes user discussion and Q

Private cluster is private by default.  You can not access the master from
the internet.  You can specifically change that with the master authorized
networks feature, or you can access it from within your VPC network.

On Thu, Mar 29, 2018 at 10:42 PM Vinita  wrote:

> Hi,
>
> I am trying to use private cluster. I am able to create private cluster
> but kubectl commands are not working. I am seeing connection time out error
> as below -
>
> kubectl run nginx --image=nginx --replicas=2error: failed to discover
> supported resources: Get https://104.154.200.217/api: dial tcp
> 104.154.200.217:443: i/o timeout
> Am I missing something. I am seeing this issue in my SDK as well as Cloud
> shell.Thanks
>
>
> On Monday, March 26, 2018 at 1:31:46 PM UTC-7, manjo...@google.com wrote:
>>
>> On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote:
>> > NB there are two issues here:
>> >
>> > 1) how to run a cluster where the VMs have no public IP, and the node
>> > <-> master comms are private IP.
>> >
>> > 2) how to run a cluster with long-term-stable egress IPs.
>> >
>> > They are not the same issue, despite being related :)
>> >
>> > Tim
>> >
>> >
>> > On Wed, Mar 7, 2018 at 2:27 AM,   wrote:
>> > > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote:
>> > >> On Fri, Oct 13, 2017 at 3:17 AM,   wrote:
>> > >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote:
>> > >> >> Private Google Access is not a private subnet.  That simply
>> allows your VMs to access google service without a public IP.  You still
>> have to make VMs without a public IP, which GKE does not support yet.
>> > >> >
>> > >> > Are there any near plan to have GKE working in Private network ? I
>> don't want to expose my containers to public IPs
>> > >>
>> > >> We are evaluating how best to support this.  In the mean time, it's
>> > >> important to note that none of your containers are exposed by
>> default,
>> > >> they do not have external IPs, and with the exception of the nodes'
>> > >> SSH port, all the default GCP firewalls default to "closed".  The
>> only
>> > >> "public" traffic required is GKE masters <-> nodes, and that is only
>> > >> "public" in name.  The traffic stays withing Google's network.
>> > >>
>> > >> Tim
>> > >
>> > > I would like to give this thread a bump and love to know if there is
>> any update.
>> > > It is not uncommon to allow access to a service by whitelisting the
>> public ip. Each kubernetes node having its own public ip makes a mess.
>> Right now, only solution seems to be running a NAT instance[1]. GCP doesn't
>> provide NAT gateway as service either, so one would have to deal with
>> scaling and high availability themselves.
>> > >
>> > >
>> > > [1]
>> https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine
>> > >
>> > > --
>> > > You received this message because you are subscribed to the Google
>> Groups "Kubernetes user discussion and Q" group.
>> > > To unsubscribe from this group and stop receiving emails from it,
>> send an email to kubernetes-use...@googlegroups.com.
>> > > To post to this group, send email to kubernet...@googlegroups.com.
>> > > Visit this group at https://groups.google.com/group/kubernetes-users.
>> > > For more options, visit https://groups.google.com/d/optout.
>>
>> Hi,
>>
>> GKE now supports private clusters :-)
>>
>> https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html
>>
>> Hope that helps!
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2018-03-29 Thread Vinita

Hi,

I am trying to use private cluster. I am able to create private cluster but 
kubectl commands are not working. I am seeing connection time out error as 
below -

kubectl run nginx --image=nginx --replicas=2error: failed to discover 
supported resources: Get https://104.154.200.217/api: dial tcp 
104.154.200.217:443: i/o timeout
Am I missing something. I am seeing this issue in my SDK as well as Cloud 
shell.Thanks


On Monday, March 26, 2018 at 1:31:46 PM UTC-7, manjo...@google.com wrote:
>
> On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote:
> > NB there are two issues here:
> > 
> > 1) how to run a cluster where the VMs have no public IP, and the node
> > <-> master comms are private IP.
> > 
> > 2) how to run a cluster with long-term-stable egress IPs.
> > 
> > They are not the same issue, despite being related :)
> > 
> > Tim
> > 
> > 
> > On Wed, Mar 7, 2018 at 2:27 AM,   
> wrote:
> > > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote:
> > >> On Fri, Oct 13, 2017 at 3:17 AM,   
> wrote:
> > >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote:
> > >> >> Private Google Access is not a private subnet.  That simply allows 
> your VMs to access google service without a public IP.  You still have to 
> make VMs without a public IP, which GKE does not support yet.
> > >> >
> > >> > Are there any near plan to have GKE working in Private network ? I 
> don't want to expose my containers to public IPs
> > >>
> > >> We are evaluating how best to support this.  In the mean time, it's
> > >> important to note that none of your containers are exposed by default,
> > >> they do not have external IPs, and with the exception of the nodes'
> > >> SSH port, all the default GCP firewalls default to "closed".  The only
> > >> "public" traffic required is GKE masters <-> nodes, and that is only
> > >> "public" in name.  The traffic stays withing Google's network.
> > >>
> > >> Tim
> > >
> > > I would like to give this thread a bump and love to know if there is 
> any update.
> > > It is not uncommon to allow access to a service by whitelisting the 
> public ip. Each kubernetes node having its own public ip makes a mess. 
> Right now, only solution seems to be running a NAT instance[1]. GCP doesn't 
> provide NAT gateway as service either, so one would have to deal with 
> scaling and high availability themselves.
> > >
> > >
> > > [1] 
> https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine
> > >
> > > --
> > > You received this message because you are subscribed to the Google 
> Groups "Kubernetes user discussion and Q" group.
> > > To unsubscribe from this group and stop receiving emails from it, send 
> an email to kubernetes-use...@googlegroups.com .
> > > To post to this group, send email to kubernet...@googlegroups.com 
> .
> > > Visit this group at https://groups.google.com/group/kubernetes-users.
> > > For more options, visit https://groups.google.com/d/optout.
>
> Hi,
>
> GKE now supports private clusters :-)
>
> https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html
>
> Hope that helps!
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2018-03-26 Thread aditya . pr

On Tuesday, March 27, 2018 at 2:01:46 AM UTC+5:30, manjo...@google.com wrote:
> On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote:
> > NB there are two issues here:
> > 
> > 1) how to run a cluster where the VMs have no public IP, and the node
> > <-> master comms are private IP.
> > 
> > 2) how to run a cluster with long-term-stable egress IPs.
> > 
> > They are not the same issue, despite being related :)
> > 
> > Tim
> > 
> > 
> > On Wed, Mar 7, 2018 at 2:27 AM,   wrote:
> > > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote:
> > >> On Fri, Oct 13, 2017 at 3:17 AM,   wrote:
> > >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote:
> > >> >> Private Google Access is not a private subnet.  That simply allows 
> > >> >> your VMs to access google service without a public IP.  You still 
> > >> >> have to make VMs without a public IP, which GKE does not support yet.
> > >> >
> > >> > Are there any near plan to have GKE working in Private network ? I 
> > >> > don't want to expose my containers to public IPs
> > >>
> > >> We are evaluating how best to support this.  In the mean time, it's
> > >> important to note that none of your containers are exposed by default,
> > >> they do not have external IPs, and with the exception of the nodes'
> > >> SSH port, all the default GCP firewalls default to "closed".  The only
> > >> "public" traffic required is GKE masters <-> nodes, and that is only
> > >> "public" in name.  The traffic stays withing Google's network.
> > >>
> > >> Tim
> > >
> > > I would like to give this thread a bump and love to know if there is any 
> > > update.
> > > It is not uncommon to allow access to a service by whitelisting the 
> > > public ip. Each kubernetes node having its own public ip makes a mess. 
> > > Right now, only solution seems to be running a NAT instance[1]. GCP 
> > > doesn't provide NAT gateway as service either, so one would have to deal 
> > > with scaling and high availability themselves.
> > >
> > >
> > > [1] 
> > > https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine
> > >
> > > --
> > > You received this message because you are subscribed to the Google Groups 
> > > "Kubernetes user discussion and Q" group.
> > > To unsubscribe from this group and stop receiving emails from it, send an 
> > > email to kubernetes-users+unsubscr...@googlegroups.com.
> > > To post to this group, send email to kubernetes-users@googlegroups.com.
> > > Visit this group at https://groups.google.com/group/kubernetes-users.
> > > For more options, visit https://groups.google.com/d/optout.
> 
> Hi,
> 
> GKE now supports private clusters :-)
> https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html
> 
> Hope that helps!

Hey, this is great news. Thanks for update.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2018-03-26 Thread manjotpahwa via Kubernetes user discussion and Q

On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote:
> NB there are two issues here:
> 
> 1) how to run a cluster where the VMs have no public IP, and the node
> <-> master comms are private IP.
> 
> 2) how to run a cluster with long-term-stable egress IPs.
> 
> They are not the same issue, despite being related :)
> 
> Tim
> 
> 
> On Wed, Mar 7, 2018 at 2:27 AM,   wrote:
> > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote:
> >> On Fri, Oct 13, 2017 at 3:17 AM,   wrote:
> >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote:
> >> >> Private Google Access is not a private subnet.  That simply allows your 
> >> >> VMs to access google service without a public IP.  You still have to 
> >> >> make VMs without a public IP, which GKE does not support yet.
> >> >
> >> > Are there any near plan to have GKE working in Private network ? I don't 
> >> > want to expose my containers to public IPs
> >>
> >> We are evaluating how best to support this.  In the mean time, it's
> >> important to note that none of your containers are exposed by default,
> >> they do not have external IPs, and with the exception of the nodes'
> >> SSH port, all the default GCP firewalls default to "closed".  The only
> >> "public" traffic required is GKE masters <-> nodes, and that is only
> >> "public" in name.  The traffic stays withing Google's network.
> >>
> >> Tim
> >
> > I would like to give this thread a bump and love to know if there is any 
> > update.
> > It is not uncommon to allow access to a service by whitelisting the public 
> > ip. Each kubernetes node having its own public ip makes a mess. Right now, 
> > only solution seems to be running a NAT instance[1]. GCP doesn't provide 
> > NAT gateway as service either, so one would have to deal with scaling and 
> > high availability themselves.
> >
> >
> > [1] 
> > https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine
> >
> > --
> > You received this message because you are subscribed to the Google Groups 
> > "Kubernetes user discussion and Q" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to kubernetes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to kubernetes-users@googlegroups.com.
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> > For more options, visit https://groups.google.com/d/optout.

Hi,

GKE now supports private clusters :-)
https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html

Hope that helps!

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2018-03-07 Thread aditya . pr

On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote:
> On Fri, Oct 13, 2017 at 3:17 AM,   wrote:
> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote:
> >> Private Google Access is not a private subnet.  That simply allows your 
> >> VMs to access google service without a public IP.  You still have to make 
> >> VMs without a public IP, which GKE does not support yet.
> >
> > Are there any near plan to have GKE working in Private network ? I don't 
> > want to expose my containers to public IPs
> 
> We are evaluating how best to support this.  In the mean time, it's
> important to note that none of your containers are exposed by default,
> they do not have external IPs, and with the exception of the nodes'
> SSH port, all the default GCP firewalls default to "closed".  The only
> "public" traffic required is GKE masters <-> nodes, and that is only
> "public" in name.  The traffic stays withing Google's network.
> 
> Tim

I would like to give this thread a bump and love to know if there is any update.
It is not uncommon to allow access to a service by whitelisting the public ip. 
Each kubernetes node having its own public ip makes a mess. Right now, only 
solution seems to be running a NAT instance[1]. GCP doesn't provide NAT gateway 
as service either, so one would have to deal with scaling and high availability 
themselves.


[1] 
https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2017-10-13 Thread 'Tim Hockin' via Kubernetes user discussion and Q

On Fri, Oct 13, 2017 at 3:17 AM,   wrote:
> On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote:
>> Private Google Access is not a private subnet.  That simply allows your VMs 
>> to access google service without a public IP.  You still have to make VMs 
>> without a public IP, which GKE does not support yet.
>
> Are there any near plan to have GKE working in Private network ? I don't want 
> to expose my containers to public IPs

We are evaluating how best to support this.  In the mean time, it's
important to note that none of your containers are exposed by default,
they do not have external IPs, and with the exception of the nodes'
SSH port, all the default GCP firewalls default to "closed".  The only
"public" traffic required is GKE masters <-> nodes, and that is only
"public" in name.  The traffic stays withing Google's network.

Tim

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2017-07-28 Thread 'Tim Hockin' via Kubernetes user discussion and Q

Private Google Access is not a private subnet.  That simply allows your VMs
to access google service without a public IP.  You still have to make VMs
without a public IP, which GKE does not support yet.

On Wed, Jul 19, 2017 at 12:14 PM, Cybage ALM 
wrote:

> I have created custom Google Cloud VPC, then created custom Private
> Network Access Subnet under that VPC.
>
> Below are Setting of Private Subnet
>
>
> [image: Inline image 2]
>
> Then while creating GKE Cluster we selecting Network as Custom Created VPC
> and Subnetwork which we have created Private Subnet as above.
>
> These are steps we have followed to launch cluster in Private Subnet.
>
>
>
> On Wed, Jul 19, 2017 at 10:32 PM, 'Tim Hockin' via Kubernetes user
> discussion and Q  wrote:
>
>> How did you create these private/public subnets?  GKE should not allow
>> you to create a cluster in a Network that doesn't have a default route
>> to internet.  Routes are per-Network, not per-SubNetwork.
>>
>> On Tue, Jul 18, 2017 at 11:27 PM, nnilesh7...@gmail.com
>>  wrote:
>> > On Tuesday, July 18, 2017 at 8:52:47 PM UTC+5:30, Tim Hockin wrote:
>> >> GKE relies on public IPs to access the hosted master, for now.
>> >>
>> >> On Tue, Jul 18, 2017 at 1:46 AM, nnilesh7...@gmail.com
>> >>  wrote:
>> >> > I'm trying to launch Google Container Engine (GKE) in Private GCP
>> network Subnet.
>> >> >
>> >> > I have created custom Google Cloud VPC, then I have created custom
>> Private Network Access Subnet too under that VPC.
>> >> >
>> >> > 1) When I create GKE cluster with Private Subnet, still my
>> Kubernetes nodes assigned with Public IP. Why it is so ? As per Google
>> Document private instance should get Private IP.
>> >> >
>> >> > 2) If I create cluster in Private, can I connect my container
>> application to Google SQL instance ?
>> >> >
>> >> > 3) Is any recommendation to launch GKE cluster should launched in
>> Public Subnet only, not in Private Subnet ?
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to the Google
>> Groups "Kubernetes user discussion and Q" group.
>> >> > To unsubscribe from this group and stop receiving emails from it,
>> send an email to kubernetes-users+unsubscr...@googlegroups.com.
>> >> > To post to this group, send email to kubernetes-users@googlegroups.
>> com.
>> >> > Visit this group at https://groups.google.com/group/kubernetes-users
>> .
>> >> > For more options, visit https://groups.google.com/d/optout.
>> >
>> > Thank you very much Tim, for your reply!!
>> >
>> > So for now GKE cluster we have to launch in Public Subnet. Right?
>> >
>> > Observation : We have launched GKE cluster in Private Subnet, but GKE
>> Cluster is behaving same as if its launch in Public Subnet.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups "Kubernetes user discussion and Q" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to kubernetes-users+unsubscr...@googlegroups.com.
>> > To post to this group, send email to kubernetes-users@googlegroups.com.
>> > Visit this group at https://groups.google.com/group/kubernetes-users.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Kubernetes user discussion and Q" group.
>> To unsubscribe from this topic, visit https://groups.google.com/d/to
>> pic/kubernetes-users/YK0JNgTIHyI/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> kubernetes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to kubernetes-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2017-07-19 Thread Cybage ALM

I have created custom Google Cloud VPC, then created custom Private Network
Access Subnet under that VPC.

Below are Setting of Private Subnet


[image: Inline image 2]

Then while creating GKE Cluster we selecting Network as Custom Created VPC
and Subnetwork which we have created Private Subnet as above.

These are steps we have followed to launch cluster in Private Subnet.



On Wed, Jul 19, 2017 at 10:32 PM, 'Tim Hockin' via Kubernetes user
discussion and Q  wrote:

> How did you create these private/public subnets?  GKE should not allow
> you to create a cluster in a Network that doesn't have a default route
> to internet.  Routes are per-Network, not per-SubNetwork.
>
> On Tue, Jul 18, 2017 at 11:27 PM, nnilesh7...@gmail.com
>  wrote:
> > On Tuesday, July 18, 2017 at 8:52:47 PM UTC+5:30, Tim Hockin wrote:
> >> GKE relies on public IPs to access the hosted master, for now.
> >>
> >> On Tue, Jul 18, 2017 at 1:46 AM, nnilesh7...@gmail.com
> >>  wrote:
> >> > I'm trying to launch Google Container Engine (GKE) in Private GCP
> network Subnet.
> >> >
> >> > I have created custom Google Cloud VPC, then I have created custom
> Private Network Access Subnet too under that VPC.
> >> >
> >> > 1) When I create GKE cluster with Private Subnet, still my Kubernetes
> nodes assigned with Public IP. Why it is so ? As per Google Document
> private instance should get Private IP.
> >> >
> >> > 2) If I create cluster in Private, can I connect my container
> application to Google SQL instance ?
> >> >
> >> > 3) Is any recommendation to launch GKE cluster should launched in
> Public Subnet only, not in Private Subnet ?
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> Groups "Kubernetes user discussion and Q" group.
> >> > To unsubscribe from this group and stop receiving emails from it,
> send an email to kubernetes-users+unsubscr...@googlegroups.com.
> >> > To post to this group, send email to kubernetes-users@googlegroups.
> com.
> >> > Visit this group at https://groups.google.com/group/kubernetes-users.
> >> > For more options, visit https://groups.google.com/d/optout.
> >
> > Thank you very much Tim, for your reply!!
> >
> > So for now GKE cluster we have to launch in Public Subnet. Right?
> >
> > Observation : We have launched GKE cluster in Private Subnet, but GKE
> Cluster is behaving same as if its launch in Public Subnet.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Kubernetes user discussion and Q" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to kubernetes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to kubernetes-users@googlegroups.com.
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/kubernetes-users/YK0JNgTIHyI/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2017-07-19 Thread 'Tim Hockin' via Kubernetes user discussion and Q

How did you create these private/public subnets?  GKE should not allow
you to create a cluster in a Network that doesn't have a default route
to internet.  Routes are per-Network, not per-SubNetwork.

On Tue, Jul 18, 2017 at 11:27 PM, nnilesh7...@gmail.com
 wrote:
> On Tuesday, July 18, 2017 at 8:52:47 PM UTC+5:30, Tim Hockin wrote:
>> GKE relies on public IPs to access the hosted master, for now.
>>
>> On Tue, Jul 18, 2017 at 1:46 AM, nnilesh7...@gmail.com
>>  wrote:
>> > I'm trying to launch Google Container Engine (GKE) in Private GCP network 
>> > Subnet.
>> >
>> > I have created custom Google Cloud VPC, then I have created custom Private 
>> > Network Access Subnet too under that VPC.
>> >
>> > 1) When I create GKE cluster with Private Subnet, still my Kubernetes 
>> > nodes assigned with Public IP. Why it is so ? As per Google Document 
>> > private instance should get Private IP.
>> >
>> > 2) If I create cluster in Private, can I connect my container application 
>> > to Google SQL instance ?
>> >
>> > 3) Is any recommendation to launch GKE cluster should launched in Public 
>> > Subnet only, not in Private Subnet ?
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups 
>> > "Kubernetes user discussion and Q" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an 
>> > email to kubernetes-users+unsubscr...@googlegroups.com.
>> > To post to this group, send email to kubernetes-users@googlegroups.com.
>> > Visit this group at https://groups.google.com/group/kubernetes-users.
>> > For more options, visit https://groups.google.com/d/optout.
>
> Thank you very much Tim, for your reply!!
>
> So for now GKE cluster we have to launch in Public Subnet. Right?
>
> Observation : We have launched GKE cluster in Private Subnet, but GKE Cluster 
> is behaving same as if its launch in Public Subnet.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Kubernetes user discussion and Q" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

2017-07-19 Thread nnilesh7...@gmail.com

On Tuesday, July 18, 2017 at 8:52:47 PM UTC+5:30, Tim Hockin wrote:
> GKE relies on public IPs to access the hosted master, for now.
> 
> On Tue, Jul 18, 2017 at 1:46 AM, nnilesh7...@gmail.com
>  wrote:
> > I'm trying to launch Google Container Engine (GKE) in Private GCP network 
> > Subnet.
> >
> > I have created custom Google Cloud VPC, then I have created custom Private 
> > Network Access Subnet too under that VPC.
> >
> > 1) When I create GKE cluster with Private Subnet, still my Kubernetes nodes 
> > assigned with Public IP. Why it is so ? As per Google Document private 
> > instance should get Private IP.
> >
> > 2) If I create cluster in Private, can I connect my container application 
> > to Google SQL instance ?
> >
> > 3) Is any recommendation to launch GKE cluster should launched in Public 
> > Subnet only, not in Private Subnet ?
> >
> > --
> > You received this message because you are subscribed to the Google Groups 
> > "Kubernetes user discussion and Q" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to kubernetes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to kubernetes-users@googlegroups.com.
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> > For more options, visit https://groups.google.com/d/optout.

Thank you very much Tim, for your reply!!

So for now GKE cluster we have to launch in Public Subnet. Right?

Observation : We have launched GKE cluster in Private Subnet, but GKE Cluster 
is behaving same as if its launch in Public Subnet.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

11 matches

Site Navigation

Mail list logo

Footer information