Say I have a cluster with two services: one is an http service that I want to expose to the world, and the other is a thrift service that I want to call from some other place (over a vpn gateway into the GCP project). For this use case I decide to go with two load balancers: the one k8s will create for inbound http traffic, and an internal one I will create to handle inbound thrift traffic from the vpn. From earlier experiments I know I'm not supposed to have an instance belong to more than one load balanced instance group, so I create a separate nodepool/instance group just for the thrift service to live in, set the thrift service to open a HostPort on those instances, and use that instance group as the back end for my internal load balancer.
The problem is that kubernetes also includes the instances in the thrift instance group when it creates the load balancer for the inbound http traffic. So it seems like whatever I do, if I want to have more than one load balancer I can't avoid: status: { code: 400 message: "Validation failed for instance 'projects/blah/instances/blah': instance may belong to at most one load-balanced instance group." } So we actually set this up as described, and connections seem to work however we have seen some timeout anomalies we're debugging. They could be completely unrelated but in the process of digging into them I came across that status, investigated that and ended up posting this message. My first question is: what is the practical effect of this condition/status in the project/cluster? Follow-up: is there a way I can enable this general use case without running into the above constraint? Thanks! --Mark -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.