On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote: > On Fri, Oct 13, 2017 at 3:17 AM, <dbgh...@gmail.com> wrote: > > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote: > >> Private Google Access is not a private subnet. That simply allows your > >> VMs to access google service without a public IP. You still have to make > >> VMs without a public IP, which GKE does not support yet. > > > > Are there any near plan to have GKE working in Private network ? I don't > > want to expose my containers to public IPs > > We are evaluating how best to support this. In the mean time, it's > important to note that none of your containers are exposed by default, > they do not have external IPs, and with the exception of the nodes' > SSH port, all the default GCP firewalls default to "closed". The only > "public" traffic required is GKE masters <-> nodes, and that is only > "public" in name. The traffic stays withing Google's network. > > Tim
I would like to give this thread a bump and love to know if there is any update. It is not uncommon to allow access to a service by whitelisting the public ip. Each kubernetes node having its own public ip makes a mess. Right now, only solution seems to be running a NAT instance[1]. GCP doesn't provide NAT gateway as service either, so one would have to deal with scaling and high availability themselves. [1] https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.