NB there are two issues here:

1) how to run a cluster where the VMs have no public IP, and the node
<-> master comms are private IP.

2) how to run a cluster with long-term-stable egress IPs.

They are not the same issue, despite being related :)

Tim


On Wed, Mar 7, 2018 at 2:27 AM,  <aditya...@media.net> wrote:
> On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote:
>> On Fri, Oct 13, 2017 at 3:17 AM,  <dbgh...@gmail.com> wrote:
>> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote:
>> >> Private Google Access is not a private subnet.  That simply allows your 
>> >> VMs to access google service without a public IP.  You still have to make 
>> >> VMs without a public IP, which GKE does not support yet.
>> >
>> > Are there any near plan to have GKE working in Private network ? I don't 
>> > want to expose my containers to public IPs
>>
>> We are evaluating how best to support this.  In the mean time, it's
>> important to note that none of your containers are exposed by default,
>> they do not have external IPs, and with the exception of the nodes'
>> SSH port, all the default GCP firewalls default to "closed".  The only
>> "public" traffic required is GKE masters <-> nodes, and that is only
>> "public" in name.  The traffic stays withing Google's network.
>>
>> Tim
>
> I would like to give this thread a bump and love to know if there is any 
> update.
> It is not uncommon to allow access to a service by whitelisting the public 
> ip. Each kubernetes node having its own public ip makes a mess. Right now, 
> only solution seems to be running a NAT instance[1]. GCP doesn't provide NAT 
> gateway as service either, so one would have to deal with scaling and high 
> availability themselves.
>
>
> [1] 
> https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
  • [kubernetes-users]... nnilesh7...@gmail.com
    • Re: [kubernet... 'Tim Hockin' via Kubernetes user discussion and Q&A
      • Re: [kube... nnilesh7...@gmail.com
        • Re: [... 'Tim Hockin' via Kubernetes user discussion and Q&A
          • R... Cybage ALM
            • ... 'Tim Hockin' via Kubernetes user discussion and Q&A
              • ... dbghule
                • ... 'Tim Hockin' via Kubernetes user discussion and Q&A
                • ... aditya . pr
                • ... 'Tim Hockin' via Kubernetes user discussion and Q&A
                • ... manjotpahwa via Kubernetes user discussion and Q&A
                • ... aditya . pr
                • ... Vinita
                • ... 'Tim Hockin' via Kubernetes user discussion and Q&A
                • ... Vinita

Reply via email to