On Monday, 22 January 2018 19:42:16 UTC, Tim Hockin wrote: > VPN is the normal answer - you are extending your private space into the > cloud. > > On Sun, Jan 21, 2018 at 8:39 AM, Lorenz Vanthillo > <lorenz.vanthi...@gmail.com> wrote: > > Thanks for your reply. Now I want to use GKE to create my Kubernetes > > cluster, so my master IP will be public. I read something here > > (https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks) > > about how we can secure this. > > > > For our cluster we disabled the GKE Ingress Controller, since that would > > create public HTTP(S) load balancers for us when creating Ingress resources. > > (like in the tutorial). > > We are now just creating deployments (pods, rs, ..), with services of the > > type ClusterIP. Those services will only be accessible from inside our > > cluster. > > > > Now we are searching for a good way to connect to this cluster. We were > > thinking about a VPN connection which will offer us an IP from inside this > > cluster. So we can access the services inside our browser etc. (it will look > > public for us, but it's private). > > > > Is there a way documentated on how we can set this up? > > > > On 20 January 2018 at 23:36, 'Tim Hockin' via Kubernetes user discussion and > > Q&A <kubernetes-users@googlegroups.com> wrote: > >> > >> Important - this is for kubernetes on GCE, not for GKE. GKE masters use > >> public IP, even though the traffic never leaves Google. We are looking at > >> how best o support true private GKE. > >> > >> On Jan 20, 2018 2:34 PM, "Tim Hockin" <thoc...@google.com> wrote: > >>> > >>> You should not need a public IP unless you access public things. Stuff > >>> like GCR (inside Google) will be ok. If you need to egress, you need a > >>> NAT > >>> (diy for now). > >>> > >>> On Jan 20, 2018 10:29 AM, "lvthillo" <lorenz.vanthi...@gmail.com> wrote: > >>>> > >>>> We want to start using Kubernetes on Google Cloud Platform. We want that > >>>> this Kubernetes (and all services, etc) are only accessible from inside > >>>> our > >>>> network. It's for development purposes so we don't need public access. > >>>> (But > >>>> we want internet access from inside our cluster, for example to download > >>>> dependencies in our Jenkins pod). > >>>> > >>>> We have some VPN service for users who are working remotely to connect > >>>> to our network. > >>>> Here I was reading about another solution to make the Kubernetes cluster > >>>> private: > >>>> https://engineering.bitnami.com/articles/creating-private-kubernetes-clusters-on-gke.html > >>>> > >>>> I'm searching for ideas/replies/opinions of people who have this > >>>> experience with it. > >>>> > >>>> -- > >>>> You received this message because you are subscribed to the Google > >>>> Groups "Kubernetes user discussion and Q&A" group. > >>>> To unsubscribe from this group and stop receiving emails from it, send > >>>> an email to kubernetes-users+unsubscr...@googlegroups.com. > >>>> To post to this group, send email to kubernetes-users@googlegroups.com. > >>>> Visit this group at https://groups.google.com/group/kubernetes-users. > >>>> For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> You received this message because you are subscribed to a topic in the > >> Google Groups "Kubernetes user discussion and Q&A" group. > >> To unsubscribe from this topic, visit > >> https://groups.google.com/d/topic/kubernetes-users/pkam7V4NPt8/unsubscribe. > >> To unsubscribe from this group and all its topics, send an email to > >> kubernetes-users+unsubscr...@googlegroups.com. > >> To post to this group, send email to kubernetes-users@googlegroups.com. > >> Visit this group at https://groups.google.com/group/kubernetes-users. > >> For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Kubernetes user discussion and Q&A" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to kubernetes-users+unsubscr...@googlegroups.com. > > To post to this group, send email to kubernetes-users@googlegroups.com. > > Visit this group at https://groups.google.com/group/kubernetes-users. > > For more options, visit https://groups.google.com/d/optout.
Private clusters should help here: https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
