Hi, I am trying to use private cluster. I am able to create private cluster but kubectl commands are not working. I am seeing connection time out error as below -
kubectl run nginx --image=nginx --replicas=2error: failed to discover supported resources: Get https://104.154.200.217/api: dial tcp 104.154.200.217:443: i/o timeout Am I missing something. I am seeing this issue in my SDK as well as Cloud shell.Thanks On Monday, March 26, 2018 at 1:31:46 PM UTC-7, manjo...@google.com wrote: > > On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote: > > NB there are two issues here: > > > > 1) how to run a cluster where the VMs have no public IP, and the node > > <-> master comms are private IP. > > > > 2) how to run a cluster with long-term-stable egress IPs. > > > > They are not the same issue, despite being related :) > > > > Tim > > > > > > On Wed, Mar 7, 2018 at 2:27 AM, <adit...@media.net <javascript:>> > wrote: > > > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote: > > >> On Fri, Oct 13, 2017 at 3:17 AM, <dbg...@gmail.com <javascript:>> > wrote: > > >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote: > > >> >> Private Google Access is not a private subnet. That simply allows > your VMs to access google service without a public IP. You still have to > make VMs without a public IP, which GKE does not support yet. > > >> > > > >> > Are there any near plan to have GKE working in Private network ? I > don't want to expose my containers to public IPs > > >> > > >> We are evaluating how best to support this. In the mean time, it's > > >> important to note that none of your containers are exposed by default, > > >> they do not have external IPs, and with the exception of the nodes' > > >> SSH port, all the default GCP firewalls default to "closed". The only > > >> "public" traffic required is GKE masters <-> nodes, and that is only > > >> "public" in name. The traffic stays withing Google's network. > > >> > > >> Tim > > > > > > I would like to give this thread a bump and love to know if there is > any update. > > > It is not uncommon to allow access to a service by whitelisting the > public ip. Each kubernetes node having its own public ip makes a mess. > Right now, only solution seems to be running a NAT instance[1]. GCP doesn't > provide NAT gateway as service either, so one would have to deal with > scaling and high availability themselves. > > > > > > > > > [1] > https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine > > > > > > -- > > > You received this message because you are subscribed to the Google > Groups "Kubernetes user discussion and Q&A" group. > > > To unsubscribe from this group and stop receiving emails from it, send > an email to kubernetes-use...@googlegroups.com <javascript:>. > > > To post to this group, send email to kubernet...@googlegroups.com > <javascript:>. > > > Visit this group at https://groups.google.com/group/kubernetes-users. > > > For more options, visit https://groups.google.com/d/optout. > > Hi, > > GKE now supports private clusters :-) > > https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html > > Hope that helps! > > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.