Re: [kubernetes-users] GKE Private cluster - accessing master

['Alan Grosskurth' via Kubernetes user discussion and Q&A]

Hi Vinita,

I believe the problem is that currently "gcloud container clusters
get-credentials" always writes the master's external IP address to
~/.kube/config. So kubectl always talks to that external IP address (via
the external IP address of the VM it's running on).

You should be able to modify ~/.kube/config on your VM to tell kubectl to
talk to the master's internal IP address.

First, find the endpoint resource containing the master's internal IP
address. For example:

    $ kubectl get endpoints kubernetes
    NAME         ENDPOINTS        AGE
    kubernetes   172.16.0.1:443   1d

Then open ~/.kube/config and find the section for your cluster. For example:

    apiVersion: v1
    clusters:
    - cluster:
        certificate-authority-data: REDACTED
        server: https://104.198.205.71
      name: gke_myproject_us-central1-c_mycluster

Replace the external address (https://104.198.205.71) with the internal
address (https://172.16.0.1). The kubectl command should now work, provided
Master Authorized Networks allows access from the VM's internal IP address.
Note that all of these IP addresses will be different depending on your
environment.

Let me know if this helps. I agree this isn't very straightforward---I'm
looking into potential ways this setup could be improved.

Thanks,

---Alan

On Tue, May 8, 2018 at 12:01 PM Vinita <vjo...@etouch.net> wrote:

> I have created a private cluster and VM in the same network. I added VM's
> internal IP in private cluster's master authorized network. From VM, after
> obtaining cluster credentials, I am not able to execute kubectl commands.
> However,  if I add VM's external IP to master authorized network I am able
> to execute kubectl commands. This behavior is not consistent with the
> documentation. Not sure if I am missing something here.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.