I would like to expose the GKE apiserver private endpoint to my on-premise network, which is connected to VPC through a VPN tunnel.
The VPC network was created with custom mode (not auto mode) to allow custom routes.
There is a custom static route defined in VPC to reach my on-premise network.
GKE created an automatic VPC peering between my VPC and the GKE master nodes VPC on private cluster creation.
But when I enable custom routes export in 'Exchange custom routes' setting in VPC peering, I get 'rejected by peer configuration' for all of them: Routes_rejected_pic
This is done in accordance with this part of docs: Setting up a private cluster section 'Routing between on-premises/cluster VPC and cluster master '.
Any idea what might be wrong?
The only thing I could find is the part of docs the explains routing: https://cloud.google.com/vpc/docs/routes
and there's a note there: "don't use destinations that fall into the 10.128.0.0/9 CIDR block because that block defines the current and future address space for subnet routes"
but I tried the same with addresses outside of this CIDR block with the same outcome.
I would appreciate any help.
