Is it possible to establish a connection between the pods of a private cluster to another private clusters master in separated regions? Just by adding the pod and node ip range to the other master authorized networks did not do the trick.
Asked
Active
Viewed 1,152 times
1
-
Why not to use ingress? – stop-cran Jul 01 '19 at 06:48
-
@stop-cran I edited the question due to your comment. The clusters are in separate regions so I can not use internal load balancers from google because they are region bound. And a public IP address is not suitable at all because one of the clusters is a vault installation. – Jan Schumacher Jul 01 '19 at 07:21
2 Answers
2
This won't work. The private master endpoint is a regional resource (essentially an internal Load Balancer which is a regional resource). Since both clusters are private, they won't be able to communicate using external endpoints and cross region requests won't work.
You have 2 options:
Set up a proxy that can forward the requests
use public endpoints and configure a nat (Cloud nat or a unmanaged nat). Secure the public endpoint using Master Authorized Networks to ensure that only authorized IPs are able to access the k8s API
Patrick W
- 4,603
- 1
- 12
- 26
