3

I wanna Google Container Engine to host some containers for development environment, and my office connects via VPN.

Question:

  1. Is the IP of the Pod visible to me? or only Node is visible to me?
  2. The SkyDNS maintained by kubernetes which is available for pod, is that available to me?

Suppose I have a "headless" service created. I can access that via VPN?

{
  "kind": "Service",
  "apiVersion": "v1",
  "metadata": {
    "name": "redis-stage-1"
  },
  "spec": {
    "ports": [{
      "port": 36379,
      "targetPort": 36379
    }],
    "selector": {
      "name": "redis-stage-1"
    }
  }
}
beatcracker
  • 6,714
  • 1
  • 18
  • 41
Mr.Wang from Next Door
  • 13,670
  • 12
  • 64
  • 97

1 Answers1

1

  1. The IPs of Pods and Services are selected from the cluster CIDR range for your cluster:

    gcloud container clusters describe my-cluster | grep clusterIpv4Cidr

    If you configure your VPN (and probably also configure your GCP network) to forward traffic between your network and your GKE cluster, you should be able to access those IPs.

  2. Once you've configured your VPN to communicate with your cluster, you can add the SkyDNS server to your resolv.conf as a secondary DNS server for access to your cluster services. For a headless service, the DNS lookup to SkyDNS should resolve to a Pod IP, which should be able to get over your VPN to your cluster.

Community
  • 1
  • 1
CJ Cullen
  • 5,452
  • 1
  • 26
  • 34
  • My cluster pods need to connect out side my network to external DB's, i can make sure that all the traffic request goes throw single static IP range that will be approved by the external DB's owners and be able to scale? – Aviv Noy Jan 18 '17 at 22:15