0

When I try to reach a private Kubernetes master using a Master Authorized VM from a different VPC, where Terraform configs are executed, I am unable to reach it and Terraform errors out to create a Kubernetes secrets.

Error: dial tcp (master-public-or-private-endpoint):443: i/o timeout
prabhu34
  • 67
  • 11

1 Answers1

0

Google Cloud VPCs are configured with private IP addresses (RFC 1918). This means that VPCs cannot talk to each other using private IP addresses. RFC 1918 addresses are not routable outside the VPC.

You have a few solutions:

  • Using a public IP addresses for Kubernetes. However, that defeats the purpose of setting your cluster private.
  • Setup VPC Network Peering. This will connect the two VPCs together. The two VPCs cannot use overlapping CIDR ranges.
  • Setup a VPN server on GCE in one VPC and connect to the VPN server from the GCE instance in the other VPC.
  • Setup Google Cloud VPN.
John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • Thanks John! It sums up. I went ahead with #1, by enabling public endpoint for private cluster. I am able to reach through Master Authorized Network alone. But ended up with "kubernetes_secret.create-secret: secrets is forbidden: User "system:anonymous" cannot create secrets in the namespace "default"". Any help on this? – prabhu34 Dec 06 '18 at 04:46
  • Create a new question for Kubernetes Secrets. – John Hanley Dec 06 '18 at 04:48