Skip to first unread message
lvthillo
Jan 20, 2018, 1:29:24 PM1/20/18
to Kubernetes user discussion and Q&A
We want to start using Kubernetes on Google Cloud Platform. We want that this Kubernetes (and all services, etc) are only accessible from inside our network. It's for development purposes so we don't need public access. (But we want internet access from inside our cluster, for example to download dependencies in our Jenkins pod).
We have some VPN service for users who are working remotely to connect to our network.
Here I was reading about another solution to make the Kubernetes cluster private: https://engineering.bitnami.com/articles/creating-private-kubernetes-clusters-on-gke.html
I'm searching for ideas/replies/opinions of people who have this experience with it.
We have some VPN service for users who are working remotely to connect to our network.
Here I was reading about another solution to make the Kubernetes cluster private: https://engineering.bitnami.com/articles/creating-private-kubernetes-clusters-on-gke.html
I'm searching for ideas/replies/opinions of people who have this experience with it.
Tim Hockin
Jan 20, 2018, 5:34:23 PM1/20/18
to Kubernetes user discussion and Q&A
You should not need a public IP unless you access public things. Stuff like GCR (inside Google) will be ok. If you need to egress, you need a NAT (diy for now).
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscribe@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
Tim Hockin
Jan 20, 2018, 5:36:21 PM1/20/18
to Kubernetes user discussion and Q&A
Important - this is for kubernetes on GCE, not for GKE. GKE masters use public IP, even though the traffic never leaves Google. We are looking at how best o support true private GKE.
Lorenz Vanthillo
Jan 21, 2018, 11:39:45 AM1/21/18
to kubernet...@googlegroups.com
Thanks for your reply. Now I want to use GKE to create my Kubernetes cluster, so my master IP will be public. I read something here (https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks) about how we can secure this.
For our cluster we disabled the GKE Ingress Controller, since that would create public HTTP(S) load balancers for us when creating Ingress resources. (like in the tutorial).
We are now just creating deployments (pods, rs, ..), with services of the type ClusterIP. Those services will only be accessible from inside our cluster.
Now we are searching for a good way to connect to this cluster. We were thinking about a VPN connection which will offer us an IP from inside this cluster. So we can access the services inside our browser etc. (it will look public for us, but it's private).
Is there a way documentated on how we can set this up?
You received this message because you are subscribed to a topic in the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kubernetes-users/pkam7V4NPt8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kubernetes-users+unsubscribe@googlegroups.com.
Tim Hockin
Jan 22, 2018, 2:42:16 PM1/22/18
to Kubernetes user discussion and Q&A
VPN is the normal answer - you are extending your private space into the cloud.
>>>> an email to kubernetes-use...@googlegroups.com.
>>>> To post to this group, send email to kubernet...@googlegroups.com.
>> To post to this group, send email to kubernet...@googlegroups.com.
> To post to this group, send email to kubernet...@googlegroups.com.
>>>> To post to this group, send email to kubernet...@googlegroups.com.
>>>> Visit this group at https://groups.google.com/group/kubernetes-users.
>>>> For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/kubernetes-users/pkam7V4NPt8/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> kubernetes-use...@googlegroups.com.
>>>> For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/kubernetes-users/pkam7V4NPt8/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> To post to this group, send email to kubernet...@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-use...@googlegroups.com.
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> To post to this group, send email to kubernet...@googlegroups.com.
manjo...@gmail.com
Mar 26, 2018, 7:59:07 PM3/26/18
to Kubernetes user discussion and Q&A
Private clusters should help here:
https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html
Reply all
Reply to author
Forward
0 new messages