Solved: Re: Accessing control plane via private endpoint ...

leonids2005 · 08-06-2024 07:40 AM

We have two private clusters in the same region with peered VPCs. We want to access the control plane of a remote cluster via a private endpoint from a "local" service. Tried different options including Cloud VPN but nothing works. Here is the connectivity test. Any advice here? Are we doing something wrong it is not supported and stated in connectivity tests results.

leonids2005

Here is the answer 😞

Endpoints that access a published service have the following limitations:

You can't create an endpoint in the same VPC network as the published service that you are accessing.
Endpoints are not accessible from peered VPC networks.
Packet Mirroring can't mirror packets for Private Service Connect published services traffic.
Not all static routes with load balancer next hops are supported with Private Service Connect. For more information, see Static routes with load balancer next hops.
Connectivity Tests can't test connectivity between an IPv6 endpoint and a published service.

After removing peering and setting up Cloud VPN - we were able to access the private endpoint

View solution in original post

leonids2005

Here is the answer 😞

Endpoints that access a published service have the following limitations:

You can't create an endpoint in the same VPC network as the published service that you are accessing.
Endpoints are not accessible from peered VPC networks.
Packet Mirroring can't mirror packets for Private Service Connect published services traffic.
Not all static routes with load balancer next hops are supported with Private Service Connect. For more information, see Static routes with load balancer next hops.
Connectivity Tests can't test connectivity between an IPv6 endpoint and a published service.

After removing peering and setting up Cloud VPN - we were able to access the private endpoint

Accessing control plane via private endpoint from remote GKE cluster