This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GKE VPC Networking.

Posted on 10-10-2023 11:58 AM
ishanC
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

I have a Nodeport service in GKE which is assigned a secondary ip subnet range for it's endpoint. I have on-premise connectivity via VPN to only the primary ip subnet range of the VPC. How can my on-premise servers reach this Nodeport service ? I was thinking about reserving a static internal IP address from the primary ip subnet range of the VPC, but how do I establish the routing such that any traffic coming to that reserved IP over a certain port(not http or https) is directed to this nodeport service and vice versa ? Or is there an alternative obvious solution to this which I am missing ?

Solved Solved
0 2 670
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
garisingh
Staff
Reply posted on --/--/---- --:-- AM

Services of type NodePort are available from outside the cluster by connecting the the configured port using the IP of any node in the cluster (NodePort services are also given a ClusterIP as well which does come from the services secondary range and is not routable outside the cluster).  The IPs of nodes do come from the primary range.  The one issue is that the IPs for nodes are ephemeral, so you'd need to somehow maintain a list of current node IPs to connect directly from on-prem to any of the node IPs.

The typical options here would be to create a Service of type LoadBalancer and use the internal load balancer.  You could also consider using headless service as well depending on the capabilities of your on-prem clients.

 

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
garisingh
Staff
Reply posted on --/--/---- --:-- AM

Services of type NodePort are available from outside the cluster by connecting the the configured port using the IP of any node in the cluster (NodePort services are also given a ClusterIP as well which does come from the services secondary range and is not routable outside the cluster).  The IPs of nodes do come from the primary range.  The one issue is that the IPs for nodes are ephemeral, so you'd need to somehow maintain a list of current node IPs to connect directly from on-prem to any of the node IPs.

The typical options here would be to create a Service of type LoadBalancer and use the internal load balancer.  You could also consider using headless service as well depending on the capabilities of your on-prem clients.

 

Jump to Solution

Posted on --/--/---- --:-- AM
ishanC
Bronze 3
Bronze 3
In response to garisingh
Reply posted on --/--/---- --:-- AM

Thanks you pointed me in the right direction with the links.

Jump to Solution
0 Likes
Top Labels in this Space
Top Solution Authors
View all