Solved: Why I have external Network (Passthrough target-po...

Booman · 01-24-2024 10:16 AM

Hello,

I have a GKE cluster with a Gateway API. Everything works well. From the "Load balancing" page I can see my Gateway API load balancer but I also see 3 Network Passthrough tartget-pool. I don't know why I have these 3 NPTs. They are External (TCP Protocol). I don't want external access...

Marvin_Lucero

Hi @Booman ,

The 3 Network Pass-through target pools were created automatically for a reason. If you have created a service of type LoadBalancer, GKE automatically provisions Load Balancer to expose your service to the internet. When you create a service in GKE for internet access, GKE automatically sets up Load Balancer. This means it also creates rules for traffic and groups of targets called target pools. The number of target pools you see depends on things like how many nodes are in your cluster or how your services are set up.

The three Network Passthrough target pools you see are there because GKE's internal design uses them to make sure things work well and don't break. It's like having different teams to handle the workload smoothly.

To have a better understanding, you can check it's service type. If a service is set to LoadBalancer, it may create an external IP and associated Network Passthrough target pool. Additionally, look at your Ingress setup because it affects how the load balancing works. Make sure the Ingress isn't set up to create a load balancer with an external IP.

You can try the commands below to get more information about the load balancers:

# Get all load balancers in your project
gcloud compute forwarding-rules list

# Describe a specific forwarding rule (replace [FORWARDING_RULE_NAME])
gcloud compute forwarding-rules describe [FORWARDING_RULE_NAME]

Let me know if this helps.

View solution in original post

Marvin_Lucero

Hi @Booman ,

The 3 Network Pass-through target pools were created automatically for a reason. If you have created a service of type LoadBalancer, GKE automatically provisions Load Balancer to expose your service to the internet. When you create a service in GKE for internet access, GKE automatically sets up Load Balancer. This means it also creates rules for traffic and groups of targets called target pools. The number of target pools you see depends on things like how many nodes are in your cluster or how your services are set up.

The three Network Passthrough target pools you see are there because GKE's internal design uses them to make sure things work well and don't break. It's like having different teams to handle the workload smoothly.

To have a better understanding, you can check it's service type. If a service is set to LoadBalancer, it may create an external IP and associated Network Passthrough target pool. Additionally, look at your Ingress setup because it affects how the load balancing works. Make sure the Ingress isn't set up to create a load balancer with an external IP.

You can try the commands below to get more information about the load balancers:

# Get all load balancers in your project
gcloud compute forwarding-rules list

# Describe a specific forwarding rule (replace [FORWARDING_RULE_NAME])
gcloud compute forwarding-rules describe [FORWARDING_RULE_NAME]

Let me know if this helps.

Why I have external Network (Passthrough target-pool) ?