问题
We want to use an app engine flexible process to update our ElasticSearch index, which is on Google Kubernetes Engine. We need to connect to ElasticSearch via a http(s) address. What's the recommended way to do this? We don't want to expose the cluster to the external networks since we don't have authentication in front of it.
I've seen this SO post but both k8s and AE have changed a lot in the 2 years since the question/answer.
Thanks for your help!
回答1:
The post you linked to was about App Engine Standard. App Engine Flex is built on top of the same Google Cloud networking that is used by Google Compute Engine virtual machines and Google Kubernetes Engine clusters. As long as you put the App Engine flex application into the same VPC as the Google Kubernetes Engine cluster you should be able to communicate between them using internal networking.
On the other hand, to expose a Kubernetes service to anything running outside of the cluster will require you to modify the service for Elastic search because by default Kubernetes services are only reachable from inside of the cluster (due to the way that the service IPs are allocated and reached via IPTables magic). You need to "expose" the service, but rather than exposing it to the internet via an external load balancer, you expose it to the VPC using an internal load balancer. See https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing.
回答2:
in addition to Robert's answer, make sure that app engine and GKE are in the same region, because Internal load balancers are not usable from other region.
check this https://issuetracker.google.com/issues/111021512
来源:https://stackoverflow.com/questions/51198865/connect-to-kubernetes-engine-from-app-engine