Google Container Engine and VPN

问题

I wanna Google Container Engine to host some containers for development environment, and my office connects via VPN.

Question:

Is the IP of the Pod visible to me? or only Node is visible to me?
The SkyDNS maintained by kubernetes which is available for pod, is that available to me?

Suppose I have a "headless" service created. I can access that via VPN?

{
  "kind": "Service",
  "apiVersion": "v1",
  "metadata": {
    "name": "redis-stage-1"
  },
  "spec": {
    "ports": [{
      "port": 36379,
      "targetPort": 36379
    }],
    "selector": {
      "name": "redis-stage-1"
    }
  }
}

回答1:

The IPs of Pods and Services are selected from the cluster CIDR range for your cluster:
```
gcloud container clusters describe my-cluster | grep clusterIpv4Cidr
```
If you configure your VPN (and probably also configure your GCP network) to forward traffic between your network and your GKE cluster, you should be able to access those IPs.
Once you've configured your VPN to communicate with your cluster, you can add the SkyDNS server to your resolv.conf as a secondary DNS server for access to your cluster services. For a headless service, the DNS lookup to SkyDNS should resolve to a Pod IP, which should be able to get over your VPN to your cluster.

来源：https://stackoverflow.com/questions/35738500/google-container-engine-and-vpn

标签

google-kubernetes-engine

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!