kubernetes - How to connect to a GKE service from GCE using internal IPs

Question

I have an Nginx service deployed in GKE with a NodePort exposed and i want to connect it from my Compute Engine instances through internal IP address only. When i try to connect to the Nginx with the cluster IP i only receive Timeout.

I think that clusterIP is only reachable inside a cluster but when i activated the NodePort might be works.

I am not know well the difference between NodePort and ClusterIP.

question from:https://stackoverflow.com/questions/66046673/how-to-connect-to-a-gke-service-from-gce-using-internal-ips

Answer 1

Background

You can expose your application outside cluster using NodePort or LoadBalancer. ClusterIP allows connection only inside the cluster and it's default Service type.

• ClusterIP:

Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType

• NodePort:

Exposes the Service on each Node's IP at a static port (the NodePort). A ClusterIP Service, to which the NodePort Service routes, is automatically created. You'll be able to contact the NodePort Service, from outside the cluster, by requesting :.

• LoadBalancer

Exposes the Service externally using a cloud provider's load balancer. NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created.

In short, when you are using NodePort you need to use NodePublicIP:NodePort. When you are using LoadBalancer it will create Network LB with ExternalIP.

In your GKE cluster you have something called VPC - Virtual Private Cloud which provides networking for your cloud-based resources and services that is global, scalable, and flexible.

Solution

Using VPC-Native CLuster Wit VPC-native clusters you'll be able to reach to Pod's IPs directly. You will need to create subnet in order to do it. Full guide can be found here

Using VPC Peering If you would like to connect from 2 different projects in GKE, you will need to use VPC Peering.

Access from outside the cluster using NodePort

If you would like to reach your nginx service from outside you can use NodeIP:NodePort. NodeExternalIP (keep in mind that this node must have application pod on it. If you have 3 nodes and only 1 application replica, you must use NodeExternalIP where this pod was deployed. Another node, you need to allow NodePort access on Firewall.

$ kubectl get nodes -o wide
NAME                                       STATUS   ROLES    AGE     VERSION             INTERNAL-IP   EXTERNAL-IP     OS-IMAGE                             KERNEL-VERSION   CONTAINER-RUNTIME
gke-cluster-1-default-pool-faec7b51-n5hm   Ready    <none>   3h23m   v1.17.14-gke.1600   10.128.0.26   23.236.50.249   Container-Optimized OS from Google   4.19.150+        docker://19.3.6

$ kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
nginx        NodePort    10.8.9.10    <none>        80:30785/TCP   39m

$ curl 23.236.50.249:30785
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>