Reputation: 355
Can we open port to allow traffic from GKE master?
GKE master runs in HA mode and the VM is not visible in VM instances page either. Is it possible to allow traffic on GKE master by opening more ports except 443 which already open for k8s API.
Upvotes: 3
Views: 1577
Answers (1)
Reputation: 3962
GKE is a managed cluster and you cannot perform modifications on master nodes. The control planes is not visible in VM instances and all interactions must be made using kubectl.
The master is the unified endpoint for your cluster. All interactions with the cluster are done via Kubernetes API calls, and the master runs the Kubernetes API Server process to handle those requests. You can make Kubernetes API calls directly via HTTP/gRPC, or indirectly, by running commands from the Kubernetes command-line client (kubectl) or interacting with the UI in the Cloud Console.
In fact, I can't see a reason to change firewall rules in the control planes, since all your workload, including services and ingress will runs in the node pools.
References:
https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture
Upvotes: 3
Related Questions
- GKE master node
- Expose TCP/UDP port externally with ingess/egress through the same IP
- Access a Node Port Service in a private GKE Cluster from another GKE private cluster
- Port-forwarding for the pod in GKE private cluster with NO global control plane access
- Connecting GKE Kube Master with ssh
- GKE NodePort service refusing incoming traffic
- Kubernetes on Google Cloud - Access pod port without port-forwarding
- Setting up internal service on GKE without external IP
- No access to Google private cluster via master authorized networks
- Access NodePort through PortForward from the kubernetes master