Reputation: 21
How to allow GKE internal Pod to communicate through VPN to an internal IP in another VPC?
I have a GKE cluster (private one) with a NAT that I need to put in networking with a legacy VPC (in another GCP project).
I built a classic VPN between Project B (new) and Project A (old): all VM can talk to each other (nc -vz is my friend).
The GKE cluster inside Project B can talk with internal IP to all VMs on Project B. I need to have some pods in this GKE able to talk to the private IP on the VPN inside the Project A.
We tried this how to but it's still not working.
If you have an idea that works in my case I will buy you a beer ;) (location : Le Havre, Lille or Paris)
Upvotes: 2
Views: 647
Answers (1)
Reputation: 1102
There is an option in GCP called “Shared VPC”, that in summary, allows the multiple projects’ interconnection within an organization, using a common Virtual Private Cloud. As it is specified in GCP’s documentation, an organization policy applies to all projects in the organization, so you need to follow these steps just once to restrict lien removal Organization policies for Shared VPC. Then you need to follow these steps to provision the Shared VPC:
-Go to the Shared VPC page in the Google Cloud Console.
-Log in as a Shared VPC Admin.
-Select the project you want to enable as a Shared VPC host project from the project picker.
-Click Set up Shared VPC.
-On the next page, click Save & continue under Enable host project.
-Under Select subnets, do one of the following:
a)Click Share all subnets (project-level permissions) if you need to share all current and future subnets in the VPC networks of the host project with service projects and Service Project Admins specified in the next steps.
b)Click Individual subnets (subnet-level permissions) if you need to selectively share subnets from the VPC networks of the host project with service projects and Service Project Admins. Then, select Subnets to share.
-Click Continue.
-The next screen is displayed.
-In Project names, specify the service projects to attach to the host project. Note that attaching service projects does not define any Service Project Admins; that is done in the next step.
-In the Select users by role section, add Service Project Admins. These users will be granted the IAM role of compute.networkUser for the shared subnets. Only Service Project Admins can create resources in the subnets of the Shared VPC host project.
-Click Save.
In the following URLs you are going to find some GCP’s official information such as a Shared VPC Overview Shared VPC overview and all the process in detail to set a new Shared VPC up Setting up Shared VPC.
Upvotes: 0
Related Questions
- Howto route traffic to GKE private master from another VPC network
- Accessing a private GKE cluster via Cloud VPN
- Connecting GCP Kubernetes in private vpc and NAT
- Egress traffic from GKE Pod through VPN
- How do i make my Pods in Kubernetes Cluster (GKE) to use the Node's IP Address to communicate to the VMs outside the cluster
- GKE: configure service to be accessible from the same VPC
- Setting up internal service on GKE without external IP
- Connecting from K8S pod in GKE to a VM internal IP on Google Cloud Platform
- Access to Kubernetes Pods from instance on GCP
- GKE Pod Connect to external VM in same subnet