我可以在专用GCP网络子网中启动Google容器引擎(GKE)吗? [英] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

问题描述

我正在尝试在专用GCP网络子网中启动Google容器引擎(GKE).

I'm trying to launch Google Container Engine (GKE) in Private GCP network Subnet.

我创建了自定义Google Cloud VPC，然后在该VPC下也创建了自定义专用网络访问子网.

I have created custom Google Cloud VPC, then I have created custom Private Network Access Subnet too under that VPC.

1)当我用私有子网创建GKE集群时，仍然为我的Kubernetes节点分配了公共IP.为什么会这样呢?根据Google Document的私有实例，应该获得私有IP.

1) When I create GKE cluster with Private Subnet, still my Kubernetes nodes assigned with Public IP. Why it is so ? As per Google Document private instance should get Private IP.

2)如果我在私有环境中创建集群，我可以将我的容器应用程序连接到Google SQL实例吗?

2) If I create cluster in Private, can I connect my container application to Google SQL instance ?

3)是否有任何启动GKE群集的建议应仅在公共子网中启动，而不应在私有子网中启动?

3) Is any recommendation to launch GKE cluster should launched in Public Subnet only, not in Private Subnet ?

推荐答案

具有大量的R& D和来自论坛的一些回复.

GKE应该允许您在网络中创建一个群集，该群集具有到Internet的默认路由 .我们可以在专用子网中启动群集，但是该GKE群集实例将仅被视为公共子网.

GKE should allow you to create a cluster in a Network that does have a default route to internet. We can launch a cluster in private subnet but that GKE cluster instance will treat as Public Subnet only.

由于GKE目前仅依靠公共IP来访问托管主服务器.

As GKE relies on public IPs to access the hosted master, for now.

考虑到GKE群集的安全性，我们可以拒绝防火墙中的所有端口通过Internet访问群集.

Security aspects considering of GKE cluster, we can deny all ports in firewall to access Cluster through internet.

这篇关于我可以在专用GCP网络子网中启动Google容器引擎(GKE)吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！