GKE Pod连接到同一子网中的外部VM [英] GKE Pod Connect to external VM in same subnet

问题描述

我有一个Pod，该Pod需要连接到GCE Vm上的数据库，该数据库具有与GKE节点相同的子网.我目前有一个Pod成功连接到的k8服务和k8端点，但无法路由10.128.0.2.我确定这与GCP防火墙规则/路由有关，但是我运气不高.

I Have a pod that needs to connect to a Database located on GCE Vm's with the same subnet as the GKE nodes. I currently have a k8 Service and k8 Endpoint that the pod successfully connects to but the 10.128.0.2 cannot be routed. Im sure this pertains to a GCP firewall rule/route but I havn't had much luck.

子网-> 10.128.0.0/9

subnet -> 10.128.0.0/9

cbr0-> 10.8.15.0/20

cbr0 -> 10.8.15.0/20

eth0-> 10.128.0.1

eth0 -> 10.128.0.1

k8服务-> 10.11.224/14

k8 services -> 10.11.224/14

主版本:1.9.7-gke.3

Master Version: 1.9.7-gke.3

kind: Endpoints
apiVersion: v1
metadata:
  name: externalDB
  namespace: default
 subsets:
  - addresses:
      - ip: 10.128.0.2 
    ports:
      - port: 7199 
        name: interface

"

推荐答案

目前，服务和端点不可路由.但是，广告连播的说明如本文所述.如@cohenjo所述，您应该直接从pod进行连接.

At this point in time, services and endpoints are not routable; however pods are as explained in this article. As @cohenjo mentioned, you should directly connect from the pod.

我认为此问题是由于本文.您可以按照文章中提供的步骤进行操作，以允许从GKE群集到网络上的所有VM实例进行通信，或者将节点上分配的网络标签附加到您希望Pod与之通信的VM实例.

I believe that this issue is due to a firewall change on Clusters that are running 1.9.x as described in this article. You can follow the steps provided in the article to allow communication from the GKE cluster to all VM instances on the network or attach the network tag assigned on the node to the VM instance you would like the pod to communicate with.

这篇关于GKE Pod连接到同一子网中的外部VM的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！