如何使GKE群集使用专用IP或网络进行通信? [英] How to make GKE clusters communicate using private IPs or networks?
问题描述
有什么方法可以使GKE群集(在同一网络中)使用内部IP地址相互通信吗?
Is there any way to make GKE clusters (in the same network) talk to each other using internal IP addresses?
我知道GKE内部负载平衡器只能处理来自同一网络和同一区域的流量.而且我发现此实现非常奇怪.
I know GKE internal load balancers can handle traffic only from the same network and the same region. And I find this implementation very strange.
我知道Pod IP是可路由的,但它们不是静态的,可以随时更改.另外,我知道外部负载均衡器中有一个loadBalancerSourceRanges配置选项,通过该选项我可以只允许我想要的子网,但是如果我想让每个通信都使用内部而不使用公共IP怎么办?
I understand pod IPs are routable but they are not static and can change anytime. Also, I know there is loadBalancerSourceRanges configuration option in external load balancers using which I can allow only the subnets I want but what if I want to keep every communication using internal and not using a public IP?
有什么办法可以实现我正在尝试的目标吗?喜欢配置防火墙规则还是其他?或在创建VPC网络或其他操作时选择全局路由模式"?
Is there any way to achieve what I am trying? Like configuring the Firewall Rules or anything else? or "Global routing mode" while creating the VPC network or anything?
推荐答案
如果您在2个不同的区域中有2个集群,并且希望它们使用内部IP进行通信,那么最好的选择是使用集群中的nodePort服务来公开您的pods,然后将VM实例配置为充当代理簇.
If you have 2 clusters in 2 different regions and you want them to communicate using internal IPs, your best option is to use nodePort service in the clusters to expose your pods and then configure a VM instance to act as a proxy for each cluster.
这与将LoadBalancer服务用作内部负载均衡器具有相同的效果,但是它具有可在多个区域工作的优势.它还允许同一个负载均衡器处理对所有服务的请求.
This will have the same effect as using the LoadBalancer service as an internal Load Balancer but it has the benefit that it will work across multiple regions. It also allows the same Load Balancer to handle requests for all your services.
您需要注意的一件事是使代理实例过载.根据请求的数量,您可能需要为集群配置多个代理实例,每个代理实例仅提供少量服务.
The one thing you need to be careful of is overloading the proxy instance. Depending on the number of requests, you may need to configure multiple proxy instances for the cluster, each one only handline a handful of services.
这篇关于如何使GKE群集使用专用IP或网络进行通信?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
