从私有集群Pod到另一个私有集群主服务器的连接 [英] Connection from private cluster pods to another private clusters master

问题描述

是否可以在一个私有集群的pod与分离区域中的另一个私有集群主服务器之间建立连接? 仅通过将Pod和节点ip范围添加到其他主授权网络中就不能解决问题.

Is it possible to establish a connection between the pods of a private cluster to another private clusters master in separated regions? Just by adding the pod and node ip range to the other master authorized networks did not do the trick.

推荐答案

这不起作用.专用主端点是一个区域资源(本质上是一个内部负载均衡器，它是一个区域资源). 由于这两个集群都是私有集群，因此它们将无法使用外部端点进行通信，并且跨区域请求也将无法正常工作.

This won't work. The private master endpoint is a regional resource (essentially an internal Load Balancer which is a regional resource). Since both clusters are private, they won't be able to communicate using external endpoints and cross region requests won't work.

您有2个选择:

1. 设置可以转发请求的代理

1. Set up a proxy that can forward the requests

使用公共端点并配置nat(云nat或非托管nat).使用主授权网络保护公共端点，以确保只有授权IP才能访问k8s API

use public endpoints and configure a nat (Cloud nat or a unmanaged nat). Secure the public endpoint using Master Authorized Networks to ensure that only authorized IPs are able to access the k8s API

这篇关于从私有集群Pod到另一个私有集群主服务器的连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！