GKE VPC本机群集和与Cloud SQL的连接 [英] GKE VPC Native Cluster and Connectivity to Cloud SQL

问题描述

什么是"VPC本机"?在GKE集群中?

是否禁用了VPC本机的GKE群集"?限制通过私有IP连接到Cloud SQL?我们有一个GKE集群，其"VPC本机"为"VPC本机".被禁用，我们将GKE集群列入了云sql的白名单，甚至发布了连接失败的消息.

此外，从私有GKE群集连接云sql的推荐方法是什么?假设我们有一个要从AWS迁移到GKE的应用程序，我们不想构建云代理.

解决方案

GKE中的VPC Native更改了建立路由的方式来处理节点之间的pod流量.

实际上，如果您比较两个群集，一个使用VPC原生群集，另一个使用传统方法(现在被莫名其妙地称为高级路由")，您会发现它们从内部到命令行几乎完全相同在启动时传递给kubelet，kube-dns和kube-proxy的参数.因此，除非您做的事情比我撰写本文时所能想象的要陌生，否则您不会中断将工作负载切换到本地VPC集群的任何事情.

参见此文章查找更多详细信息.

从私有GKE群集连接云sql的推荐方法是什么?

通过文档:

即使使用私有IP， Cloud SQL代理也是推荐的连接Cloud SQL的方法.这是因为代理使用IAM提供了强大的加密和身份验证，可以帮助确保数据库的安全.

即使您要创建一个出色的sql代理，也要从文档中重新提出.在这里，您可以找到有关CloudSQL连接的更多详细信息.>

如本文档中所述，您需要将GKE群集和CLoudSQL放在同一网络中.

要使用专用IP进行连接，GKE群集必须是VPC本地的，并且与Cloud SQL实例在相同的VPC网络中.

What is "VPC Native" in GKE cluster?

Does "VPC Native disabled GKE cluster" restrict connecting to Cloud SQL via Private IP? We have a GKE cluster whose "VPC Native" is disabled and we have whitelisted GKE cluster in cloud sql, even post that connectivity fails.

Also, what is the recommended way to connect cloud sql from private GKE cluster? Suppose we have an application which we are migrating from AWS to GKE, we don't want to build cloud proxy.

解决方案

The VPC Native in GKE changes the way routes are established to handle pod traffic between nodes.

In fact if you compare two clusters, one using VPC-native and the other using the legacy approach, now inexplicably called "advanced routing," you’ll find they’re pretty much identical from the inside down to the command line arguments passed to the kubelet, kube-dns and kube-proxy on startup. So you’re not going to break anything switching your workloads to a VPC-native cluster, unless you’re doing something stranger than I can currently imagine as I write this.

See this article to find more details.

what is the recommended way to connect cloud sql from private GKE cluster?

By documentation:

The Cloud SQL Proxy is the recommended way to connect to Cloud SQL, even when using private IP. This is because the proxy provides strong encryption and authentication using IAM, which can help keep your database secure.

Even you want to create a sloud sql proxy, it is the recomentation from documentation. Here you can find more details about CloudSQL connections.

As mentioned in this documentation, you need to have your GKE cluster and CLoudSQL in the same network.

For connecting using private IP, the GKE cluster must be VPC-native and in the same VPC network as the Cloud SQL instance.

这篇关于GKE VPC本机群集和与Cloud SQL的连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！