从GCP上的实例访问Kubernetes Pod

Question

Given:

• VPN instance. This instance runs on internal IP 10.6.240.3
• Kubernetes POD running on internal IP 10.6.240.4

Question: Why is it not possible to ping / curl / access the POD ip from the VPN instance?

What I need to archieve is to connect to the POD ip from inside my local network through the VPN tunnel.

What am I doing wrong?

EDIT: Same applies to NodePorts:

@vpn-gateway:~$ curl -vvv 10.7.244.149:666
* Rebuilt URL to: 10.7.244.149:666/
*   Trying 10.7.244.149...
* TCP_NODELAY set

The VPN gateway cannot access the NodePort

EDIT2: Service configuration:

apiVersion: v1
kind: Service
metadata:
  labels:
    app: scs-ui
  name: scs-ui
spec:
  clusterIP: None
  ports:
  - name: application
    port: 666
  selector:
    app: scs-ui

Answer 1

Just found an solution:

Create a LB in the address range of the VPN / Kubernetes. This way the request is routed through the VPN into the service from my local mashine.

apiVersion: v1
kind: Service
metadata:
  name: elassandra-ingress
  annotations:
    cloud.google.com/load-balancer-type: "Internal"
  labels:
    app: elassandra-ingress
spec:
  type: LoadBalancer
  loadBalancerIP: 10.164.0.100
  ports:
  - port: 9042
    protocol: TCP
  selector:
    app: elassandra

Answer 2

if you have not exposed your pod to the internet using any one of service like Nodeport, Load balancer and clusterIp they your pod cannot be accessible outside the kubernetes cluster any how.

Question: Why is it not possible to ping / curl / access the POD ip from the VPN instance?

Answer : without exposing pod outside the world you can not ping pod you can do it in kubernetes cluster network or inside cluster only your pod can be resolved, ping possible

To acces your pod from local network simply expose port of pod on expose it using load balancer. Nodeport and loadbalancer work with k8s service.

using service expose pod and you can ping and do everything.