GKE VPC 原生集群和云连接 SQL
[英]GKE VPC Native Cluster and Connectivity to Cloud SQL
问题描述
What is "VPC Native" in GKE cluster? 
GKE集群中的“VPC Native”是什么?
Does "VPC Native disabled GKE cluster" restrict connecting to Cloud SQL via Private IP? “VPC Native disabled GKE cluster”是否限制通过 Private IP 连接到 Cloud SQL? We have a GKE cluster whose "VPC Native" is disabled and we have whitelisted GKE cluster in cloud sql, even post that connectivity fails.我们有一个 GKE 集群,其“VPC Native”被禁用,我们在云 sql 中将 GKE 集群列入白名单,即使连接失败。
Also, what is the recommended way to connect cloud sql from private GKE cluster?另外,从私有 GKE 集群连接云 sql 的推荐方法是什么? Suppose we have an application which we are migrating from AWS to GKE, we don't want to build cloud proxy.假设我们有一个要从 AWS 迁移到 GKE 的应用程序,我们不想构建云代理。
2 个解决方案
解决方案1
1 2020-07-21 06:16:06
The VPC Native in GKE changes the way routes are established to handle pod traffic between nodes. GKE 中的 VPC Native 改变了建立路由的方式来处理节点之间的 Pod 流量。
In fact if you compare two clusters, one using VPC-native and the other using the legacy approach, now inexplicably called “advanced routing,” you'll find they're pretty much identical from the inside down to the command line arguments passed to the kubelet, kube-dns and kube-proxy on startup.
See this article to find more details.请参阅本文以了解更多详细信息。
what is the recommended way to connect cloud sql from private GKE cluster?
By documentation :通过文档:
The Cloud SQL Proxy is the recommended way to connect to Cloud SQL, even when using private IP.
Even you want to create a sloud sql proxy, it is the recomentation from documentation.即使您想创建一个 sloud sql 代理,它也是文档中的建议。 Here you can find more details about CloudSQL connections.您可以在此处找到有关 CloudSQL 连接的更多详细信息。
As mentioned in this documentation, you need to have your GKE cluster and CLoudSQL in the same network.如本文档中所述,您需要将 GKE 集群和 CLoudSQL 置于同一网络中。
For connecting using private IP, the GKE cluster must be VPC-native and in the same VPC network as the Cloud SQL instance.
解决方案2
0 2023-02-03 01:21:09
I went through a similar problem, where GKE was configured to use Native VPC and still couldn't access the private SQL Cloud (with private IP), even with the VPC Peering of the private.network configured in the VPC that Gke uses.我遇到了一个类似的问题,其中 GKE 配置为使用本机 VPC,但仍然无法访问私有 SQL 云(使用私有 IP),即使在 Gke 使用的 VPC 中配置了 private.network 的 VPC 对等。
I managed to solve it just by changing the range of the secondary IPS in my terraform, from:我设法通过更改我的 terraform 中辅助 IPS 的范围来解决它,来自:
ip_allocation_policy {
cluster_ipv4_cidr_block = "192.16.128.0/17"
services_ipv4_cidr_block = "192.168.1.0/24"
}
To:到:
ip_allocation_policy {
cluster_ipv4_cidr_block = "10.248.0.0/14"
services_ipv4_cidr_block = "10.246.240.0/20"
}
I don't know how to explain why it didn't work, but it solved the problem.我不知道如何解释为什么它不起作用,但它解决了问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.