Google Container Engine Private Kubernetes LoadBalancer
Question
I've just started working with Kubernetes at work and was wondering if there is an easy way to expose a service to a private, within google cloud, network. Everything works fine when exposed using the standard service type of LoadBalancer . It just seems strange to expose everything over a publicly addressable network.
1 answers
solution1
0 ACCPTED 2016-01-25 16:31:57
The services can be exposed to any other pod in your cluster by simply using no type at all , or setting ClusterIP to 'None' for a Headless Service which gives you access to the IPs of all the selected Pods.
To expose to the outside world securely, there are a couple options, but nothing super easy:
setup TLS authentication for your services, so they are exposed to the outside but require authentication.
use VPN into your cluster: this is the solution i adopted, using this project: https://github.com/kylemanna/docker-openvpn I have a pending PR that produces the Kubernetes Secrets file, so as to not have to keep credentials inside the image.
EDIT (2017-08):
There is also now 2 kube-openvpn projects based on the above:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.