stackoom
  简体   繁体   中英

GKE load-balanced service without public IP

 原文  2017-04-23 00:23:20       kubernetes/ google-kubernetes-engine

Question

I have a GKE service with load balancer, but I want to use it internally by my other services, eg I want public IP not to be assigned to it

Is is it possible without private VPN and juggling over firewall settings?

All other load-balancing (like kube-dns ) features work great and for services within my Container Engine do not need public IP

All nodes live in same region and zone so I do not need and do not care about multi-regional features

2 answers

solution1
 5  2017-11-08 17:07:53

GKE supports Internal Load Balancing now: 

apiVersion: v1
kind: Service
metadata:
  name: [SERVICE-NAME]
  annotations:
    cloud.google.com/load-balancer-type: "Internal"
  labels:
    app: echo
spec:
  type: LoadBalancer
  loadBalancerIP: [IP-ADDRESS]
  ports:
  - port: 9000
    protocol: TCP
  selector:
    [KEY]: [VALUE]

Notice the annotation: cloud.google.com/load-balancer-type: "Internal" . This will create a LoadBalancer Service with a private IP-Address routable from within your VPC.

Bitnami also has a great blog post on this: creating-private-kubernetes-clusters-on-gke .

solution2
 3 ACCPTED  2017-04-26 13:35:29

It isn't clear in the context of your question whether "internally by my other services" means "Kubernetes Services running in the same cluster" or "other applications running in GCE but outside the Kubernetes cluster".

Kubernetes "Service" resources do load balancing even when they aren't set to LoadBalancer . So if you only need to expose this Service to other applications running in Kubernetes, you can set the spec.type of the Service to ClusterIP . From the docs:

ClusterIP: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster.

If you need to expose this Service to applications outside of Kubernetes, you will need to set spec.type to LoadBalancer which will assign it a public IP. Firewall configuration is made relatively easy for simple firewall rules using spec.loadBalancerSourceRanges . You can read more about that here: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is there any way to know which pod the service is load-balanced in Kubernetes? Setting up internal service on GKE without external IP If I have a public load balancer, how does direct service-to-service communication get load balanced? Kubernetes Service cluster IP, how is this internally load balanced across different nodes do not get public ip while creating service load balancer How to expose kubernetes service to public without hardcoding to minion IP? GKE single ip load balancers overlap ports Exposing service in (GKE) Kubernetes only with internal ip Azure: How to create Standard Load Balancer without public IP address? Kubernetes on GKE: bind load balancer to specific ip
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM