Communication between subnetwork and another subnetwork secondary IPv4
Here is my network problem on GCP :
- VPC : "main"
- Subnetwork : "VPN" 10.0.2.0/24
- Subnetwork : "kube" 10.52.0.0/16
- Secondary IPv4 ranges for "kube" : "gke-services-range" 10.152.0.0/16
Could I communicate from my VM (10.0.2.3) in Subnetwork VPN to the secondary IPv4 of subnetwork kube : gke-services-range (10.152.0.4) ?
I tried but unfortunately (allow all ingress/egress in firewall) it doesn't seem to work natively... Even though it's part of the same VPC.
- VM --> GKE node : connection is OK, ping/ssh works
- GKE Node --> SVC : connection to SVC ok, curl is working
- VM --> SVC : not working, timeout with curl
The ClusterIP (default) exposes the Service on a cluster-internal IP. This spec type makes the Service only reachable from within the cluster. That is why you cannot access your service via ClusterIP from outside the cluster (i.e. your VM 10.0.2.3). Additionally, it is a virtual IP and not routed. This is discussed in a similar post.
NodePort exposes the service on the same port of each selected node in the cluster using NAT. It makes a Service accessible outside of the cluster by using <NodeIP>:<NodePort>. But again, it uses the node ip and port and not the ClusterIP
- Cloud Run: mounting volume timed out: The NFS server may not be reachable or may not exist
- Migration from Container Registry to Artifact Registry for App Engine Standard Deployments
- Google Cloud: Access to image has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
- Im creating a VM using terraform code in GCP. I would like to inject a script that runs when the vm is created upon startup
- QUOTA_EXCEEDED : Exceeded daily quota for email sign-in in spite of using my SMTP settings
- How do I add share drive access to a google service account
- google.cloud namespace import error in __init__.py
- difference between docker BRIDGE and HOST driver?
- How can I connect an externally hosted MySQL database to BigQuery?
- Issue when trying to register an app for consent screen in google oauth
- Google Cloud Platform Trace from Cloud Function Invocation to Cloud Run HttpRequest
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Firebase Firestore timestamp not allowed inside array
- Why am I not able to get the env var values from google secret manager?
- changing image repository from Container Registry to Artifact Registry
- ALS (Alternating Least Square) algorithm in multiple rankings for a user
- Unable to connect to Gemini / Vertex AI
- How can I get Firebase Authentication ID tokens to work with Google Cloud Identity Platform so they get validated?
- How to identify the storage space left in a persistent volume claim?
- Cloud Run container stops processing when running parallel FastAPI background tasks
- GCP Cloud Storage - Golang aws sdk2 - Upload file with s3 INTEROPERABILITY Creds
- Creating folders using GCP PHP Client Libraries
- GKE Fluent bit partial logs
- Data loading and transformation from gcs to bigquery
- How to forcefully stop an operation on GKE cluster and thereby delete GKE cluster?
- Apache Beam with Dataflow: flag 'ignore_unknown_columns' for WriteToBigQuery not working
- Google Speech to Text - Not Getting the transcription | SOLVED
- Deploying firebase cloud fails because of some build errors
- Why does Cloud Deploy not support multiple target types in one pipeline?
- CloudBuild pull status from latest run, from a specific build trigger using via CloudBuild API?