proxy-only-subnet for GKE Ingress #188
Comments
|
Hello, Which recipe is this referring to ? |
|
I think it is missing in the ingress ILB recipe. We can include https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal#configure-a-network in the prerequisite for this recipe. |
|
Also, after create the proxy-only subnet, we also need to create a firewall rule to allow connections from proxy-only subnet. This refers to step3 in https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal#configure_firewall_rules |
|
That is my guess. @dbaid can you confirm? |
Yes. This recipe https://github.com/GoogleCloudPlatform/gke-networking-recipes/tree/main/ingress/single-cluster/ingress-internal-basic. The topic of GKE Ingress internal loadbalance gets a lot of reference documents. I tested a private cluster through my major reference document -- https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balance-ingress . I always feel confused when studying gcp techniques. Too many things need to be studied. Step by step tests. 1. auto pilot cluster according the doc (in VPC custom subnet) 2. private cluster + cloud nat 3. cluster with least privilege service account 4. internal lb with static ip 5. My final goal, GKE with Internal ingress in a shared VPC (still under test because no testing environment). Regards, |
I think you lack the creation of proxy-only-subnet for your case of GKE Ingress
The text was updated successfully, but these errors were encountered: