I've just started working with Kubernetes at work and was wondering if there is an easy way to expose a service to a private, within google cloud, network. Everything works fine when exposed using the standard service type of LoadBalancer. It just seems strange to expose everything over a publicly addressable network.
The services can be exposed to any other pod in your cluster by simply using no type at all, or setting ClusterIP to 'None' for a Headless Service which gives you access to the IPs of all the selected Pods.
To expose to the outside world securely, there are a couple options, but nothing super easy:
setup TLS authentication for your services, so they are exposed to the outside but require authentication.
use VPN into your cluster: this is the solution i adopted, using this project: https://github.com/kylemanna/docker-openvpn I have a pending PR that produces the Kubernetes Secrets file, so as to not have to keep credentials inside the image.
EDIT (2017-08):
There is also now 2 kube-openvpn projects based on the above: