How to establish communication between two private GCP clusters which are located in different regions?

11/26/2018

I'm fairly novice in GCP and would like to ask a question:

I have two private clusters in the same region with internal LB (all in one VPC), currently pods from both clusters are able to communicate with each other over HTTP.

As far as I understand from the documentation - internal LB is a regional product, therefore if the private clusters were located in different regions the above scenario wouldn't be possible.

What do I need to do in order to make pods of two private clusters which are located on different regions to be able to communicate with each other?

My guess is that I have to define external LB for both of those clusters and using firewall rules allow communication only cluster to cluster via external IP and block all communication from the outside world.

-- Medvednic
google-cloud-platform
google-compute-engine
google-kubernetes-engine
kubernetes

2 Answers

11/26/2018

Google's VPC is global. This means that all of your regions are part of the same network. Everything in your VPC that uses IP addresses in the VPC can talk to each other with appropriate rules in the VPC Firewall.

-- John Hanley
Source: StackOverflow

11/28/2018

since these are different IP ranges (at least in auto mode), it may not help that it is global VPC - when this should be the case, you'd have to add a VPN tunnel, in order to route these network segments. also consider the possibility to add two tunnels; one for ingress and one for egress traffic.

an alternative to VPN tunnels might be VPC Network Peering, were the main difference is:

Peered VPC networks remain administratively separate. Routes, firewalls, VPNs, and other traffic management tools are administered and applied separately in each of the VPC networks.

-- Martin Zeitler
Source: StackOverflow