K
Q

Terraform GCP: Unable to reach Private Kubernetes Master to create kubernetes_secret

12/5/2018

When I try to reach a private Kubernetes master using a Master Authorized VM from a different VPC, where Terraform configs are executed, I am unable to reach it and Terraform errors out to create a Kubernetes secrets.

Error: dial tcp (master-public-or-private-endpoint):443: i/o timeout
-- prabhu34
google-cloud-platform
google-kubernetes-engine
kubernetes
kubernetes-secrets
terraform

Similar Questions

kubernetes dashboard graphs not shown for some nodes
Scheduling pods onto nodes only af kube2iam is up and running
dgraph helm deployment on gcloud / kubernetes no longer works: While applying proposal: Invalid address
Django, nginx and gunicorn in kubernetes

1 Answer

12/5/2018

Google Cloud VPCs are configured with private IP addresses (RFC 1918). This means that VPCs cannot talk to each other using private IP addresses. RFC 1918 addresses are not routable outside the VPC.

You have a few solutions:

  • Using a public IP addresses for Kubernetes. However, that defeats the purpose of setting your cluster private.
  • Setup VPC Network Peering. This will connect the two VPCs together. The two VPCs cannot use overlapping CIDR ranges.
  • Setup a VPN server on GCE in one VPC and connect to the VPN server from the GCE instance in the other VPC.
  • Setup Google Cloud VPN.
-- John Hanley
Source: StackOverflow