K
Q

Kubernetes: Allow pod egress network traffic

2/6/2019

Background

Just deployed my new Kubernetes cluster to Google Cloud. It's a private cluster - available only from the internal network. I connecting this cluster from bastion machine. With my bastion host, I can manage my cluster.

My cluster configuration:

enter image description here

The Problem

It's seems like my pods doent have network to go out of the pod. for example:

$ curl google.com

Return error - unable to connect. So I logged the pod with SSH and tried to figure out what is the problem.

Two options that I can think of:

  1. Firewall blocks all the egress traffic by default? I tried to allow it with new firewall rule that allow egress. enter image description here It's didn't solved the problem. (where 10.56.0.0/14 is my pods range)

  2. My network dont have "default gateway" that allow internet access. I checked in "routers" area and it seems like it there: enter image description here

Question

How to solved the issue and let my pods access to the internet freely?

-- No1Lives4Ever
google-cloud-networking
google-cloud-platform
google-kubernetes-engine
kubernetes

Similar Questions

Openshift Route is not load balancing from Service pods
Kubernetes backup and restore
kubernetes pods is forbidden: User "user1" cannot list pods in the namespace "stage"
Kubernetes - Shared environment variables for all Pods
Spring Cloud Data Flow: Docker URI error when running the sample app 'partitioned-batch-job' in Kubernetes cluster

1 Answer

2/6/2019

Found the missing part.

In the Kubernetes Engine Private Cluster model, your nodes have access to the rest of your VPC private deployments, including private access to Google managed services such as gcr.io, Google Cloud Storage and Google BigQuery. Access to the internet isn’t possible unless you set up additional mechanisms such as a NAT gateway.

source.

Adding NAT solved the issue!

-- No1Lives4Ever
Source: StackOverflow