Access to Kubernetes Pods from instance on GCP
Given:
- VPN instance. This instance runs on internal IP 10.6.240.3
- Kubernetes POD running on internal IP 10.6.240.4
Question: Why is it not possible to ping / curl / access the POD ip from the VPN instance?
What I need to archieve is to connect to the POD ip from inside my local network through the VPN tunnel.
What am I doing wrong?
EDIT: Same applies to NodePorts: 
@vpn-gateway:~$ curl -vvv 10.7.244.149:666
* Rebuilt URL to: 10.7.244.149:666/
* Trying 10.7.244.149...
* TCP_NODELAY set
The VPN gateway cannot access the NodePort
EDIT2: Service configuration:
apiVersion: v1
kind: Service
metadata:
labels:
app: scs-ui
name: scs-ui
spec:
clusterIP: None
ports:
- name: application
port: 666
selector:
app: scs-uiSimilar Questions
2 Answers
if you have not exposed your pod to the internet using any one of service like Nodeport, Load balancer and clusterIp they your pod cannot be accessible outside the kubernetes cluster any how.
Question: Why is it not possible to ping / curl / access the POD ip from the VPN instance?
Answer : without exposing pod outside the world you can not ping pod you can do it in kubernetes cluster network or inside cluster only your pod can be resolved, ping possibleTo acces your pod from local network simply expose port of pod on expose it using load balancer. Nodeport and loadbalancer work with k8s service.
using service expose pod and you can ping and do everything.
Just found an solution:
Create a LB in the address range of the VPN / Kubernetes. This way the request is routed through the VPN into the service from my local mashine.
apiVersion: v1
kind: Service
metadata:
name: elassandra-ingress
annotations:
cloud.google.com/load-balancer-type: "Internal"
labels:
app: elassandra-ingress
spec:
type: LoadBalancer
loadBalancerIP: 10.164.0.100
ports:
- port: 9042
protocol: TCP
selector:
app: elassandra