Communicating the GKE cluster IP within the VPC network

pOdom · April 9, 2024, 8:38am

In GKE after I deployed with autopilot with in the VPC I could able to ping the POD IP
But the default cluster IP that allocate by GKE 34.118.224.0/20
How do I communicate the cluster IP within the VPC

timothyT · April 9, 2024, 9:07am

https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks

timothyT · April 9, 2024, 9:14am

Added your VPC IP range as a CIDR block to master authorized network option while creating / modifying cluster

pOdom · April 9, 2024, 9:48am

now when I create a service
I get ip from the range that I created but
from my VM within
VPC I could able to ping which that allocated pod range 192.168.80.0/20

But when I create a service that allocate the IP from the range of 192.168.96.0/20
But I could not able to ping the service ip from the instances withing the VPC

timothyT · April 9, 2024, 10:12am

What kind of service clusterIP, load balancer etc?

timothyT · April 9, 2024, 10:40am

If the GCE VM and GKE cluster are in the same VPC they should be able to communicate using internal IPs. Make sure you add any additional firewall rules needed for the app deployed on your GCE VM to access the service. FYI that cluster IP assigns an internal IP / private IP. By default resources in the same VPC can communicate using internal IPs provided firewall rules are in place

pOdom · April 9, 2024, 11:31am

What kindly of firewall should I need to place because when I setup GKE AutoPliot it means native vpc is by default
in that case the firewall are all set by default
how the pod ip able to ping but not the service ip

pOdom · April 9, 2024, 11:56am

that is what my question is

pOdom · April 9, 2024, 12:08pm

VM and GKE are all in the same vpc

pOdom · April 9, 2024, 12:47pm

192.168.80.0/20 this range are assign to pod which I could able to ping from the instance on the same vpc

But 192.168.96.0/20 the range that I allocated to the service is not able to access from the instance withing the same vpc

pOdom · April 9, 2024, 1:07pm

I been stuck really for past three with this really no clue even went through
doc really need some help might much appreciated here

timothyT · April 9, 2024, 1:35pm

firewall for the egress traffic that allows the protocol and port used by your service deployed inside your GCE VM IP

pOdom · April 9, 2024, 1:42pm

What firewall I need to setup I didn’t get you when I provision the GKE autopilot under the project I could see it created some vpc preering and some default firewall policy

pOdom · April 9, 2024, 2:00pm

even I tried allowed by setting firewall
Like allow I tag kube-node and same tag in the instances

pOdom · April 9, 2024, 2:20pm

and set the firewalld

pOdom · April 9, 2024, 3:13pm

source as kube-node and allow all

pOdom · April 9, 2024, 4:12pm

but still I could not able to ping

timothyT · April 9, 2024, 4:46pm

firewall rule that allows egress traffic for your service deployed on GCE VM whatever port and protocol your application is using

pOdom · April 9, 2024, 4:59pm

this rule been there already by GKE

pOdom · April 9, 2024, 5:23pm

I disabled all the firewall rule that GKE created by automatically