Connection error beetwen shared vpc and vpc peering
I have this architecture in GCP.
Network project: 2 VPC, dev and pro, with two subnets each one. Subnet A is in europe-west1 and subnet B is in us-central1. The same in pro VPC. Both VPC are shared to other projects and I have a GKE cluster on each other project; so I have one GKE cluster in subnet A in VPC dev, one GKE cluster in subnet B in VPC dev and the same in pro VPC.
I have other project(project B) with some tools like Grafana, vault etc with other vpc and a subnet in europe-west1 which I have connected to dev VPC by VPC peering. In this project, I have GKE clusters too. My issue is, if I want to connect from project B to any GKE cluster in dev VPC, if I try to connect with subnet A works fine but with subnet B it doesn't and I don't know why. I have tried creating firewall rules but it doesn't work, even with firewall rules that allow all the traffic and all the ports.
Edit:
Now I can ping from GKE cluster in project B to a pod or node in subnet B but I can't access an Internal IP load balancer in subnet B (I have the same service in subnet A and it works fine). I'm trying with firewall rules that allows all the in/out traffic and all the ports but still not working
My architecture are this one:
My issue now is I can curl (for example) from GKE cluster 5 to an internal Load Balancer service in GKE cluster 1 and 3 but I can't to GKE cluster 2 and 4.
This is my service, it works because from another pod inside the cluster, curl works
apiVersion: v1
kind: Service
metadata:
annotations:
networking.gke.io/load-balancer-type: Internal
name: prometheus
namespace: monitoring
spec:
ports:
- name: http
port: 9090
protocol: TCP
targetPort: 9090
selector:
app: prometheus
prometheus: prometheus-kube-prometheus-prometheus
sessionAffinity: None
type: LoadBalancer
Edit: I uploaded the image from network tests:
Thanks
Finally I found the solution. The Load Balancer needs this annotation:
networking.gke.io/internal-load-balancer-allow-global-access: "true"
I tried it and it works
Thanks to all
- The connection to the server localhost:8080 was refused
- How to use Kubernetes secret object stringData to store base64 encoded privateKey
- K8s cluster deployment error: nc: bad address 'xx'
- Ingress path redirection, helm chart
- fluentd with OpenSearch - where does the @timestamp field come from?
- How can I keep a container running on Kubernetes?
- kubectl logs displays only 'API server listening at: [::]:40000' when remote debugging with dlv is enabled - How do I get my logs back?
- failed calling webhook "vingress.elbv2.k8s.aws"
- Kubernetes - Frontend pod can't reach backend pod
- How to access Kubernetes API when using minkube?
- What is Difference between KubernetesManifest@0 and KubernetesManifest@1 in Yaml pipeline?
- kube-prometheus-stack issue scraping metrics
- No stdout/stderror output or delayed when running Haskell application in Kubernetes
- Is there an imperative command to create daemonsets in kubernetes?
- Mongo DB deployment not working in kubernetes because processor doesn't have AVX support
- Nginx Ingress Controller - Failed Calling Webhook
- Easily detect deprecated resources on Kubernetes
- How to configure a Kubernetes Multi-Pod Deployment
- Difference between targetPort and port in Kubernetes Service definition
- EKS Fargate workloads unable to resolve DNS names
- Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html"
- Can't install Kubernetes on Vagrant
- How do I force Kubernetes to re-pull an image?
- no endpoints available for service \"kubernetes-dashboard\"
- Cannot install kubernetes helm chart Error: cannot re-use a name that is still in use
- helm error "Error: This command needs 2 arguments: release name, chart path"
- Helm --set with > as special Charcater at the end
- How can I deploy a helm packaged app to ArgoCD?
- k8s CRD definition: 4 mutually exclusive optional fields
- Minikube with ingress example not working