Connection error beetwen shared vpc and vpc peering
I have this architecture in GCP.
Network project: 2 VPC, dev and pro, with two subnets each one. Subnet A is in europe-west1 and subnet B is in us-central1. The same in pro VPC. Both VPC are shared to other projects and I have a GKE cluster on each other project; so I have one GKE cluster in subnet A in VPC dev, one GKE cluster in subnet B in VPC dev and the same in pro VPC.
I have other project(project B) with some tools like Grafana, vault etc with other vpc and a subnet in europe-west1 which I have connected to dev VPC by VPC peering. In this project, I have GKE clusters too. My issue is, if I want to connect from project B to any GKE cluster in dev VPC, if I try to connect with subnet A works fine but with subnet B it doesn't and I don't know why. I have tried creating firewall rules but it doesn't work, even with firewall rules that allow all the traffic and all the ports.
Edit:
Now I can ping from GKE cluster in project B to a pod or node in subnet B but I can't access an Internal IP load balancer in subnet B (I have the same service in subnet A and it works fine). I'm trying with firewall rules that allows all the in/out traffic and all the ports but still not working
My architecture are this one:
My issue now is I can curl (for example) from GKE cluster 5 to an internal Load Balancer service in GKE cluster 1 and 3 but I can't to GKE cluster 2 and 4.
This is my service, it works because from another pod inside the cluster, curl works
apiVersion: v1
kind: Service
metadata:
annotations:
networking.gke.io/load-balancer-type: Internal
name: prometheus
namespace: monitoring
spec:
ports:
- name: http
port: 9090
protocol: TCP
targetPort: 9090
selector:
app: prometheus
prometheus: prometheus-kube-prometheus-prometheus
sessionAffinity: None
type: LoadBalancer
Edit: I uploaded the image from network tests:
Thanks
Finally I found the solution. The Load Balancer needs this annotation:
networking.gke.io/internal-load-balancer-allow-global-access: "true"
I tried it and it works
Thanks to all
- Is the kubernetes kubelet a DaemonSet?
- Can you have multiple ingresses that use the same LoadBalancer?
- K3s kubeconfig authenticate with token instead of client cert
- K8S: How do I delete deployments with 0 replicas
- Kubernetes resource versioning
- How do I ssh into the VM for Minikube?
- Seed MongoDB in local minikube cluster using skaffold
- Why data is not persisting in my local directory? Kubernetes-Hadoop-Cluster
- how to extract specific value from a configmap using oc client
- Kubectl error: memcache.go:265] couldn’t get current server API group list: Get
- Kustomize patching multiple path with same value
- Pass environment variable into a Vue App at runtime
- Unable to connect to service in same namespace in kubernetes
- Django on Kubernetes Deployment: Best practices for DB Migrations
- Helm convert data for nginx template
- kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster
- is it possible to remote debugging java program in kubernetes using service name
- Configure Microk8s
- How to perform read queries on read replica in postgres?
- Does NodePort route traffic only to pods that are hosted under node to which we send request? How to achieve that if it's not the case?
- How do I uninstall minikube on a Mac?
- At least one invalid signature was encountered
- How to handle CPU contention for burstable k8s pods?
- Istio TLS termination and mTLS
- Helm does not upgrade rolebindings
- Rabbit mq - Error while waiting for Mnesia tables
- Struggling to get good performance for FastAPI on Kubernetes
- How to create kubernetes secret with multiple values for one key?
- Why do i need keepalived in kubernetes?
- Unable to access my minikube cluster from the browser (❗ Because you are using a Docker driver on windows, the terminal needs to be open to run it.)