Right now, my production is using Google Cloud Network Endpoint Group
I am planning to use Multi-cluster spread into different Cloud Provider.
In Google Cloud, the flow is like visitor -> LB -> NEG -> Pod
I am curious, what is NEG called in Azure Cloud ? After reading azure docs, i don't find the similarity of NEG. Only Static IP Address LB and Standard IP Address LB
In google cloud, the best practice is Network Endpoint Group. What is the best practice in Azure Cloud ?
I recommend to consider this method below to replace Google Cloud Load Balancer NEG, https://azure.github.io/application-gateway-kubernetes-ingress/
or this one for fastest deployment https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-existing
Related
So I've been looking into simplifying some of our project solutions and by the look of it, google cloud functions has the potential to simplify some of our current structure. The main thing I'm curious about is if GCF is able to connect to internal nodes in a Kubernetes cluster hosted in google cloud?
I'm quite the rookie on this so any input is greatly appreciated.
Google Cloud has a beta (as of this writing) feature called Serverless VPC Access that allows you to connect your serverless features (Cloud Functions, App Engine Standard) to the VPC network where your GKE cluster is. This would allow you to access private IPs of your VPC network from Cloud Functions.
You can read the full setup instructions but the basic steps are:
Create a Serverless VPC Access Connector (under the "VPC Network -> Serverless VPC Access" menu in the console)
Grant the cloud function's service account any permissions it will need. Specifically, it will at least need "Project > Viewer" and "Compute Engine > Compute Network User".
Configure the function to use the connector. (In the console, this is done in the advanced settings's "VPC Connector" field).
I have a question around K8S Service Type "LoadBalancer".
I am working on developing a new "Kubernetes As a Service" Platform (like GKE etc.) for multi cloud.
Question is: K8S Service Type "LoadBalancer" works with Cloud Load Balancers (which are external to Kubernetes). GKE & other cloud based solution provides direct integration with them, so If I create a GKE Cluster & implement a Service Type "LoadBalancer", it will transparently create a new GCP Load Balancer & show Load Balancer IP in Kubernetes (as External IP). Same applies to other Cloud Providers also.
I want to allow a similar feature on my new "Kubernetes As a Service" platform, where users can choose a cloud provider, create a Kubernetes Cluster & then apply a K8S Service Type "LoadBalancer" & this will result creating a Load Balancer on the (user selected) cloud platform.
I am able to automate the flow till Kubernetes Cluster Creation, but clueless when it comes to "K8S Service & External Load Balancer" Integration.
Can anyone please help me how can I approach integrating K8S Service Type "LoadBalancer" with Specific Cloud Load Balancers? Do I need to write a new CRD or is there any similar code available in Git (in case anyone know any link for reference) ?
You have to understand how kubernetes is interacting with cloud provider. Like for example previously I deployed the Kubernetes on AWS with kops. I see that kubernetes uses aws access key & access secret to interact with aws. If I remember correctly, I saw some CLI options in kube-proxy or kubelet to support AWS. (I have searched man pages for all kubernetes binaries for aws options, but I couldn't find any to provide to you).
For example look at the kubelet man page, they provided an option called --google-json-key to authenticate GCP. You will get some idea if you deploy kubernetes on AWS with kops or kube-aws and dig through the setup and its configuration/options etc.(Same applies to other cloud providers)
I have a Cloud MySQL instance which allows traffic only from whitelisted IPs. How do I determine which IP I need to add to the ruleset to allow traffic from my Kubernetes service?
The best solution is to use the Cloud SQL Proxy in a sidecar pattern. This adds an additional container into the pod with your application that allows for traffic to be passed to Cloud SQL.
You can find instructions for setting it up here. (It says it's for GKE, but the principles are the same)
If you prefer something a little more hands on, this codelab will walk you through taking an app from local to on a Kubernetes Cluster.
I am using Google Cloud Platform, so my solution was to add the Google Compute Engine VM instance External IP to the whitelist.
I have mongodb hosted in Mongo Atlas. There for security reasons I have whitelisted some IPs, that can access it.
Now that I have set up kubernetes cluster in google cloud, how can I make it able to access this mongodb service since I don't have clear IP for my cluster/swarm instances that get spawned on demand.
There is no way to get static IPs with GKE. You need to use a NAT gateway. You can configure a GCE VM to act as your NAT gateway for all outbound traffic from your cluster.
There have been multiple requests for a GCP native NAT feature and I believe that feature is on the way. In the meantime, a GCE VM acting as a NAT gateway is your best bet
EDIT you can now use Google Cloud NAT to assign a single (or multiple) static IPs to your cluster (or other Google resources)
I'm comparing layer 7 HTTP(S) load balancers to use with Kubernetes on Google Cloud Platform.
GCP has their own managed service called Google Cloud Load Balancer.
Also popular to use with Kubernetes is Envoy, an open-source "cloud native" proxy that has many contributions from Google staff.
Is Google Cloud Load Balancer a managed version of Envoy? Perhaps just with some added integrations with GCP's CDN? If they are not actually the same, what are they key differences between the two options (beyond just that one is managed and the other is self-deployed)?
Right now the new version of Google Load Balancer uses Envoy proxy to handle advance traffic management (here)