I am struggling to make Services become visible though peered VPC.
I have two GKE clusters (cluster-A
and cluster-B
) each of then in a different VPC.
I've created a VPC network peering connecting both VPC's.
I followed the instructions to enable ip-masquerade-agent
and allow clusters to be able to reach each others Pod's (https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent)
The thing is, when I try from cluster-A
to curl a Pod in cluster-B
it works, but when I do curl
a Service it doesn't work.
From a Pod running in cluster-A
:
$ curl http://10.132.0.13:8080 # cluster-B Pod
Hello World
$ curl http://10.134.145.111:8080 # cluster-B Service
curl: Connection timed out
How do I make Services visible on both clusters?
Some important information that might help:
cluster-A
servicesIpv4Cidr: 10.30.0.0/18
clusterIpv4Cidr: 10.32.0.0/11
ip-masq-agent
configmap:
apiVersion: v1
kind: ConfigMap
data:
config: |
nonMasqueradeCIDRs:
- 10.32.0.0/11
- 10.30.0.0/18
resyncInterval: 60s
masqLinkLocal: true
metadata:
name: ip-masq-agent
namespace: kube-system
cluster-B
servicesIpv4Cidr: 10.134.0.0/16
clusterIpv4Cidr: 10.132.0.0/16
ip-masq-agent
configmap:
apiVersion: v1
kind: ConfigMap
data:
config: |
nonMasqueradeCIDRs:
- 10.132.0.0/16
- 10.134.0.0/16
resyncInterval: 60s
masqLinkLocal: false
metadata:
name: ip-masq-agent
namespace: kube-system