1

I have 2 VPCs in GPC, the first one (VPC-1) running k8s cluster and the second running some VMs (VPC-2).

I created a VPC peering between these 2 VPCs and I am able to connect from VM on VPC-2 to pod IP on VPC-1.

But I would like to connect to the service CIDR not the POD CIDR. I checked all the configurations and all configurations used to POD CIDR is also configured to service and master CIDR.

The k8s cluster on VPC-1 has the following networks: Pod CIDR => 10.0.0.0/14 Master CIDR => 10.125.1.0/24 Service CIDR => 10.4.0.0/20

And the VPC-2: 10.155.0.0/20

Why am I not able to connect from VPC-2 (vm) to a service in k8s?

DevOpsTech
  • 11
  • 1

1 Answers1

0

This is expected behavior.

While being in the same VPC you are able to reach the pods, you won't be able to reach services.

Containers (and pods) have their virtual interfaces created and from there you can access a service because kube-proxy creates the iptables rules and can route request from the service to backend pod.

To access service from outside the cluster you should create NodePort, LoadBalancer service or Ingress.

kool
  • 190
  • 6
  • Thank you KFC_. I don't want to expose my service to the internet and I am not able to use internal LoadBalancer due VPC -A is in europe-west1 and the VPC-B is in europe-west-4. Do you have another idea how can I reach the service network? – DevOpsTech Dec 03 '19 at 10:23
  • I'm afraid it won't be possible without exposing the service. – kool Dec 04 '19 at 16:24
  • @DevOpsTech does it solve your issue? – kool Nov 13 '20 at 16:28