我当前拥有的设置:
Google Project "Test Project"
VPC "test-vpc01"
Subnet "test-vpc01-sub01"
Subnet Range "10.3.1.0/24"
Private Cluster "test-cluster"
Master address range "10.4.1.0/28"
Master authorized networks "10.6.1.0/28"
Master zone "europe-west2-b"
Subnet "test-vpc01-sub02"
Subnet Range "10.6.1.0/24"
Compute VM "test-vm"
Zone "europe-west2-b"
Internal IP "10.6.1.2"
当我尝试提交“ kubectl”命令时,我收到以下信息:
user@test-vm:~/.kube$ kubectl get pods -v 10
I0227 15:17:59.446195 1153 loader.go:359] Config loaded from file /home/tristan_clarke/.kube/config
I0227 15:17:59.447194 1153 loader.go:359] Config loaded from file /home/tristan_clarke/.kube/config
I0227 15:17:59.447982 1153 round_trippers.go:419] curl -k -v -XGET -H "Accept: application/json, */*" -H "User-Agent: kubectl/v1.13.3 (linux/amd64) kubernetes/721bfa7" 'https://10.4.1.2/api?timeout=32s'
I0227 15:18:29.450476 1153 round_trippers.go:438] GET https://10.4.1.2/api?timeout=32s in 30002 milliseconds
I0227 15:18:29.450502 1153 round_trippers.go:444] Response Headers:
I0227 15:18:29.450540 1153 cached_discovery.go:113] skipped caching discovery info due to Get https://10.4.1.2/api?timeout=32s: dial tcp 10.4.1.2:443: i/o timeout
Google文档只是通知您确保CIDR地址正确。虽然,我敢肯定这不是问题,不知道这是否可能是防火墙规则/路由等...
答案 0 :(得分:1)
您无法从vpc外部使用私有端点连接到私有集群。
答案 1 :(得分:0)
您应该自动创建防火墙规则以允许流量。 您可以使用以下命令检查防火墙规则:
gcloud compute firewall-rules list
如果没有防火墙规则,则可以使用下一个命令手动创建一个规则:
gcloud compute firewall-rules create <<NAME>> --allow all \
--description "Allow incoming traffic" \
--destination-ranges <<CIDR-RANGE>> \
--destination-ranges <<CIDR-RANGE>> \
--direction INGRESS
我希望这可以为您提供帮助。 :)