以下链接https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters讨论了在单独的自定义VPC中设置私有GKE群集的问题。 https://github.com/rajtmana/gcp-terraform/blob/master/k8s-cluster/main.tf集群创建完成后,即可创建用于创建集群和VPC的Terraform代码,我想使用Google Cloud Shell中的一些kubectl命令。我使用了以下命令
$ gcloud container clusters get-credentials mservice-dev-cluster --region europe-west2
$ gcloud container clusters update mservice-dev-cluster \
> --region europe-west2 \
> --enable-master-authorized-networks \
> --master-authorized-networks "35.241.216.229/32"
Updating mservice-dev-cluster...done.
ERROR: (gcloud.container.clusters.update) Operation [<Operation
clusterConditions: []
detail: u'Patch failed'
$ gcloud container clusters update mservice-dev-cluster \
> --region europe-west2 \
> --enable-master-authorized-networks \
> --master-authorized-networks "172.17.0.2/32"
Updating mservice-dev-cluster...done.
Updated [https://container.googleapis.com/v1/projects/protean-
XXXX/zones/europe-west2/clusters/mservice-dev-cluster].
To inspect the contents of your cluster, go to:
https://console.cloud.google.com/kubernetes/workload_/gcloud/europe-
west2/mservice-dev-cluster?project=protean-XXXX
$ kubectl config current-context
gke_protean-XXXX_europe-west2_mservice-dev-cluster
$ kubectl get services
Unable to connect to the server: dial tcp 172.16.0.2:443: i/o timeout
当我提供Cloud Shell的公共IP时,它说不允许公共IP并带有上面给出的错误消息。如果我提供以172开头的Cloud Shell的内部IP,则连接也将超时。有什么想法吗?感谢帮助。
答案 0 :(得分:0)
Google建议在与群集相同的网络中创建一个VM,然后在云外壳中通过SSH访问该VM,然后从那里运行kubectl命令: https://cloud.google.com/solutions/creating-kubernetes-engine-private-clusters-with-net-proxies
答案 1 :(得分:-1)
尝试执行以下操作
gcloud container clusters get-credentials [CLUSTER_NAME]
并确认kubectl使用了正确的凭据:
gcloud auth application-default login